Install ownCloud 8.x on CentOS 7
-
ownCloud is REALLY making it hard to love them. My personal system setup last year has issues, but it was hacked together in CentOS 7 before the EPEL was even out for 7. I expected problems.
But this new install is now up but without disc space because I assumed (wrongly) that ownCloud would put their default data directory in whatever their install kit makes the largest ext3 partition. Nope..
The default location is /var/www/html/owncloud/data. A 50GB partition from a 300 GB vdisk.[root@owncloud ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/centos-root 50G 18G 33G 36% / devtmpfs 232M 0 232M 0% /dev tmpfs 241M 0 241M 0% /dev/shm tmpfs 241M 4.3M 236M 2% /run tmpfs 241M 0 241M 0% /sys/fs/cgroup /dev/sda2 497M 129M 368M 26% /boot /dev/sda1 200M 9.8M 191M 5% /boot/efi /dev/mapper/centos-home 249G 33M 249G 1% /home
-
I moved everything easily enough, but my point is that a default install should handle this.
To move everything shut down the webserver
systemctl stop httpd
Create the directory structure up to just before the /data folder. IN my case I wanted to simply move it to /home/owncloud/data.
mkdir /home/owncloud
Now move the data folder.
mv /var/www/html/owncloud/data /home/owncloud/data
Change ownership to apache
chown -R apache:apache /home/owncloud/data
Update SELinux
semanage fcontext -a -t httpd_sys_rw_content_t "/home/owncloud/data(/.*)?"
Edit the ownCloud config file to reflect the new location
sed -i -e 's/\/var\/www\/html\/owncloud\/data/\/home\/owncloud\/data/' /var/www/html/owncloud/config/config.php
Restart the webserver
systemctl start httpd
-
Now it all looks like this.
[root@owncloud ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/centos-root 50G 1.4G 49G 3% / devtmpfs 232M 0 232M 0% /dev tmpfs 241M 0 241M 0% /dev/shm tmpfs 241M 4.3M 236M 2% /run tmpfs 241M 0 241M 0% /sys/fs/cgroup /dev/sda2 497M 129M 368M 26% /boot /dev/sda1 200M 9.8M 191M 5% /boot/efi /dev/mapper/centos-home 249G 34G 215G 14% /home
-
@JaredBusch said:
@dafyre said:
For free SSL, I've been using StartCom (http://www.startssl.com/?app=32). Works great in Desktop OSes... Still not trusted on mobile devices yet.
You cannot do subdomains with them I believe? I looked into them once before and there was a problem with it, but I do not recall what.
I've not had any problems with the subdomains. They just make you verify that you own the top level domain.... It works great so far.
-
@dafyre said:
@JaredBusch said:
@dafyre said:
For free SSL, I've been using StartCom (http://www.startssl.com/?app=32). Works great in Desktop OSes... Still not trusted on mobile devices yet.
You cannot do subdomains with them I believe? I looked into them once before and there was a problem with it, but I do not recall what.
I've not had any problems with the subdomains. They just make you verify that you own the top level domain.... It works great so far.
I never tried. I stopped when I seen this. See, I apparently was not paying attention to detail and assumed.. My cert is now created, thanks!
-
With ownCloud now working, you should secure logins with fail2ban
Install fail2ban
yum -y install fail2ban
create the initial jail file
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
add ownlcoud to the jail.local
nano /etc/fail2ban/jail.local
paste this data in at the bottom
[owncloud] enabled = true filter = owncloud port = http,https # 'This is the data path we set earlier. Change if yours is different.' logpath = /home/owncloud/data/owncloud.log
Create the owncloud filter file
nano /etc/fail2ban/filter.d/owncloud.conf
Paste in the following ONLY FOR ownCloud 8.2
Other regex patterns can be found in this thread[Definition] failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"} ignoreregex =
Start fail2ban and enable it to start on boot
systemctl start fail2ban
systemctl enable fail2ban
Note: This is only securing ownCloud. Consult the jail.local to enable other protections you may want.
-
Note, I am still having issues with getting the SELinux labels right and currently still have it set to permissive.
-
@JaredBusch said:
Note, I am still having issues with getting the SELinux labels right and currently still have it set to permissive.
Did you ever get this fixed?
-
@anonymous said:
@JaredBusch said:
Note, I am still having issues with getting the SELinux labels right and currently still have it set to permissive.
Did you ever get this fixed?
Maybe? I have installed another server and I am not having the same problems. I have not had time to track it down yet.
-
Coming back to this. Everything is running correctly with SELinux on except
fail2ban
.I have to disable SELinux in order for
fail2ban
to have access to theowncloud.log
file.[root@owncloud log]# systemctl start fail2ban Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details. [root@owncloud log]# setenforce 0 [root@owncloud log]# systemctl start fail2ban [root@owncloud log]#
-- Unit fail2ban.service has begun starting up. Feb 24 15:13:26 owncloud fail2ban-client[15984]: ERROR No file(s) found for glob /home/owncloud/data/owncloud.log Feb 24 15:13:26 owncloud fail2ban-client[15984]: ERROR Failed during configuration: Have not found any log file for owncloud ja Feb 24 15:13:26 owncloud systemd[1]: fail2ban.service: control process exited, code=exited status=255 Feb 24 15:13:26 owncloud systemd[1]: Failed to start Fail2Ban Service.
[root@owncloud log]# ls -l /home/owncloud/data/owncloud.log -rw-r-----. 1 apache apache 38136 Feb 24 15:09 /home/owncloud/data/owncloud.log [root@owncloud log]#
-
-
@aaronstuder he is editing files when there are generally commands to do it. Just been to busy to look it up.
-
** NOTE ** This post is asusming that you followed the instruction above to this point and I have not yet posted below that the instructions have been updated.
I need to find a little spare time to update my instructions, but everything is now working with SELinux enforcing.
the config and apps folder in the application directory need httpd read/write context in SELinux.
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/owncloud/apps(/.*)?' restorecon -R /var/www/html/owncloud/apps semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/owncloud/config(/.*)?' restorecon -R /var/www/html/owncloud/config
Then the owncloud.log file needs to be in the /var/log/ folder and have the httpd_log context
systemctl stop httpd mv /home/owncloud/data/owncloud.log /var/log/owncloud.log semanage fcontext -a -t httpd_log_t '/var/log/owncloud.log' restorecon /var/log/owncloud.log #-- edit the owncloud config to add a non-default log path nano /var/www/html/owncloud/config/config.php #-- insert this next to another config line 'logfile' => '/var/log/owncloud.log', #-- save and exit nano then start httpd back up systemctl start httpd
Update the fail2ban jail.local, turn on SELinux and start fail2ban
systemctl stop fail2ban sed -i -e 's/\/home\/owncloud\/data/\/var\/log/' /etc/fail2ban/jail.local setenforce 1 systemctl start fail2ban
-
So I performed this install specifically because I wanted to go through the upgrade process to oC 9.0 All I can see is to download the owncloud-files package. Is that really all that is required?
-
@wirestyle22 said:
So I performed this install specifically because I wanted to go through the uprgrade process to oC 9.0 All I can see is to download the owncloud-files package. Is that really all that is required?
If you use RPM, you should not even need to download something.
-
@scottalanmiller said:
@wirestyle22 said:
So I performed this install specifically because I wanted to go through the uprgrade process to oC 9.0 All I can see is to download the owncloud-files package. Is that really all that is required?
If you use RPM, you should not even need to download something.
RPM for owncloud-files? It will automatically download the new version?
-
@scottalanmiller said:
@wirestyle22 said:
So I performed this install specifically because I wanted to go through the uprgrade process to oC 9.0 All I can see is to download the owncloud-files package. Is that really all that is required?
If you use RPM, you should not even need to download something.
rpm --import https://download.owncloud.org/download/repositories/9.0/CentOS_7/repodata/repomd.xml.key
wget http://download.owncloud.org/download/repositories/9.0/CentOS_7/ce:9.0.repo -O /etc/yum.repos.d/ce:9.0.repo^this?
-
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
So I performed this install specifically because I wanted to go through the uprgrade process to oC 9.0 All I can see is to download the owncloud-files package. Is that really all that is required?
If you use RPM, you should not even need to download something.
rpm --import https://download.owncloud.org/download/repositories/9.0/CentOS_7/repodata/repomd.xml.key
wget http://download.owncloud.org/download/repositories/9.0/CentOS_7/ce:9.0.repo -O /etc/yum.repos.d/ce:9.0.repo^this?
Ah yes, you need the repo. But nothing beyond that.
-
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
So I performed this install specifically because I wanted to go through the uprgrade process to oC 9.0 All I can see is to download the owncloud-files package. Is that really all that is required?
If you use RPM, you should not even need to download something.
rpm --import https://download.owncloud.org/download/repositories/9.0/CentOS_7/repodata/repomd.xml.key
wget http://download.owncloud.org/download/repositories/9.0/CentOS_7/ce:9.0.repo -O /etc/yum.repos.d/ce:9.0.repo^this?
Ah yes, you need the repo. But nothing beyond that.
so just the bottom line or both parts? (sorry)
-
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
@scottalanmiller said:
@wirestyle22 said:
So I performed this install specifically because I wanted to go through the uprgrade process to oC 9.0 All I can see is to download the owncloud-files package. Is that really all that is required?
If you use RPM, you should not even need to download something.
rpm --import https://download.owncloud.org/download/repositories/9.0/CentOS_7/repodata/repomd.xml.key
wget http://download.owncloud.org/download/repositories/9.0/CentOS_7/ce:9.0.repo -O /etc/yum.repos.d/ce:9.0.repo^this?
Ah yes, you need the repo. But nothing beyond that.
so just the bottom line or both parts? (sorry)
You CAN skip the key, but it is good to have it.