Tuesday, June 4, 2013

Build your ownCloud

ownCloud is a way to bring your own cloud storage to the internets.  You may want to use this to control your own data, use open standards provided by ownCloud, or just save yourself the monthly subscription costs of the commercial options. The only limitation on storage size is the size of your connected storage, which can actually include other cloud storage services such as Dropbox and Google Drive, in addition to external storage.

Installation is fairly easy with Ubuntu as a repository with packages is available. The following directories are taken from the installation page on ownCloud. Run the following as root
echo 'deb http://download.opensuse.org/repositories/isv:ownCloud:community/xUbuntu_12.04/ /' >> /etc/apt/sources.list.d/owncloud.list
apt-get update
apt-get install owncloud
If you want to add the key to apt-get to avoid a warning
wget http://download.opensuse.org/repositories/isv:ownCloud:community/xUbuntu_12.04/Release.key
apt-get add - < Release.key
Once installed, you need to add ownCloud to Nginx.  You will presumably already setup php5-fpm during the instructions in my LDAP server post.  With ownCloud 5, some slightly more complicated Nginx rules are needed. Again, we are putting ownCloud in a subdomain on the webserver for clean separation of server services. Note: make sure your fastcgi_pass matches the mechanism you are using for FastCGI, either unix socket or tcp socket.  The following was taken from this post. 

#owncloud settings
#Some rewrite rules, more to come later
rewrite ^/owncloud/caldav((/|$).*)$ /owncloud/remote.php/caldav$1 last;
rewrite ^/owncloud/carddav((/|$).*)$ /owncloud/remote.php/carddav$1 last;
rewrite ^/owncloud/webdav((/|$).*)$ /owncloud/remote.php/webdav$1 last;

 location ~ ^/owncloud/(data|config|\.ht|db_structure.xml|README) {
    deny all;
}
# Configure the root location with proper rewrite rule
location /owncloud/ {
    rewrite ^/owncloud/.well-known/host-meta /public.php?service=host-meta last;
    rewrite ^/owncloud/.well-known/host-meta.json /public.php?service=host-meta-json last;
    rewrite ^/owncloud/.well-known/carddav /remote.php/carddav/ redirect;
    rewrite ^/owncloud/.well-known/caldav /remote.php/caldav/ redirect;
    rewrite ^/owncloud/apps/calendar/caldav.php /remote.php/caldav/ last;
    rewrite ^/owncloud/apps/contacts/carddav.php /remote.php/carddav/ last;
    rewrite ^/owncloud/apps/([^/]*)/(.*\.(css|php))$ /index.php?app=$1&getfile=$2 last;
    rewrite ^(/owncloud/core/doc[^\/]+/)$ $1/index.html;
    try_files $uri $uri/ index.php;
}
# Configure PHP-FPM stuff
location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ {
    try_files $script_name = 404;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_param PATH_INFO $path_info;
    fastcgi_param HTTPS on;
    # This one is a little bit tricky, you need to pass all parameters in a single line, separating them with newline (\n)
    fastcgi_param PHP_VALUE "upload_max_filesize = 1024M \n post_max_size = 1024M"; # This finishes the max upload size settings
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # On some systems OC will work without this setting, but it doesn't hurt to leave it here
    include /etc/nginx/fastcgi_params;
}
Make sure to restart nginx as usual, sudo service nginx restart. You should now be able to create a default admin account at your domain.com/owncloud

 Next step is to link ownCloud to your Ldap server for authentication. Login with the admin account, click the settings button, and go to "Apps".  Enable the app for "Ldap User and Group Backend". 

Click the settings button, and go to "Admin".  Under the LDAP section, set your LDAP host, your domain, and the user and group attributes. Test the configuration and save.


Again, if you are using ownCloud 4.5 everything should work out of the box as is, and users can login and share files with group members.  In my case, all web users are a member of the group 'webuser'.  However, ownCloud 5.0 requires some additional configuration, or the users are not associated with their groups.  The solution is to add the memberUid attribute to the associated group in ldap-account-manager, manually add the users to this group, then tell ownCloud to use this attribute.

Login to ldap-account-manager and click on "Tree View".  From here, select the group, and click "Add New Attribute".  Select "memberUid".  Add the name of at least one user.  The new attribute should be visible in the group in tree view.  From here, you can manually add members by clicking "Modify Group Members" under memberUid.  You can add the users in a batch, instead of manually typing them out.



Log back in to ownCloud as admin.  Click on the settings button, and go back into "Admin".  In the LDAP section, select the "Advanced" tab. Under "Directory Settings" set "Group-member association" to "memberUid".  Save.  You may need to remove the users so that ownCloud can repopulate the list with the new group association.


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)