Adapted from here but updated for Ubuntu 14.04 and its apache configuration file location. Most of the instructions in this link did not have to be followed as they were already the defaults and/or the apache files were in different locations
1. Install the appropriate packages: apt-get install owncloud apache2 mysql-server php5 php5-mysql
. You will be asked to set a password for the root MySQL user.
2. Ensure apache and mysql are running: sudo /etc/init.d/mysql restart
and sudo /etc/init.d/apache2 restart
3. Setup the MySQL server: mysql -u root -p
. After login you will get the mysql prompt like this:
mysql >
Now create an OwnCloud database user and set the password. Use a very strong password.
mysql> CREATE USER 'ownclouduser'@'localhost' IDENTIFIED BY 'Password';
Create a database called owncloud:
mysql> create database owncloud;
Grant privileges to the owncloud user in the owncloud database
mysql> GRANT ALL ON owncloud.* TO 'ownclouduser'@'localhost';
mysql> flush privileges;
mysql> exit
4. I think I had to edit the configuration of the OwnCloud config file in /etc/apache2/conf-enabled/owncloud.conf
. Here is what the file looked like before later adding SSL. You will obviously need to change the IP address of your server. ServerName
and ServerAlias
are only required if you use a hostname.
<VirtualHost IP-address-of-server:80>
ServerName myowndomain.com
ServerAlias www.myowndomain.com
Alias /owncloud /usr/share/owncloud
<Directory /usr/share/owncloud/>
Options +FollowSymLinks
AllowOverride All
<IfVersion < 2.3>
order allow,deny
allow from all
</IfVersion>
<IfVersion >= 2.3>
Require all granted
</IfVersion>
</Directory>
</VirtualHost>
5. Navigate to http://IP-address-of-server/owncloud
to setup the OwnCloud admin user. I don't think the OwnCloud admin name and password were previously set, so I must have done that here. The MySQL user and password are whatever you set in #3 above.
6. After creating the OwnCloud admin and logging in, you can create other user accounts, enable other plugins, set file size quotas, etc. I would ensure all of this works for admin and one other user before attempting to add SSL encryption.
I followed the directions from here, except that I had to make one very important addition before creating the certificate.
1. Install openssl and add it to apache:
sudo apt-get install openssl
sudo a2enmod ssl
sudo a2enmod rewrite
2. Make the SSL certificate. IMPORTANT: I had to set an environment variable before creating the certificate to give my server a name, otherwise the OwnCloud desktop client wouldn't accept the certificate.
export CN="owncloud" ## This is the important environment variable
sudo mkdir -p /etc/apache2/ssl
sudo openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/owncloud.pem -keyout /etc/apache2/ssl/owncloud.key
sudo /etc/init.d/apache2 restart
3. I had to edit the OwnCloud configuration file so that https redirect works. Here is the new file from /etc/apache2/conf-enabled/owncloud.conf
:
<VirtualHost IP-address-of-server:80>
ServerName myowndomain.com
ServerAlias www.myowndomain.com
#### Redirect to port 443 ###
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
#### End of Redirection configuration ###
Alias /owncloud /usr/share/owncloud
<Directory /usr/share/owncloud/>
Options +FollowSymLinks
AllowOverride All
<IfVersion < 2.3>
order allow,deny
allow from all
</IfVersion>
<IfVersion >= 2.3>
Require all granted
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost IP-address-of-server:443>
ServerName myowndomain.com
ServerAlias www.myowndomain.com
####Configuration for SSL #####
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/owncloud.pem
SSLCertificateKeyFile /etc/apache2/ssl/owncloud.key
#### End of SSL Configuration ####
Alias /owncloud /usr/share/owncloud
<Directory /usr/share/owncloud/>
Options +FollowSymLinks
AllowOverride All
<IfVersion < 2.3>
order allow,deny
allow from all
</IfVersion>
<IfVersion >= 2.3>
Require all granted
</IfVersion>
</Directory>
</VirtualHost>
4. Lastly I restarted apache sudo /etc/init.d/apache2 restart
and checked to see if the OwnCloud login was now accessible via https
and not http
.
5. Note that for the desktop and iOS clients, I think I had to give the full address of the server, i.e. https://myowndomain.com/owncloud
.
In a multi-user setup, OwnCloud needs to be in a privileged directory, such as /usr/share/owncloud
. This can be problematic for those who want to upload files via SFTP rather than using OwnCloud's sync.
This is not the intended way that OwnCloud functions, but I wanted to get around this issue. (Caveat emptor.) So, I symbolically linked OwnCloud's files directory to a folder in my home directory. Doing this seemed to allow the files to be viewed on the OwnCloud web interface, but I didn't have write access to these directories and thus couldn't upload anything via OwnCloud.
Getting all of the permissions correctly set so that OwnCloud had write privileges required some effort. Here is how I created the symlinks and set permissions.
1. Make SFTP directory in /home/username
and set group/permissions so OwnCloud can read/write. OwnCloud user and group are www-data
.
mkdir /home/username/sftp_files
sudo adduser username www-data
sudo chgrp www-data /home/username/sftp_files #Not sure why I couldn't change this without becoming root
chmod 775 /home/username/sftp_files
2. Symlink /home/user/sftp_files
inside OwnCloud's file repository. This will create one directory within OwnCloud that is linked to a place you can SFTP files.
sudo ln -s /home/username/sftp_files /usr/share/owncloud/data/username/files/sftp_files
# IMPORTANT: the permissions of the symbolic link have to be fixed
sudo chown -h www-data:www-data /usr/share/owncloud/data/username/files/sftp_files
To instead completely replace OwnCloud's files with a directory in /home/username
:
sudo mv /usr/share/owncloud/data/username/files /usr/share/owncloud/data/username/files_bkup && ln -s /home/username/sftp_files /usr/share/owncloud/data/username/files
OwnCloud will automatically recreate your files directory if it detects it missing, so I had to enter the above as one command. Last, fix the symlink permissions.
# IMPORTANT: the permissions of the symbolic link have to be fixed
sudo chown -h www-data:www-data /usr/share/owncloud/data/username/files
There are some caveats to this setup that I've found so far. The main one being that if you upload files via SFTP/scp/rsync, you need to set the group to www-data
and give the group write permissions to enable editing/deleting of files in OwnCloud. Likewise, if you upload files to your symbolically linked SFTP directory via OwnCloud, the new files will have permissions www-data:www-data
. I'm not certain this second problem is a major issue since I mostly plan to use rsync to keep my files updated. Also, the second issue doesn't seem to prevent me from deleting OwnCloud-uploaded files via the command line, although I am prompted about removing a protected file. I guess I'd need to test this further to fully understand the ramifications. One possible solution to both of these issues is to have a cron job periodically change the permissions to username:www-data
.
There are loads of plugins that can be enabled via the OwnCloud panel available to the admin. There are also others that have been developed by the community. For example, I added one that enables two-factor authentication from here.
It is also possible to encrypt files in OwnCloud. However, I'm not certain this would be compatible with uploading via SFTP since I assume that means the files will be encrypted on disk.