ownCloud install and configuration on Nginx



Below guide will show you how to install ownCloud on Nginx web server setup through Centmin Mod LEMP web stack. I used the OwnCloud Admin Manual's outlined manual installation method as basis for the below guide.

This is the first time I have used or tried ownCloud installation. So the guide is provided as is without any support. If you have ownCloud related issues or questions, best to post them to their official forums http://forum.owncloud.org.

To learn more about ownCloud features click here.

This guide assumes you have already installed Centmin Mod v1.2.3+ and followed the Getting Started Guide.


Step 1. Create MySQL database, MySQL username and password and grant privileges to the created MySQL database.

Where:

  • MySQL database name = owncloud1db
  • MySQL username = owncloud1username
  • MySQL password = yourmysqlpass
mysqladmin -u root -p create owncloud1db
mysql -u root -p -e "CREATE USER 'owncloud1username'@'localhost' IDENTIFIED BY 'yourmysqlpass';"
mysql -u root -p -e "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, LOCK TABLES, CREATE TEMPORARY TABLES ON owncloud1db.* TO 'owncloud1username'@'localhost'; FLUSH PRIVILEGES;"

Step 2. Run centmin.sh menu option #2 to create your domain's Nginx vhost if it hasn't already been created. For example, I created owncloud1.com domain Nginx vhost which has Nginx vhost file at /usr/local/nginx/conf/conf.d/owncloud1.com.conf and web root at /home/nginx/domains/owncloud1.com/public both of which is automatically created when you run centmin.sh menu option #2

--------------------------------------------------------
Centmin Mod 1.2.3-eva2000.07 - http://centminmod.com
--------------------------------------------------------
                   Centmin Mod Menu                   
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB 5.2, 5.5, 10 Upgrade Sub-Menu
12). Zend OpCache Install/Re-install
13). Install ioping.sh vbtechsupport.com/1239/
14). SELinux disable
15). Install/Re-install ImageMagick PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: pigz,pbzip2,lbzip2,p7zip etc
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Re-install
21). Exit
--------------------------------------------------------
Enter option [ 1 - 21 ] 2
--------------------------------------------------------

---------------------------------------------
Enter vhost domain name you want to add (without www. prefix): owncloud1.com


---------------------------------------------
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reloading nginx:                                           [  OK  ]

---------------------------------------------
vhost for owncloud1.com created successfully
vhost conf file for owncloud1.com created: /usr/local/nginx/conf/conf.d/owncloud1.com.conf
upload files to /home/nginx/domains/owncloud1.com/public
vhost log files directory is /home/nginx/domains/owncloud1.com/log

Current vhost listing at: /usr/local/nginx/conf/conf.d/

Apr 30  14:08   798    ssl.conf
Apr 30  14:08   1.1K   demodomain.com.conf
Apr 30  14:08   1.4K   virtual.conf
May 1   01:41   2.3K   owncloud1.com.conf
May 1   03:09   1.3K   owncloud1.com.conf
---------------------------------------------

Step 3. Download and setup Owncloud files

cd /usr/local/nginx/html/
mkdir owncloud
cd owncloud/
wget http://download.owncloud.org/community/owncloud-6.0.3.tar.bz2
tar xjf owncloud-6.0.3.tar.bz2
cd owncloud
cp -Rpf * /home/nginx/domains/owncloud1.com/public
cd /home/nginx/domains/owncloud1.com/public
chown -R nginx:nginx *
rm -rf /usr/local/nginx/html/owncloud
  • Note: Centmin Mod installed PHP-FPM already sets max upload size to 15M out of the box
php -i | grep 15M
post_max_size => 15M => 15M
upload_max_filesize => 15M => 15M

Step 4. Install and setup your SSL certificate for Nginx server as per instructions at http://centmin.com/nginx_configure_https_ssl_spdy.html


Step 5. Setup Centmin Nginx vhost for domain created in Step 2..

Edit /usr/local/nginx/conf/conf.d/owncloud1.com.conf to the following.

server {
            listen   80;
            server_name owncloud1.com www.owncloud1.com;
            return 301 https://$server_name$request_uri;
       }

server {
listen 443 ssl http2;
 server_name owncloud1.com;

        ssl_certificate      /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt;
        ssl_certificate_key  /usr/local/nginx/conf/ssl/domaincom/ssl.key;

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_session_cache      shared:SSL:10m;
        ssl_session_timeout  10m;
        ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
        ssl_prefer_server_ciphers   on;
        add_header Alternate-Protocol  443:npn-spdy/3;
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
        #add_header  X-Content-Type-Options "nosniff";
        #add_header X-Frame-Options DENY;
        # nginx 1.5.9+ or higher 
        # http://nginx.org/en/docs/http/ngx_http_spdy_module.html#spdy_headers_comp
        # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size
         spdy_headers_comp 6;
         ssl_buffer_size 4k;

        # enable ocsp stapling
        resolver 8.8.8.8;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /usr/local/nginx/conf/ssl/domaincom/ssl-trusted.crt;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/owncloud1.com/log/access.log combined buffer=32k;
  error_log /home/nginx/domains/owncloud1.com/log/error.log;

  root /home/nginx/domains/owncloud1.com/public;

include /usr/local/nginx/conf/owncloud.conf;

  include /usr/local/nginx/conf/phpowncloud.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
}

Now create file at /usr/local/nginx/conf/owncloud.conf and file at /usr/local/nginx/conf/phpowncloud.conf and add the following contents.

For /usr/local/nginx/conf/owncloud.conf

        client_max_body_size 10G; # set max upload size
        fastcgi_buffers 64 4K;

        rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
        rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
        rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

        index index.php;
        error_page 403 /core/templates/403.php;
        error_page 404 /core/templates/404.php;

#        location = /robots.txt {
#            allow all;
#            log_not_found off;
#            access_log off;
#        }

        location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
                deny all;
        }

        location / {
                # The following 2 rules are only needed with webfinger
                rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
                rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

                rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
                rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

                rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

                try_files $uri $uri/ index.php;
        }

For /usr/local/nginx/conf/phpowncloud.conf

location ~ ^(.+?\.php)(/.*)?$ {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    try_files $1 = 404;

    fastcgi_pass   127.0.0.1:9000;
    #fastcgi_pass   unix:/tmp/php5-fpm.sock;
    fastcgi_index  index.php;

    fastcgi_param SCRIPT_FILENAME $document_root$1;
    fastcgi_param PATH_INFO $2;

# might shave 200+ ms off PHP requests
# which don't pass on a content length header
# slightly faster page response time at the
# expensive of throughput / scalability
#sendfile on;
#tcp_nopush off;
#keepalive_requests 0;

fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 512k;
fastcgi_buffers 512 16k;
fastcgi_busy_buffers_size 512k;
fastcgi_temp_file_write_size 512k;
fastcgi_intercept_errors on;

#new .04+ map method
fastcgi_param HTTPS $server_https;

# comment out PATH_TRANSLATED line if /usr/local/lib/php.ini sets following:
# cgi.fix_pathinfo=0 
# as of centminmod v1.2.3-eva2000.01 default is set to cgi.fix_pathinfo=1

fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

                   }

If you decide to let Nginx server the static files via Nginx X-Accel-Redirect http://doc.owncloud.org/server/6.0/admin_manual/configuration/xsendfile.html#nginx-x-accel-redirect, you need to add an additional line to /usr/local/nginx/conf/phpowncloud.conf

    fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;

Just add it after PATH_INFO like

    fastcgi_param SCRIPT_FILENAME $document_root$1;
    fastcgi_param PATH_INFO $2;
    fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;

Then add to /usr/local/nginx/conf/owncloud.conf 3 more location contexts - paying attention to full path to data directory for your own specific vhost path /home/nginx/domains/owncloud1.com/public/data

location ~ ^/home/nginx/domains/owncloud1.com/public/data/.+$ {
    internal;
    root /;
}

location ~ ^/tmp/oc-noclean/.+$ {
    internal;
    root /;
}

location ~ "^/tmp/owncloud-oc[a-zA-Z0-9]{10}/.+$" {
    internal;
    root /;
}

Step 6. Restart Nginx and php-fpm services

service nginx restart
service php-fpm restart

or via command shortcut

nprestart

Step 7. Open domain in browser. i.e. http://owncloud1.com and click on the Advance setup button and fill it it with mysql username, password, mysql database name and for database server/host = localhost and proceed to finish setup within browser.

End result

Owncloud index page

Owncloud pictures page

Owncloud admin settings page

Owncloud apps page


PHP LDAP Extension support

By default Centmin Mod LEMP stack's PHP-FPM install has PHP LDAP Extension disabled if CentOS YUM package, openldap-clients is not detected as being installed. But with centmin.sh menu based PHP upgrade script has auto detection built in. So if you install YUM openldap-clients package, and recompile PHP-FPM via centmin.sh menu option #5, you can enable PHP LDAP extension support.

Steps for PHP LDAP extension enabling

  1. YUM install required openldap-clients package
yum -y install openldap-clients
  1. go to /usr/local/src/centmin-v1.2.3mod and run centmin.sh
cd /usr/local/src/centmin-v1.2.3mod
./centmin.sh

Select menu option #5 to recompile PHP specify PHP version 5.4.27 and wait for PHP to recompile with LDAP extension support.

./centmin.sh 

--------------------------------------------------------
Centmin Mod 1.2.3-eva2000.07 - http://centminmod.com
--------------------------------------------------------
                   Centmin Mod Menu                   
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB 5.2, 5.5, 10 Upgrade Sub-Menu
12). Zend OpCache Install/Re-install
13). Install ioping.sh vbtechsupport.com/1239/
14). SELinux disable
15). Install/Re-install ImageMagick PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: pigz,pbzip2,lbzip2,p7zip etc
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Re-install
21). Exit
--------------------------------------------------------
Enter option [ 1 - 21 ] 5
--------------------------------------------------------
Custom configure CSF settings...set

Do you want to run YUM install checks ?  [y/n]

This will increase your upgrade duration time wise.
Check the change log centminmod.com/changelog.html
to see if any Nginx or PHP related new additions
which require checking YUM prequisites are met.
If no new additions made, you can skip the 
YUM install check to speed up upgrade time.

PHP Upgrade - Would you like to continue? [y/n] y

Install which version of PHP? (version i.e. 5.4.27): 5.4.27
Do you want to update to latest php-fpm.conf ? It will overwrite your existing php-fpm.conf [y/n]: n
*************************************************
* Upgrading PHP
*************************************************

Gracefully shutting down php-fpm . done
Starting php-fpm  done
*************************************************

Thu May  1 11:05:27 EST 2014
Success: PHP was installed properly

*************************************************
***************************************************
* PHP upgraded and auto reinstalled PHP extensions
***************************************************

ccache stats:
cache directory                     /home/.ccache
cache hit (direct)                   897
cache hit (preprocessed)            1035
cache miss                          2867
called for link                      217
called for preprocessing             314
compile failed                        64
preprocessor error                    48
bad compiler arguments                56
unsupported source language           63
autoconf compile/link                913
unsupported compiler option           12
no input file                        135
files in cache                      6082
cache size                         132.6 Mbytes
max cache size                       2.0 Gbytes

After compile list of PHP extensions loaded

php -m

[PHP Modules]
apc
bcmath
bz2
calendar
Core
ctype
curl
date
dom
enchant
ereg
exif
filter
ftp
gd
gettext
gmp
hash
iconv
igbinary
imagick
imap
intl
json
ldap
libxml
mbstring
mcrypt
memcache
memcached
mhash
mysql
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
pdo_sqlite
Phar
posix
pspell
readline
Reflection
session
shmop
SimpleXML
soap
sockets
SPL
sqlite3
standard
sysvmsg
sysvsem
sysvshm
tidy
tokenizer
xml
xmlreader
xmlrpc
xmlwriter
zip
zlib

Before and after PHP LDAP Extension enabling


Notes

  • Using Opera's developer tools to look at Owncloud index page loading, I see a cancelled request for scan.php file, but when I look into server error log at /home/nginx/domains/owncloud1.com/log/error.log, the request has a 200 status code, so not sure what scan.php does or whether it's working 100%. This is my first time installing and using Owncloud so this guide is provided as is. Asking other Owncloud users using Apache or Nginx also have this cancelled request but everything works fine. So I assume it's all working.

scan.php file cancelled

owncloud1.com access log entry at /home/nginx/domains/owncloud1.com/log/access.log

tail -50 /home/nginx/domains/owncloud1.com/log/access.log | grep scan

192.168.0.xxx - - [01/May/2014:05:30:43 +1000] "GET /index.php/apps/files/ajax/scan.php?force=false&dir=&requesttoken=8a899ccc1b5f3dfc7023 HTTP/1.1" 200 83 "https://owncloud1.com/index.php/apps/files" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36 OPR/20.0.1387.91"

  • Nginx configuration
nginx -V
nginx version: nginx/1.7.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) 
TLS SNI support enabled
configure arguments: --with-cc-opt='-I/svr-setup/staticlibssl/include -I/usr/include' --with-ld-opt='-L/svr-setup/staticlibssl/lib -Wl,-rpath -lssl -lcrypto -ldl -lz' --sbin-path=/usr/local/sbin --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module --with-http_secure_link_module --with-http_flv_module --with-http_realip_module --with-openssl-opt=enable-tlsext --add-module=../ngx-fancyindex-ngx-fancyindex --add-module=../ngx_cache_purge-2.1 --add-module=../headers-more-nginx-module-0.25 --add-module=../nginx-accesskey-2.0.3 --add-module=../nginx-http-concat-master --with-http_dav_module --add-module=../nginx-dav-ext-module-0.0.3 --with-openssl=../openssl-1.0.1g --with-libatomic --with-pcre=../pcre-8.35 --with-pcre-jit --with-http_spdy_module --add-module=../ngx_pagespeed-release-1.7.30.4-beta