Support #754
Updated by Daniel Curtis almost 9 years ago
{{>toc}}
This is a guide on setting up ownCloud with Nginx on FreeBSD 9.
h1. Prepare the Environment
* Before installation of the components, make sure everything is up to date using the following command:
<pre>
pkg update -f && pkg upgrade
</pre>
* Install portmaster:
<pre>
cd /usr/ports/ports-mgmt/portmaster
make install clean
pkg2ng
</pre>
* Create the owncloud user:
<pre>
pw user add -n owncloud -m -s /bin/sh -c "ownCloud"
</pre>
---
h1. Install Nginx
* Install Nginx
<pre>
pkg install nginx
</pre>
* Start and enable nginx at boot:
<pre>
echo 'nginx_enable="YES"' >> /etc/rc.conf
service nginx start
</pre>
* Create a configuration directory to make managing individual server blocks easier
<pre>
mkdir /usr/local/etc/nginx/conf.d
</pre>
* Edit the main nginx config file:
<pre>
vi /usr/local/etc/nginx/nginx.conf
</pre>
#* And strip down the config file and add the include statement at the end to make it easier to handle various server blocks:
<pre>
worker_processes 1;
error_log /var/log/nginx-error.log;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# Load config files from the /etc/nginx/conf.d directory
include /usr/local/etc/nginx/conf.d/*.conf;
}
</pre>
---
h1. Install MySQL Server
* Start by installing the mysql56-server and mysql56-client packages:
<pre>
pkg install mysql56-{server,client}
</pre>
* Copy a base MySQL configuration to use:
<pre>
cp /usr/local/share/mysql/my-small.cnf /var/db/mysql/my.cnf
</pre>
* Edit the mariadb config to change the max packet size:
<pre>
vi /var/db/mysql/my.cnf
</pre>
#* and modify @max_allowed_packet@ to 32M
<pre>
max_allowed_packet = 32M
</pre>
* Enable and start MariaDB
<pre>
echo 'mysql_enable="YES"' >> /etc/rc.conf
service mysql-server start
</pre>
* Prepare the database for use by running the secure installation:
<pre>
mysql_secure_installation
</pre>
#* *NOTE*: +Choose a strong root password+ and answer +yes+ to all questions.
h2. Create MySQL Databases and Users
* Login to MySQL and create appropriate databases and users.
<pre>
mysql -u root -p
</pre>
#* and run the following SQL queries to create the *ownclouddb* database and *ownclouduser* user:
<pre>
CREATE DATABASE ownclouddb CHARACTER SET utf8;
CREATE USER 'ownclouduser'@'localhost' IDENTIFIED BY 'SuperSecretPassword';
GRANT ALL PRIVILEGES ON ownclouddb.* TO 'ownclouduser'@'localhost';
FLUSH PRIVILEGES;
quit
</pre>
---
h1. Install PHP
* Install PHP 5.6: 5.6 and other supporting packages:
<pre>
pkg install php56 php56-extensions php56-pgsql php56-pdo_pgsql php56-session
</pre>
* Configure the default PHP settings
<pre>
cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
</pre>
* Create a directory for the php-fpm configs:
<pre>
mkdir /usr/local/etc/php-fpm.d
</pre>
* Edit @/usr/local/etc/php-fpm.conf@:
<pre>
vi /usr/local/etc/php-fpm.conf
</pre>
#* Make the following changes:
<pre>
include=/usr/local/etc/php-fpm.d/*.conf
</pre>
* Create the temporary session folder and restrict its permissions:
<pre>
mkdir /usr/local/www/owncloud/tmp
chmod o-rwx /usr/local/www/owncloud/tmp
</pre>
* Create the owncloud php-fpm pool config file:
<pre>
vi /usr/local/etc/php-fpm.d/owncloud.example.com.conf
</pre>
#* And add the following:
<pre>
[owncloud.example.com]
user = owncloud
group = www
listen = /var/run/owncloud.example.com-php-fpm.sock /var/run/php-fpm.sock
listen.owner = owncloud www
listen.group = www
pm listen.mode = dynamic 0660
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
php_admin_value[session.save_path] = "/usr/local/www/owncloud/tmp"
</pre>
* Change the ownership of the owncloud directory:
<pre>
chown -R owncloud:www /usr/local/www/owncloud
</pre>
* Start and enable PHP-FPM at boot:
<pre>
echo 'php_fpm_enable="YES"' >> /etc/rc.conf
service php-fpm start
</pre>
* Restart nginx:
<pre>
service nginx restart
</pre>
h1. Install ownCloud
* Install owncloud:
<pre>
pkg install owncloud
</pre>
* Create an *owncloud.example.com server block* config file:
<pre>
vi /usr/local/etc/nginx/conf.d/owncloud.example.com.conf
</pre>
#* Add the following:
<pre>
upstream php-handler {
server unix:/var/run/owncloud.example.com-php-fpm.sock; unix:/var/run/php-fpm.sock;
}
server {
listen 80;
server_name owncloud.example.com;
# Path to the root of your installation
root /usr/local/www/owncloud/;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
deny all;
}
location / {
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ =404;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# Optional: Don't log access to assets
access_log off;
}
# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
}
</pre>
* Restart nginx:
<pre>
service nginx restart
</pre>
h2. Resources
* https://doc.owncloud.org/server/8.0/admin_manual/installation/nginx_configuration.html