Prussian a CentOS v6.x & Nginx, OwnCloud Instance
[Note: This was written in Jan 2014. As of Feb 2015 php v5.4 is required for owncloud v8. See remi repo]
Prerequisites
- A CentOS v6.x VM
- with the time synchronised
- a large data volume mounted as /mnt/data
- http reverse proxy with TLS/SSL offload
Note: The VM already has the time synchronised.
Install
Install Nginx from the Nginx repository and OwnCloud from the OwnCloud repository.
# rpm -Uvh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm # yum install nginx
Install the EPEL repository so that OwnCloud dependencies are staisfied:
# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
The CentOS OwnCloud instructions are:
# cd /etc/yum.repos.d/ # wget http://download.opensuse.org/repositories/isv:ownCloud:community/CentOS_CentOS-6/isv:ownCloud:community.repo # yum install owncloud
Install php-fpm:
# yum install php-fpm
The OwnCloud documentation only recommends the default database for single user installations. Migrations look to be non-trivial. Install and use MySQL server from the start:
# yum install mysql-server
Configure php-fpm
Use the default '/etc/php-fpm.d/www.conf':
[www] listen = 127.0.0.1:9000 listen.allowed_clients = 127.0.0.1 user = apache group = apache pm = dynamic pm.max_children = 50 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 35 slowlog = /var/log/php-fpm/www-slow.log php_admin_value[error_log] = /var/log/php-fpm/www-error.log php_admin_flag[log_errors] = on php_value[session.save_handler] = files php_value[session.save_path] = /var/lib/php/session env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp
Start the FPM process:
# chkconfig php-fpm on # service php-fpm start
Configure Nginx
Move the example and deault configurations out of the way (e.g. '/etc/nginx/conf.d/default.conf'). Create a new OwnCloud Nginx configuration file '/etc/nginx/conf.d/owncloud.conf':
#
# OwnCloud (ssl/tls)
#
server {
listen 80;
root /var/www/html/owncloud;
index index.php;
client_max_body_size 1000M; # set maximum upload size
# deny direct access
location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
deny all;
}
# default try order
location / {
try_files $uri $uri/ @webdav;
}
# owncloud WebDAV
location @webdav {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
include fastcgi_params;
}
# enable php
location ~ \.php$ {
try_files $uri = 404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
include fastcgi_params;
}
}
Add the Nginx user to the apache group. The distribution RPM and the php-fpm pache all assume apache (httpd) is used.
# usermod -a -G apache nginx
This configuration assumes:
- that the TLS/SSL offload is performed somewhere else
- that owncloud is the default web site (i.e. no virtual hosting)
Start the Nginx server:
# service nginx start
Configure MySQL
Change the mysql configuration '/etc/my.cnf' to only listen on the loopback interface.
[mysqld] bind-address = localhost
Start mySQL server
# chkconfig mysqld on # service mysqld start
Lock down the MySQL installation and set the root password:
# mysql_secure_installation
Create the owncloud database
# mysql -u root mysql> CREATE USER 'owncloud'@'localhost' IDENTIFIED BY 'password'; mysql> CREATE DATABASE IF NOT EXISTS owncloud; mysql> GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost' IDENTIFIED BY 'password'; mysql> FLUSH PRIVILEGES; mysql> ^D
Configure OwnCloud
Change the ownership of '/mnt/data' to apache so that the php process can access the data. Having a data volume out of the web hierarchy reduces the chance of data loss and allows an arbitrarly sized volume to be put into the VM.
# chown apache.apache /mnt/data
Use a web browser to view the owncloud instance, and fill in the setup information:
Links
- http://owncloud.org/
- Administration Manual
- http://doc.owncloud.org/server/6.0/admin_manual/configuration/configuring_big_file_upload.html
- http://en.wikipedia.org/wiki/OwnCloud
- http://en.wikipedia.org/wiki/Prussian_blue
Appendices
Nginx install
# yum install nginx Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.xnet.co.nz * extras: mirror.xnet.co.nz * updates: mirror.xnet.co.nz nginx | 2.9 kB 00:00 nginx/primary_db | 25 kB 00:00 Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package nginx.x86_64 0:1.4.4-1.el6.ngx will be installed --> Finished Dependency Resolution Dependencies Resolved ====================================================================================== Package Arch Version Repository Size ====================================================================================== Installing: nginx x86_64 1.4.4-1.el6.ngx nginx 311 k Transaction Summary ====================================================================================== Install 1 Package(s) Total download size: 311 k Installed size: 770 k Is this ok [y/N]: y Downloading Packages: nginx-1.4.4-1.el6.ngx.x86_64.rpm | 311 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : nginx-1.4.4-1.el6.ngx.x86_64 1/1 ---------------------------------------------------------------------- Thanks for using nginx! Please find the official documentation for nginx here: * http://nginx.org/en/docs/ Commercial subscriptions for nginx are available on: * http://nginx.com/products/ ---------------------------------------------------------------------- Verifying : nginx-1.4.4-1.el6.ngx.x86_64 1/1
OwnCloud Install
# yum install owncloud Dependencies Resolved ====================================================================================== Package Arch Version Repository Size ====================================================================================== Installing: owncloud noarch 6.0.0a-4.1 isv_ownCloud_community 43 M Installing for dependencies: apr x86_64 1.3.9-5.el6_2 base 123 k apr-util x86_64 1.3.9-3.el6_0.1 base 87 k apr-util-ldap x86_64 1.3.9-3.el6_0.1 base 15 k freetype x86_64 2.3.11-14.el6_3.1 base 359 k httpd x86_64 2.2.15-29.el6.centos base 821 k httpd-tools x86_64 2.2.15-29.el6.centos base 73 k libX11 x86_64 1.5.0-4.el6 base 584 k libX11-common noarch 1.5.0-4.el6 base 192 k libXau x86_64 1.0.6-4.el6 base 24 k libXpm x86_64 3.5.10-2.el6 base 51 k libjpeg-turbo x86_64 1.2.1-3.el6_5 updates 174 k libpng x86_64 2:1.2.49-1.el6_2 base 182 k libxcb x86_64 1.8.1-1.el6 base 110 k libxslt x86_64 1.1.26-2.el6_3.1 base 452 k mailcap noarch 2.1.31-2.el6 base 27 k mysql x86_64 5.1.71-1.el6 base 893 k ntp x86_64 4.2.6p5-1.el6.centos base 592 k ntpdate x86_64 4.2.6p5-1.el6.centos base 75 k owncloud-3rdparty noarch 6.0.0a-4.1 isv_ownCloud_community 281 k php x86_64 5.3.3-27.el6_5 updates 1.1 M php-cli x86_64 5.3.3-27.el6_5 updates 2.2 M php-common x86_64 5.3.3-27.el6_5 updates 525 k php-gd x86_64 5.3.3-27.el6_5 updates 107 k php-mbstring x86_64 5.3.3-27.el6_5 updates 455 k php-mysql x86_64 5.3.3-27.el6_5 updates 81 k php-pdo x86_64 5.3.3-27.el6_5 updates 75 k php-pear noarch 1:1.9.4-4.el6 base 393 k php-pear-MDB2 noarch 2.5.0-0.9.b5.el6 epel 127 k php-pear-MDB2-Driver-mysqli noarch 1.5.0-0.8.b4.el6 epel 43 k php-pear-Net-Curl noarch 1.2.5-4.el6 epel 13 k php-process x86_64 5.3.3-27.el6_5 updates 39 k php-xml x86_64 5.3.3-27.el6_5 updates 103 k Transaction Summary ====================================================================================== Install 33 Package(s) Total download size: 53 M Installed size: 157 M
MySQL config
# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n]
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n]
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]
... Success!
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
Owncloud Console
$ sudo -u apache php /var/www/html/owncloud/occ status
