sudo aptitude install postgresql postgresql-client php7.0-pgsql
sudo adduser ownclouduser
sudo su - postgres
createuser -P ownclouduser
createdb -O ownclouduser owncloud
logout
NOTE: there is no official support for Debian 9 for Owncloud server so we use the Debian 8 repository.
wget -qO- https://download.owncloud.org/download/repositories/stable/Debian_8.0/Release.key | sudo apt-key add -
sudo sh -c "echo 'deb http://download.owncloud.org/download/repositories/stable/Debian_8.0/ /' > /etc/apt/sources.list.d/owncloud.list"
sudo aptitude update
sudo aptitude install owncloud owncloud-deps-php7.0 php-apcu
Visit http://localhost/owncloud in your browser and be sure to select PostgreSQL as your database when you create the admin user. Input the relevant PostgreSQL credentials you set earlier during the PostgreSQL installation.
Append the following line after the last ,
and before the );
in the configuration file /var/www/owncloud/config/config.php
:
'memcache.local' => '\OC\Memcache\APCu',
This should resolve any memory cache warnings displayed on the admin settings page.
Add SSL support using the Let's Encrypt certbot as described below. For the purposes of this installation assume that cloud.example.org
is the domain you own and is where you want to host this service. Also, assume that myowncloud
is the hostname of your server.
sudo aptitude install python-certbot-apache
sudo certbot --apache
Update the default configuration file at /etc/apache2/sites-available/000-default.conf
to be like the following:
<VirtualHost *:80>
DocumentRoot /var/www/owncloud
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =cloud.example.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName cloud.example.org
DocumentRoot /var/www/owncloud
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/cloud.example.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.example.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
</VirtualHost>
</IfModule>
Make sure to replace cloud.example.org
with your own domain name.
sudo a2enmod headers
sudo systemctl restart apache2
Create a systemd service file that executes the renewal command /lib/systemd/system/certbot.service
:
[Unit]
Description=Renew SSL certificates
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot renew
Create a systemd timer file that will call the above service every 60 days /lib/systemd/system/certbot.timer
:
[Unit]
Description=Renew SSL certificates every 60 days
[Timer]
OnUnitActiveSec=60days
Unit=certbot.service
[Install]
WantedBy=multi-user.target
Activate and start the timer:
sudo systemctl enable certbot.timer
sudo systemctl start certbot.timer
Visit http://cloud.example.org
in your browser and make sure that it redirects to the SSL version of the site.
Enable send-only smtp server using Postfix.
Remove all exim4
packages if prompted to do so:
sudo aptitude install postfix
When the configuration dialog pops up, select Internet Site
when prompted for the general type of mail configuration. Additionally, enter the domain name when prompted, in my case it was cloud.example.org
. Run the following command to confirm that Postfix was installed correctly:
cat /var/log/mail.log
sudo postconf -e "inet_interfaces = loopback-only"
sudo postconf -e "myorigin = cloud.example.org"
sudo postconf -e "myhostname = myowncloud"
sudo postconf -e "relay_domains = cloud.example.org"
sudo postfix reload
Test the mailserver:
telnet localhost 25
The output should look similar to the following:
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 myowncloud ESMTP Postfix (Debian/GNU)
Test sending email:
echo "This is the body" | mail -s "This is the subject" hellothere@gmail.com
Enable virtual email addresses:
sudo postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual"
Create the file /etc/postfix/virtual
and add the following virtual email address:
no-reply no-reply@cloud.example.org
Create a database-like file from it:
sudo postmap /etc/postfix/virtual
Restart Postfix:
sudo systemctl restart postfix
Enable Sender Policy Framework (SPF) by the adding the following record to your domain name server:
Name: cloud.example.org
TTL: 14400
Type: TXT
TXT Data: v=spf1 ptr:cloud.example.org -all
Install OpenDKIM packages:
sudo aptitude install opendkim opendkim-tools
Append the following to /etc/opendkim.conf
:
AutoRestart Yes
AutoRestartRate 10/1h
UMask 0002
Syslog yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:12301@localhost
Edit /etc/default/opendkim
so that the line containing the SOCKET
text is as follows:
SOCKET="inet:12301@localhost"
Appending the following lines to /etc/postfix/main.cf
:
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
Create directories for storing OpenDKIM configuration files and keys:
sudo mkdir -p /etc/opendkim/keys
Create the file /etc/opendkim/TrustedHosts
and append the following lines:
127.0.0.1
localhost
cloud.example.org
Create the file /etc/opendkim/KeyTable
and append the following line:
mail._domainkey.cloud.example.org cloud.example.org:mail:/etc/opendkim/keys/cloud.example.org/mail.private
Create the file /etc/opendkim/SigningTable
and append the folowing line:
*@cloud.example.org mail._domainkey.cloud.example.org
Generate the public and private keys:
sudo mkdir /etc/opendkim/keys/cloud.example.org
cd /etc/opendkim/keys/cloud.example.org
sudo opendkim-genkey -s mail -d cloud.example.org
sudo chown opendkim:opendkim mail.private
Add the public key defined after the p=
in mail.txt
as a TXT record in your domain name server:
Name: mail._domainkey.cloud.example.org
TTL: 14400
Type: TXT
TXT Data: v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhLjzX5YHK4iMuCN+dCB3lFEt+6MKNiVo
NOTE: Debian 9 workaround is required by executing the following command:
/lib/opendkim/opendkim.service.generate
Restart services:
sudo systemctl daemon-reload
sudo systemctl restart postfix
sudo systemctl restart opendkim
Test that DKIM is working by sending an email to another email address:
echo "hello world" | mail -r no-reply@cloud.example.org -s "Testing DKIM" yourownemail@gmail.com
The header information in the email received by Gmail should contain text similiar to the following:
Authentication-Results: mx.google.com;
dkim=pass header.i=@cloud.example.org header.b=gClubDrw;
spf=pass (google.com: domain of no-reply@cloud.example.org designates 123.45.67.89 as permitted sender) smtp.mailfrom=no-reply@cloud.example.org