Install ownCloud 8.x on CentOS 7
-
@johnhooks said:
And after a little more looking around, even if you use the -R on restorecon it still wouldn't work. That's because the semanage command they have listed doesn't change the files inside. It should look like this:
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/owncloud/config(/.*)?"
Then it will include everything inside the folder.
So it would seem you would have to run that for each folder again.
If you pass -v with restorecon it will show you all the files it changed so you can make sure it did it correctly.
I have not had time to circle back to this, but I will. thanks.
-
More stupid issues with ownCloud. The system I setup while creating these instructions is wokring normally for the users. But here is more evidence that ownCloud just does not quite get things right...
This is what greats me when logged in to the settings tab as an administrator.
-
I set up an ownCloud system one time, but I did find that Seafile seems to sync much faster. They've also come a long way with their web interface.
-
ownCloud is REALLY making it hard to love them. My personal system setup last year has issues, but it was hacked together in CentOS 7 before the EPEL was even out for 7. I expected problems.
But this new install is now up but without disc space because I assumed (wrongly) that ownCloud would put their default data directory in whatever their install kit makes the largest ext3 partition. Nope..
The default location is /var/www/html/owncloud/data. A 50GB partition from a 300 GB vdisk.[root@owncloud ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/centos-root 50G 18G 33G 36% / devtmpfs 232M 0 232M 0% /dev tmpfs 241M 0 241M 0% /dev/shm tmpfs 241M 4.3M 236M 2% /run tmpfs 241M 0 241M 0% /sys/fs/cgroup /dev/sda2 497M 129M 368M 26% /boot /dev/sda1 200M 9.8M 191M 5% /boot/efi /dev/mapper/centos-home 249G 33M 249G 1% /home
-
I moved everything easily enough, but my point is that a default install should handle this.
To move everything shut down the webserver
systemctl stop httpd
Create the directory structure up to just before the /data folder. IN my case I wanted to simply move it to /home/owncloud/data.
mkdir /home/owncloud
Now move the data folder.
mv /var/www/html/owncloud/data /home/owncloud/data
Change ownership to apache
chown -R apache:apache /home/owncloud/data
Update SELinux
semanage fcontext -a -t httpd_sys_rw_content_t "/home/owncloud/data(/.*)?"
Edit the ownCloud config file to reflect the new location
sed -i -e 's/\/var\/www\/html\/owncloud\/data/\/home\/owncloud\/data/' /var/www/html/owncloud/config/config.php
Restart the webserver
systemctl start httpd
-
Now it all looks like this.
[root@owncloud ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/centos-root 50G 1.4G 49G 3% / devtmpfs 232M 0 232M 0% /dev tmpfs 241M 0 241M 0% /dev/shm tmpfs 241M 4.3M 236M 2% /run tmpfs 241M 0 241M 0% /sys/fs/cgroup /dev/sda2 497M 129M 368M 26% /boot /dev/sda1 200M 9.8M 191M 5% /boot/efi /dev/mapper/centos-home 249G 34G 215G 14% /home
-
@JaredBusch said:
@dafyre said:
For free SSL, I've been using StartCom (http://www.startssl.com/?app=32). Works great in Desktop OSes... Still not trusted on mobile devices yet.
You cannot do subdomains with them I believe? I looked into them once before and there was a problem with it, but I do not recall what.
I've not had any problems with the subdomains. They just make you verify that you own the top level domain.... It works great so far.
-
@dafyre said:
@JaredBusch said:
@dafyre said:
For free SSL, I've been using StartCom (http://www.startssl.com/?app=32). Works great in Desktop OSes... Still not trusted on mobile devices yet.
You cannot do subdomains with them I believe? I looked into them once before and there was a problem with it, but I do not recall what.
I've not had any problems with the subdomains. They just make you verify that you own the top level domain.... It works great so far.
I never tried. I stopped when I seen this. See, I apparently was not paying attention to detail and assumed.. My cert is now created, thanks!
-
With ownCloud now working, you should secure logins with fail2ban
Install fail2ban
yum -y install fail2ban
create the initial jail file
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
add ownlcoud to the jail.local
nano /etc/fail2ban/jail.local
paste this data in at the bottom
[owncloud] enabled = true filter = owncloud port = http,https # 'This is the data path we set earlier. Change if yours is different.' logpath = /home/owncloud/data/owncloud.log
Create the owncloud filter file
nano /etc/fail2ban/filter.d/owncloud.conf
Paste in the following ONLY FOR ownCloud 8.2
Other regex patterns can be found in this thread[Definition] failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"} ignoreregex =
Start fail2ban and enable it to start on boot
systemctl start fail2ban
systemctl enable fail2ban
Note: This is only securing ownCloud. Consult the jail.local to enable other protections you may want.
-
Note, I am still having issues with getting the SELinux labels right and currently still have it set to permissive.
-
@JaredBusch said:
Note, I am still having issues with getting the SELinux labels right and currently still have it set to permissive.
Did you ever get this fixed?
-
@anonymous said:
@JaredBusch said:
Note, I am still having issues with getting the SELinux labels right and currently still have it set to permissive.
Did you ever get this fixed?
Maybe? I have installed another server and I am not having the same problems. I have not had time to track it down yet.
-
Coming back to this. Everything is running correctly with SELinux on except
fail2ban
.I have to disable SELinux in order for
fail2ban
to have access to theowncloud.log
file.[root@owncloud log]# systemctl start fail2ban Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details. [root@owncloud log]# setenforce 0 [root@owncloud log]# systemctl start fail2ban [root@owncloud log]#
-- Unit fail2ban.service has begun starting up. Feb 24 15:13:26 owncloud fail2ban-client[15984]: ERROR No file(s) found for glob /home/owncloud/data/owncloud.log Feb 24 15:13:26 owncloud fail2ban-client[15984]: ERROR Failed during configuration: Have not found any log file for owncloud ja Feb 24 15:13:26 owncloud systemd[1]: fail2ban.service: control process exited, code=exited status=255 Feb 24 15:13:26 owncloud systemd[1]: Failed to start Fail2Ban Service.
[root@owncloud log]# ls -l /home/owncloud/data/owncloud.log -rw-r-----. 1 apache apache 38136 Feb 24 15:09 /home/owncloud/data/owncloud.log [root@owncloud log]#
-
-
@aaronstuder he is editing files when there are generally commands to do it. Just been to busy to look it up.
-
** NOTE ** This post is asusming that you followed the instruction above to this point and I have not yet posted below that the instructions have been updated.
I need to find a little spare time to update my instructions, but everything is now working with SELinux enforcing.
the config and apps folder in the application directory need httpd read/write context in SELinux.
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/owncloud/apps(/.*)?' restorecon -R /var/www/html/owncloud/apps semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/owncloud/config(/.*)?' restorecon -R /var/www/html/owncloud/config
Then the owncloud.log file needs to be in the /var/log/ folder and have the httpd_log context
systemctl stop httpd mv /home/owncloud/data/owncloud.log /var/log/owncloud.log semanage fcontext -a -t httpd_log_t '/var/log/owncloud.log' restorecon /var/log/owncloud.log #-- edit the owncloud config to add a non-default log path nano /var/www/html/owncloud/config/config.php #-- insert this next to another config line 'logfile' => '/var/log/owncloud.log', #-- save and exit nano then start httpd back up systemctl start httpd
Update the fail2ban jail.local, turn on SELinux and start fail2ban
systemctl stop fail2ban sed -i -e 's/\/home\/owncloud\/data/\/var\/log/' /etc/fail2ban/jail.local setenforce 1 systemctl start fail2ban
-
So I performed this install specifically because I wanted to go through the upgrade process to oC 9.0 All I can see is to download the owncloud-files package. Is that really all that is required?
-
@wirestyle22 said:
So I performed this install specifically because I wanted to go through the uprgrade process to oC 9.0 All I can see is to download the owncloud-files package. Is that really all that is required?
If you use RPM, you should not even need to download something.
-
@scottalanmiller said:
@wirestyle22 said:
So I performed this install specifically because I wanted to go through the uprgrade process to oC 9.0 All I can see is to download the owncloud-files package. Is that really all that is required?
If you use RPM, you should not even need to download something.
RPM for owncloud-files? It will automatically download the new version?
-
@scottalanmiller said:
@wirestyle22 said:
So I performed this install specifically because I wanted to go through the uprgrade process to oC 9.0 All I can see is to download the owncloud-files package. Is that really all that is required?
If you use RPM, you should not even need to download something.
rpm --import https://download.owncloud.org/download/repositories/9.0/CentOS_7/repodata/repomd.xml.key
wget http://download.owncloud.org/download/repositories/9.0/CentOS_7/ce:9.0.repo -O /etc/yum.repos.d/ce:9.0.repo^this?