sudo aptitude install postgresql postgresql-client php7.0-pgsqlsudo adduser ownclouduser
sudo su - postgres
createuser -P ownclouduser
createdb -O ownclouduser owncloud
logoutNOTE: there is no official support for Debian 9 for Owncloud server so we use the Debian 8 repository.
wget -qO- https://download.owncloud.org/download/repositories/stable/Debian_8.0/Release.key | sudo apt-key add -sudo sh -c "echo 'deb http://download.owncloud.org/download/repositories/stable/Debian_8.0/ /' > /etc/apt/sources.list.d/owncloud.list"
sudo aptitude updatesudo aptitude install owncloud owncloud-deps-php7.0 php-apcuVisit http://localhost/owncloud in your browser and be sure to select PostgreSQL as your database when you create the admin user. Input the relevant PostgreSQL credentials you set earlier during the PostgreSQL installation.
Append the following line after the last , and before the ); in the configuration file /var/www/owncloud/config/config.php:
'memcache.local' => '\OC\Memcache\APCu',This should resolve any memory cache warnings displayed on the admin settings page.
Add SSL support using the Let's Encrypt certbot as described below. For the purposes of this installation assume that cloud.example.org is the domain you own and is where you want to host this service. Also, assume that myowncloud is the hostname of your server.
sudo aptitude install python-certbot-apachesudo certbot --apacheUpdate the default configuration file at /etc/apache2/sites-available/000-default.conf to be like the following:
<VirtualHost *:80>
DocumentRoot /var/www/owncloud
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =cloud.example.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName cloud.example.org
DocumentRoot /var/www/owncloud
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/cloud.example.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.example.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
</VirtualHost>
</IfModule>Make sure to replace cloud.example.org with your own domain name.
sudo a2enmod headers
sudo systemctl restart apache2Create a systemd service file that executes the renewal command /lib/systemd/system/certbot.service:
[Unit]
Description=Renew SSL certificates
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot renew
Create a systemd timer file that will call the above service every 60 days /lib/systemd/system/certbot.timer:
[Unit]
Description=Renew SSL certificates every 60 days
[Timer]
OnUnitActiveSec=60days
Unit=certbot.service
[Install]
WantedBy=multi-user.target
Activate and start the timer:
sudo systemctl enable certbot.timer
sudo systemctl start certbot.timerVisit http://cloud.example.org in your browser and make sure that it redirects to the SSL version of the site.
Enable send-only smtp server using Postfix.
Remove all exim4 packages if prompted to do so:
sudo aptitude install postfixWhen the configuration dialog pops up, select Internet Site when prompted for the general type of mail configuration. Additionally, enter the domain name when prompted, in my case it was cloud.example.org. Run the following command to confirm that Postfix was installed correctly:
cat /var/log/mail.logsudo postconf -e "inet_interfaces = loopback-only"
sudo postconf -e "myorigin = cloud.example.org"
sudo postconf -e "myhostname = myowncloud"
sudo postconf -e "relay_domains = cloud.example.org"
sudo postfix reloadTest the mailserver:
telnet localhost 25The output should look similar to the following:
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 myowncloud ESMTP Postfix (Debian/GNU)
Test sending email:
echo "This is the body" | mail -s "This is the subject" hellothere@gmail.comEnable virtual email addresses:
sudo postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual"Create the file /etc/postfix/virtual and add the following virtual email address:
no-reply no-reply@cloud.example.org
Create a database-like file from it:
sudo postmap /etc/postfix/virtualRestart Postfix:
sudo systemctl restart postfixEnable Sender Policy Framework (SPF) by the adding the following record to your domain name server:
Name: cloud.example.org
TTL: 14400
Type: TXT
TXT Data: v=spf1 ptr:cloud.example.org -all
Install OpenDKIM packages:
sudo aptitude install opendkim opendkim-toolsAppend the following to /etc/opendkim.conf:
AutoRestart Yes
AutoRestartRate 10/1h
UMask 0002
Syslog yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:12301@localhost
Edit /etc/default/opendkim so that the line containing the SOCKET text is as follows:
SOCKET="inet:12301@localhost"
Appending the following lines to /etc/postfix/main.cf:
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
Create directories for storing OpenDKIM configuration files and keys:
sudo mkdir -p /etc/opendkim/keysCreate the file /etc/opendkim/TrustedHosts and append the following lines:
127.0.0.1
localhost
cloud.example.org
Create the file /etc/opendkim/KeyTable and append the following line:
mail._domainkey.cloud.example.org cloud.example.org:mail:/etc/opendkim/keys/cloud.example.org/mail.private
Create the file /etc/opendkim/SigningTable and append the folowing line:
*@cloud.example.org mail._domainkey.cloud.example.org
Generate the public and private keys:
sudo mkdir /etc/opendkim/keys/cloud.example.org
cd /etc/opendkim/keys/cloud.example.org
sudo opendkim-genkey -s mail -d cloud.example.org
sudo chown opendkim:opendkim mail.privateAdd the public key defined after the p= in mail.txt as a TXT record in your domain name server:
Name: mail._domainkey.cloud.example.org
TTL: 14400
Type: TXT
TXT Data: v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhLjzX5YHK4iMuCN+dCB3lFEt+6MKNiVo
NOTE: Debian 9 workaround is required by executing the following command:
/lib/opendkim/opendkim.service.generateRestart services:
sudo systemctl daemon-reload
sudo systemctl restart postfix
sudo systemctl restart opendkimTest that DKIM is working by sending an email to another email address:
echo "hello world" | mail -r no-reply@cloud.example.org -s "Testing DKIM" yourownemail@gmail.comThe header information in the email received by Gmail should contain text similiar to the following:
Authentication-Results: mx.google.com;
dkim=pass header.i=@cloud.example.org header.b=gClubDrw;
spf=pass (google.com: domain of no-reply@cloud.example.org designates 123.45.67.89 as permitted sender) smtp.mailfrom=no-reply@cloud.example.org