From Mageia wiki
Jump to: navigation, search
m (Internet security: Allowing access from Internet)
m (Benefits)
Line 7: Line 7:
 
''Compared to common external cloud solutions:''
 
''Compared to common external cloud solutions:''
 
=== Benefits ===
 
=== Benefits ===
* Not uploading your secrets to third parties, such as foreign governments, cyber criminals, etc.
+
* Your data remains in-house, i.e not placed on the servers of third parties where you have no control of who sees it: foreign governments, cyber criminals, your business rivals, etc.
 
* No external dependencies (internet connection, health of internet provider and cloud provider)
 
* No external dependencies (internet connection, health of internet provider and cloud provider)
 
* No external costs
 
* No external costs

Revision as of 21:22, 22 April 2015

Introduction

OwnCloud server is a cloud server you can have at home, your company or organisation. Use it to automatically sync and share files including some revisioning, and it can run some apps too. Clients exist for Common desktop and mobile operating systems. There is both an open source and a commercial branch. https://owncloud.com/community-enterprise/ The community site: https://owncloud.org/ In Mageia cauldron we currently have latest version of client and the previous server 7.x. (Feb 2015 mga5) Lets use them!

Note: we hope to have 8.x in Mageia 5 to avoid problems updating from 7.x https://bugs.mageia.org/show_bug.cgi?id=15267

Compared to common external cloud solutions:

Benefits

  • Your data remains in-house, i.e not placed on the servers of third parties where you have no control of who sees it: foreign governments, cyber criminals, your business rivals, etc.
  • No external dependencies (internet connection, health of internet provider and cloud provider)
  • No external costs
  • High speed on large files, large data, quick (server side) snapshots / backups
  • Fine control of shares https://owncloud.com/how-to-avoid-oversharing-with-owncloud/ and can connect to other servers

Drawbacks

  • The server consumes a lot of CPU cycles per file (so only a few files per second) see heading #Throughput below.
  • Clients do not follow symlinks yet. (https://github.com/owncloud/core/issues/6771) - i.e Dropbox does. (But selective sync is almost as useful)
  • Need to arrange off site backups in another way (or let it share to a computer off-site)
  • Takes some administration, and reading instructions, like this page...

This wiki page status

  • Versions: author installed per this instruction late jan 2015 in mageia cauldron; mga5b2+, 64 bit; kernel-desktop-3.18.3-2.mga5, apache 2.4.10-11.mga5 , php 5.6.5-1.mga5, MariaDB 10.0.15-2.mga5, ownCloud 7.0.4-1.mga5
  • Todo: Check: when set it to use cron it complains cron had not run for long (in my setup)
  • Todo: Check/update for server 8.x (8.0.0 released today 2014-02-09) when we have it

Install packages

Fundamental

All packages in this howto are from mageia repos

  • MariaDB - recommended database engine, better performance and stability than default
  • php-pdo_mysql - for php to use MariaDB
  • apache-mod_php - php5 for use with apache​
  • ownCloud - of course. (note: the server, not the client)
urpmi mariadb php-pdo_mysql apache-mod_php apache-mod_php owncloud

The above pulls in all else needed, including apache and a lot of php. This seem to be enough - if not please update this

  • chrony - use ntp so servers time is in sync, so ownCloud can decide correctly which file is elder. -The same goes for the ownCloud client systems! Probably you already have this - it is good to have regardless of ownCloud...

Note: easiest to set up in KDE by right cklicking the clock in system tray -> check "activate network time protocol", and it installs chrony and in the pulldown there set which NTP server to sync to.

Suggested

  • apache-mod_ssl - to enable secure connections (https)
  • php-opcache - Zend OPcache provides faster PHP execution through opcode caching and optimisation
  • PhpMyAdmin and/or and/or webmin, see their headings below - to handle the database by GUI
urpmi apache-mod_ssl php-opcache phpmyadmin webmin

For more functionality

More modules may be needed, see http://doc.owncloud.org/server/7.0/admin_manual/installation/installation_source.html

Configuration

Configure the database engine MariaDB

As root edit /etc/php.d/36_mysql.ini By default it only contain the row:

extension = mysql.so

add this line to make MariaDB use php-pdo_mysql:

extension=pdo_mysql.so
  • reboot ( may not be needed, but to update all system and reboot may be a good idea anyway :) )
  • Set the MariaDB administrative password:
mysqladmin a_password
  • Then log in using that password:
mysql -uroot -p

Create ownCloud database and define its user and password, enter lines below, but your credentials:

  • First line: invent a username and password for ownCloud to use for mariaDB, keep 'localhost'
  • Second line: Name of the database is good to have as "owncloud"
  • Third line: Use the above to register the user (owncloud server) for that database
CREATE USER 'OCserverUsername'@'localhost' IDENTIFIED BY 'OCserverPassWD';
CREATE DATABASE IF NOT EXISTS owncloud;
GRANT ALL PRIVILEGES ON owncloud.* TO 'OCserverUsername'@'localhost' IDENTIFIED BY 'OCserverPassWD';
quit

Prepare storage

You may chose to use a dedicated ext4 partiton in a LVM so you can extend it and also make snapshots. You may also have that whole LVM encrypted. Cost a slight performance. On a raid? Your choice.
For this example lets say you mount it at /mnt/owncloud . You must make a data folder and set the right ownership:

mkdir /mnt/owncloud/data
chown -R apache:apache /mnt/owncloud

Note: If you do not similarly to above place your data folder out of direct webserver access, (and keep it under www/ instead) then check that data/.htaccess effectively looks like below. (for apache 2.4 - if 2.2, first line should read "deny from all")

Require all denied
IndexIgnore *

-or else your data may be accessible from internet!

For stronger protection

See "For hardened security" in http://doc.owncloud.org/server/7.0/admin_manual/installation/installation_source.html

Upload buffering folder

Is defined in /etc/php.ini By default it is /var/tmp/

Configure ownCloud

  1. Browse to https://localhost/owncloud
  2. Invent your ownCloud administrator login name, and alphanumeric Password
  3. State the location for data storage, per above suggestion it is /mnt/owncloud/data
  4. Choose mariadb, and for it state OCserverUsername, OCserverPassWD, database name (owncloud), keep "localhost"
  5. Login, and rightmost up you have a pulldown with an "Admin" entry ( direct link: http://localhost/owncloud/index.php/settings/admin)
  6. For better security (but slightly less performance) set "enforce https"
  7. Disable functions you do not need.
  8. Set ownCloud send email and test, but first visit "Personal" in that same menu to set your receive email.
  9. In that drop-down menu select "Users" to add and manage users and their quota etc.

( Most settings are stored in /usr/share/owncloud/config/config.php )

Security alternatives

http://doc.owncloud.org/server/7.0/admin_manual/installation/installation_source.html

Checking the setup

A tool exists that checks and reports on many aspects of the installation. Get the "OwnCloud Tools" from first post http://forum.owncloud.org/viewtopic.php?f=8&t=2921 - As described there, grab the content in the list box and put it in a file called tools.php, edit in a password on line two; i.e make the line like

$PASSWORD = 'adminpass';

and place it in /usr/share/owncloud/ . Owner root, permissions -rw-r--r-- . Then go to https://localhost/owncloud/tools.php (of course modify the part "localhost" to owncloud server IP if from another machine) and log in using that password.

Check around that things look OK! Note: it will complain about .htacess not working even when you have moved your data folder away from webserver, see "Prepare storage" above.

OwnCloud needs to write

... a few folders (which you may see a complaint of in the above tool), so enter:

cd /usr/share/owncloud
chown apache:apache config data apps

ref: http://doc.owncloud.org/server/7.0/admin_manual/installation/installation_source.html#setting-secure-directory-permissions

Tips

Access from internet

Ensure that your OwnCloud defaults to HTTPS and does not allow HTTP access. You may need to install SSL on your web server for this to work.

Internet security

If you plan to access your OwnCloud from the Internet and you already run an Internet-accessible web server on the computer hosting OwnCloud, then no extra settings on your firewall are required. If you have not previously opened up your computer for access from the Internet, you may need to forward Port 443 (HTTPS/TLS) and maybe Port 80 (Insecure: Not recommended) from your router to the computer hosting your OwnCloud. The manual for your router should explain how this can be achieved.

How to set upload split size (chunking)

In order to avoid timeouts on larger files uploading from client on slow connections, see http://forum.owncloud.org/viewtopic.php?f=14&t=24595

It will be set to 5MB by default in OwnCloud 8.x. https://github.com/owncloud/client/issues/766

Stop, start

i.e. for backup inbetween (actually stops the apache server)

systemctl stop httpd.service 
systemctl start httpd.service 

Uploading files by other means

In order to load lots of files initially on the server, many have experimented on how to bypass ownCloud and load files directly to the data directory, then let ownCloud index what it have. Examples see https://forum.owncloud.org/viewtopic.php?f=17&t=7236&start=30 and also find tip in the link in Throughput below.

OwnCloud will still work the server very hard as it indexes all these new files. If you are going to store a lot of files, or move them around often, then consider using the mySQL or a similar relational database option rather than SQLite.

Backing up

What to back up (please review)

  1. the data directory tree you configured
  2. /etc/httpd/conf/sites.d/owncloud.conf
  3. /etc/owncloud/
  4. /usr/share/owncloud/
  5. /etc/httpd/conf/httpd.conf - apache configuration file
  6. /etc/my.cnf - MariaDB configuration file
  7. /var/lib/mysql/ - database

Command examples: https://doc.owncloud.org/server/8.0/admin_manual/maintenance/backup.html (same for 8.0 as for 7.0)

I do suggest to stop owncloud before backing up to guarantee consistency between files and database.

Reinstall

For a total reinstall of ownCloud:

  • Stop using it, stop apache, uninstall ownCloud, start apache. (so all data is stable)
  • Copy all above to a backup!
  • Make a backup of the owncloud database using command line or i.e PhpMyAdmin.

The rest seem to be vague, I suggest trying the useful links below. Some ideas:

  • if you suggest there have been program version conflicts reinstall php packages, and maybe more...
  • maybe also clean out settings and config files before installing packages again
  • if database was corrupt try creating an empty one, and then using owncloud register users again. There have been reports that such have worked even for migrating between databases and users found their content again, but no guarantees! - keep backup.
  • If you do not care about content then you can of course remove it before reinstalling and starting owncloud.

Save database

Use the nice PhpMyAdmin or Webmin, (see their headings below), or:

http://forum.owncloud.org/viewtopic.php?f=26&t=19400 http://forums.mageia.org/en/viewtopic.php?f=8&t=7187&p=46069

Backup script for MariaDB http://forums.mageia.org/en/viewtopic.php?f=5&t=7338&p=46877

Sync client

Notes

  • Local folders get the date of creation - their time stamp is not synced. Issue https://github.com/owncloud/core/issues/7009 and more.
  • Database is stored in the root of each sync task as hidden file .csync_journal.db and a log .owncloudsync.log . While the client runs there are also the files .csync_journal.db-shm and .csync_journal.db-wal .

Tips

Syncing a dual boot system (linux/windows)

http://forum.owncloud.org/viewtopic.php?f=14&t=19672&p=78867#p78867

Useful links

OwnCloud

Nice manuals for client and server: http://doc.owncloud.org/

List of ownCloud Resources http://forum.owncloud.org/viewtopic.php?f=9&t=1804

OwnCloud forum http://forum.owncloud.org

Bug tracker etc https://github.com/owncloud/

How to find webserver or ownCloud logfile / enable php logfile https://forum.owncloud.org/viewtopic.php?f=17&t=7330

Arch Linux wiki https://wiki.archlinux.org/index.php/OwnCloud

MariaDB

http://wiki.mageia.org/en/MariaDB

http://mariadb.com/kb/en/mariadb/getting-installing-and-upgrading-mariadb/

Log: /var/log/mysqld/mysqld.log

PhpMyAdmin

A good tool to read, manage, backup MariaDB data. Install it, then in a web browser go to https://localhost/phpmyadmin and use the administrative login i.e user root and the password you set.

info: http://www.phpmyadmin.net Configuration file /etc/phpmyadmin/config.inc.php - /usr/share/phpmyadmin/config.default.inc.php contain defauls, not supposed to be modified.

Webmin

Webmin can control many things in a system, i.e MariaDB/MySQL. Install it, then in a web browser go to https://localhost:10000/

Log in as system root, click Servers -> MySQL enter MariaDB administrative login credentials. There is a backup button, and you can also schedule backups. info: http://www.webmin.com

Tune performance

PHP caching

Two things need caching: data, and php-opcodes (and most opcode cachers also do optimisations)

For PHP =< 5.4 APC have been good for both but it is no more maintained and thus deprecated.

It seems best performance nowadays with OwnCloud is to use Zend-OpCache (mageia package php-opcache) for opcode caching and optimisation, and APCu (mageia package php-apcu) for data caching.

APCu is an updated and stripped APC with only data caching.

However, currently see http://bugs.mageia.org/show_bug.cgi?id=15743

No unnecessary modules

Do not install or at ownCloud admin page activate unnecessary modules (see optional above) Even when not used some may use much RAM

Apache

http://httpd.apache.org/docs/2.4/misc/perf-tuning.html It seem to be optimal by default;

  • In /etc/httpd/conf/httpd.conf you should have an uncommented line
 EnableSendfile On

That way files are sent by kernel instead of apache = lower overhead. NOTE: if you serve from network mounts set both EnableMMAP off and EnableSendfile off !

  • See if you find KeepAlive and if so it should not be set Off. - Keepalive On or commented out is OK. It is by default On to minimize request delays for multiple files.

Other tweaks

  • activate cronjobs instead of as per default doing a bit housekeeping every call (see admin page in owncloud web interface)
  • optimize MariaDB/"mysql" settings

... and some more at thread http://forum.owncloud.org/viewtopic.php?f=8&t=10692

Throughput

OwnCloud is known to be slow on small files, especially when there are many files. https://github.com/owncloud/core/issues/7072 Developers are aware and working on it for owncloud 8. In the linked thread there are some users sharing tricks for increasing speed in their case.

Authors test: It consumes many CPU cycles for thinking on each file, so there is a limited number of files per second it can process. Large files transfer at what network connection or disk limits. With the setup described above including tweaks except "Other tweaks", this page authors machine, CPU AMD E-350 dual 1,6MHz, process roughly 5 files per second, with CPU load as: "mysqld" 40 %, and three "httpd" at 15 % each, where "httpd" include apache+owncloud+php. The test set was uploading a couple thousand code files at 2 KB average size per file uploaded from the single client online, on 1GB ethernet, and using https. Downloading to a new computer also over GB LAN it performs about three times faster, with "mysqld" and three "httpd" all at 15..25 % each.

Initially I set up owncloud using the SQLite default implementation, and experienced a speed of about a tenth of the speed as compared with using MariaDB, plus it had some sync failures, according to log it was due to database timeouts.

Issues

Login

  • If you at login window get "You are accessing the server from an untrusted domain" (you can web search that plus ownCloud) It may be because ownCloud initial setup was done from another address name than it is running. You can add so you have both "localhost" and the IP of where ownCloud runs in section 'trusted_domains' in /usr/share/owncloud/config/config.php, like this example:
    'trusted_domains' => 
array (
  0 => 'localhost',
  1 => '192.168.0.27',
),

A less secure alternative is to remove that whole section

Other

  • Clients can not sync, and this error is in logs: PHP Startup: Unable to load dynamic library '/usr/lib64/php/extensions/pdo_mysql.so' - /usr/lib64/php/extensions/pdo_mysql.so: undefined symbol: pdo_parse_params at Unknown#0

Others have found it be due to php version conflicts. A few got it solved by new php versions. For me it got solved by uninstalling then reinstalling all php packages, which pulled three more.