Project

General

Profile

Support #754

Install an ownCloud Server on FreeBSD

Added by Daniel Curtis about 8 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Web Server
Target version:
Start date:
02/25/2016
Due date:
% Done:

100%

Estimated time:
1.00 h
Spent time:

Description

This is a guide on setting up ownCloud with Nginx on FreeBSD 9.

Prepare the Environment

  • Before installation of the components, make sure everything is up to date using the following command:
    pkg update -f && pkg upgrade
    
  • Install portmaster:
    cd /usr/ports/ports-mgmt/portmaster
    make install clean
    pkg2ng
    
  • Create the owncloud user:
    pw user add -n owncloud -m -s /sbin/nologin -c "ownCloud" 
    

Install Nginx

  • Install Nginx
    pkg install nginx
    
  • Start and enable nginx at boot:
    echo 'nginx_enable="YES"' >> /etc/rc.conf
    service nginx start
    
  • Create a configuration directory to make managing individual server blocks easier
    mkdir /usr/local/etc/nginx/conf.d
    
  • Edit the main nginx config file:
    vi /usr/local/etc/nginx/nginx.conf
    
    • And strip down the config file and add the include statement at the end to make it easier to handle various server blocks:
      worker_processes  1;
      error_log  /var/log/nginx-error.log;
      
      events {
          worker_connections  1024;
      }
      
      http {
          include       mime.types;
          default_type  application/octet-stream;
          sendfile        on;
          keepalive_timeout  65;
      
          # Load config files from the /etc/nginx/conf.d directory
          include /usr/local/etc/nginx/conf.d/*.conf;
      }
      

Install MySQL Server

  • Start by installing the mysql56-server and mysql56-client packages:
    pkg install mysql56-{server,client}
    
  • Copy a base MySQL configuration to use:
    cp /usr/local/share/mysql/my-small.cnf /var/db/mysql/my.cnf
    
  • Edit the mariadb config to change the max packet size:
    vi /var/db/mysql/my.cnf
    
    • and modify max_allowed_packet to 32M
      max_allowed_packet = 32M
      
  • Enable and start MariaDB
    echo 'mysql_enable="YES"' >> /etc/rc.conf
    service mysql-server start
    
  • Prepare the database for use by running the secure installation:
    mysql_secure_installation
    
    • NOTE: Choose a strong root password and answer yes to all questions.

Create MySQL Databases and Users

  • Login to MySQL and create appropriate databases and users.
    mysql -u root -p
    
    • and run the following SQL queries to create the ownclouddb database and ownclouduser user:
      CREATE DATABASE ownclouddb CHARACTER SET utf8;
      
      CREATE USER 'ownclouduser'@'localhost' IDENTIFIED BY 'SuperSecretPassword';
      
      GRANT ALL PRIVILEGES ON ownclouddb.* TO 'ownclouduser'@'localhost';
      
      FLUSH PRIVILEGES;
      
      quit
      

Install PHP

  • Install PHP 5.6:
    pkg install php56
    
  • Configure the default PHP settings
    cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
    
  • Create a directory for the php-fpm configs:
    mkdir /usr/local/etc/php-fpm.d
    
  • Edit /usr/local/etc/php-fpm.conf:
    vi /usr/local/etc/php-fpm.conf
    
    • Make the following changes:
      include=/usr/local/etc/php-fpm.d/*.conf
      
  • Enable PHP-FPM at boot:
    echo 'php_fpm_enable="YES"' >> /etc/rc.conf
    
  • Restart nginx:
    service nginx restart
    

Install ownCloud

  • Install owncloud:
    pkg install owncloud
    
  • Create an owncloud.example.com server block config file:
    vi /usr/local/etc/nginx/conf.d/owncloud.example.com.conf
    
    • Add the following:
      upstream owncloud-handler {
        server unix:/var/run/owncloud.example.com-php-fpm.sock;
      }
      
      server {
        listen 80;
        server_name owncloud.example.com;
      
        # Path to the root of your installation
        root /usr/local/www/owncloud/;
      
        # set max upload size
        client_max_body_size 10G;
        fastcgi_buffers 64 4K;
      
        # Disable gzip to avoid the removal of the ETag header
        gzip off;
      
        rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
        rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
        rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
      
        index index.php;
        error_page 403 /core/templates/403.php;
        error_page 404 /core/templates/404.php;
      
        location = /robots.txt {
          allow all;
          log_not_found off;
          access_log off;
        }
      
        location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
          deny all;
        }
      
        location / {
          # The following 2 rules are only needed with webfinger
          rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
          rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
      
          rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
          rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
      
          rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
      
          try_files $uri $uri/ =404;
        }
      
        location ~ \.php(?:$|/) {
          fastcgi_split_path_info ^(.+\.php)(/.+)$;
          include fastcgi_params;
          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
          fastcgi_param PATH_INFO $fastcgi_path_info;
          fastcgi_pass owncloud-handler;
          fastcgi_intercept_errors on;
        }
      
        # Adding the cache control header for js and css files
        # Make sure it is BELOW the location ~ \.php(?:$|/) { block
        location ~* \.(?:css|js)$ {
          add_header Cache-Control "public, max-age=7200";
          # Add headers to serve security related headers
          add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
          add_header X-Content-Type-Options nosniff;
          add_header X-Frame-Options "SAMEORIGIN";
          add_header X-XSS-Protection "1; mode=block";
          add_header X-Robots-Tag none;
          # Optional: Don't log access to assets
          access_log off;
        }
      
        # Optional: Don't log access to other assets
        location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
          access_log off;
        }
      }
      
  • Create the temporary session folder and restrict its permissions:
    mkdir -p /usr/local/www/owncloud/tmp
    chmod o-rwx /usr/local/www/owncloud/tmp
    
  • Create the owncloud php-fpm pool config file:
    vi /usr/local/etc/php-fpm.d/owncloud.example.com.conf
    
    • And add the following:
      [owncloud.example.com]
      user = owncloud
      group = www
      listen = /var/run/owncloud.example.com-php-fpm.sock
      listen.owner = owncloud
      listen.group = www
      pm = dynamic
      pm.max_children = 5
      pm.start_servers = 2
      pm.min_spare_servers = 1
      pm.max_spare_servers = 3
      php_admin_value[session.save_path] = "/usr/local/www/owncloud/tmp" 
      
  • Change the ownership of the owncloud directory:
    chown -R owncloud:www /usr/local/www/owncloud
    
  • Restart nginx and start php-fpm:
    service nginx restart
    service php-fpm start
    

Resources

#1

Updated by Daniel Curtis about 8 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100
#2

Updated by Daniel Curtis about 8 years ago

  • Description updated (diff)
#3

Updated by Daniel Curtis about 8 years ago

  • Description updated (diff)
#4

Updated by Daniel Curtis about 8 years ago

  • Description updated (diff)
#5

Updated by Daniel Curtis about 8 years ago

  • Description updated (diff)
#6

Updated by Daniel Curtis about 8 years ago

  • Description updated (diff)
#7

Updated by Daniel Curtis about 8 years ago

  • Description updated (diff)
#8

Updated by Daniel Curtis about 8 years ago

  • Description updated (diff)
#9

Updated by Daniel Curtis about 8 years ago

  • Description updated (diff)
#10

Updated by Daniel Curtis about 8 years ago

  • Description updated (diff)
#11

Updated by Daniel Curtis about 8 years ago

  • Description updated (diff)
#12

Updated by Daniel Curtis about 8 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF