Installing ownCloud 9 on CentOS 7

scottalanmiller

@aaronstuder said:

@scottalanmiller Great!

So I did create /data now how do I encrypt it?

I'm going to need to write a whole article on this. It's been a while since I did this. But I did build the encryption infrastructure for a major financial firm, so I'm used to working with it.

dafyre

@scottalanmiller said:

@aaronstuder said:

@scottalanmiller Great!

So I did create /data now how do I encrypt it?

I'm going to need to write a whole article on this. It's been a while since I did this. But I did build the encryption infrastructure for a major financial firm, so I'm used to working with it.

What about using a library or something like encfs (https://github.com/vgough/encfs) ?

I am using it on my Plex server that is connected to my Amazon Cloud Drive. It works well.

scottalanmiller

@dafyre said:

@scottalanmiller said:

@aaronstuder said:

@scottalanmiller Great!

So I did create /data now how do I encrypt it?

I'm going to need to write a whole article on this. It's been a while since I did this. But I did build the encryption infrastructure for a major financial firm, so I'm used to working with it.

What about using a library or something like encfs (https://github.com/vgough/encfs) ?

I am using it on my Plex server that is connected to my Amazon Cloud Drive. It works well.

You don't want FUSE if you can avoid it. Why not use the built in system?

dafyre

@scottalanmiller said:

@dafyre said:

@scottalanmiller said:

@aaronstuder said:

@scottalanmiller Great!

So I did create /data now how do I encrypt it?

I'm going to need to write a whole article on this. It's been a while since I did this. But I did build the encryption infrastructure for a major financial firm, so I'm used to working with it.

What about using a library or something like encfs (https://github.com/vgough/encfs) ?

I am using it on my Plex server that is connected to my Amazon Cloud Drive. It works well.

You don't want FUSE if you can avoid it. Why not use the built in system?

I was testing out a guide using EncFS to encrypt data stored on Amazon Cloud. It works, so I haven't bothered with changing it, lol.

What are the built-in options? I'm not aware of disk / partition encryption options on Linux these days.

scottalanmiller

dm-crypt is the system in the kernel. Been there since 2.6.

scottalanmiller

Just did a new internal install with this as well. Using CentOS 7, adding the REMI Repos and moved to PHP7 and added the memory cache. Also using an external MariaDB database, also on CentOS 7.

JaredBusch

@scottalanmiller said:

Just did a new internal install with this as well. Using CentOS 7, adding the REMI Repos and moved to PHP7 and added the memory cache. Also using an external MariaDB database, also on CentOS 7.

PHP 7? that is not in the normal Remi repos. That was still beta in the repo i thought.

Dashrender

I thought PHP7 was in full release, but what do I know?

scottalanmiller

@JaredBusch said:

@scottalanmiller said:

Just did a new internal install with this as well. Using CentOS 7, adding the REMI Repos and moved to PHP7 and added the memory cache. Also using an external MariaDB database, also on CentOS 7.

PHP 7? that is not in the normal Remi repos. That was still beta in the repo i thought.

When you install the REMI repos PHP7 is one of the repos that is available. It's a separate config file from the newer 5.x repos.

scottalanmiller

@Dashrender said:

I thought PHP7 was in full release, but what do I know?

Full release of what?

JaredBusch

@scottalanmiller said:

@Dashrender said:

I thought PHP7 was in full release, but what do I know?

Full release of what?

i.e. not in beta like i mentioned because i have a bad memory.

JaredBusch

@scottalanmiller said:

@JaredBusch said:

@scottalanmiller said:

Just did a new internal install with this as well. Using CentOS 7, adding the REMI Repos and moved to PHP7 and added the memory cache. Also using an external MariaDB database, also on CentOS 7.

PHP 7? that is not in the normal Remi repos. That was still beta in the repo i thought.

When you install the REMI repos PHP7 is one of the repos that is available. It's a separate config file from the newer 5.x repos.

I guess I will set that up on my personal ownCloud and see how it acts.

scottalanmiller

@JaredBusch said:

@scottalanmiller said:

@Dashrender said:

I thought PHP7 was in full release, but what do I know?

Full release of what?

i.e. not in beta like i mentioned because i have a bad memory.

Oh okay, I thought that he was thinking that it was an option in RHEL 7 like Python 2 / Python 3 are in many releases.

scottalanmiller

@JaredBusch said:

@scottalanmiller said:

@JaredBusch said:

@scottalanmiller said:

Just did a new internal install with this as well. Using CentOS 7, adding the REMI Repos and moved to PHP7 and added the memory cache. Also using an external MariaDB database, also on CentOS 7.

PHP 7? that is not in the normal Remi repos. That was still beta in the repo i thought.

When you install the REMI repos PHP7 is one of the repos that is available. It's a separate config file from the newer 5.x repos.

I guess I will set that up on my personal ownCloud and see how it acts.

It's pretty soon here, but so far no issues to report.

scottalanmiller

I've got 1 vCPU and 2GB of RAM right now. Will increase if needed but rather doubt it. The database is external so uses no local resources. 200GB on /data which is XFS on LVM separate from the main install. PHP 7 with the memcache. Nothing fancy other than those minor changes.

JaredBusch

@scottalanmiller said:

I've got 1 vCPU and 2GB of RAM right now. Will increase if needed but rather doubt it. The database is external so uses no local resources. 200GB on /data which is XFS on LVM separate from the main install. PHP 7 with the memcache. Nothing fancy other than those minor changes.

I need to look at how to setup the partitioning manually during install because I don't want to go back to the Hypervisor later to add the drive. But I guess it is really jsut as easy to install, boot, shut down, and then add it.. then boot up, yum update, then add the drive

scottalanmiller

@JaredBusch said:

@scottalanmiller said:

I've got 1 vCPU and 2GB of RAM right now. Will increase if needed but rather doubt it. The database is external so uses no local resources. 200GB on /data which is XFS on LVM separate from the main install. PHP 7 with the memcache. Nothing fancy other than those minor changes.

I need to look at how to setup the partitioning manually during install because I don't want to go back to the Hypervisor later to add the drive. But I guess it is really jsut as easy to install, boot, shut down, and then add it.. then boot up, yum update, then add the drive

I add the drive at VM creation time (clone template, add drive, spin up.) The second drive is /dev/vdb for me, not a partition. I like this because I can control is separately from the hypervisor (all the data is on the one) and also because the base template is always identical - I know how big the root volume is going to be across the estate. Adding the second drive I use the commands from the other post that I did and it mounts it in seconds, so the extra step is trivial as long as you want a similar format. And choosing a different filesystem or naming convention or mount point is trivial.

JaredBusch

@scottalanmiller said:

@JaredBusch said:

@scottalanmiller said:

I've got 1 vCPU and 2GB of RAM right now. Will increase if needed but rather doubt it. The database is external so uses no local resources. 200GB on /data which is XFS on LVM separate from the main install. PHP 7 with the memcache. Nothing fancy other than those minor changes.

I need to look at how to setup the partitioning manually during install because I don't want to go back to the Hypervisor later to add the drive. But I guess it is really jsut as easy to install, boot, shut down, and then add it.. then boot up, yum update, then add the drive

I add the drive at VM creation time (clone template, add drive, spin up.) The second drive is /dev/vdb for me, not a partition. I like this because I can control is separately from the hypervisor (all the data is on the one) and also because the base template is always identical - I know how big the root volume is going to be across the estate. Adding the second drive I use the commands from the other post that I did and it mounts it in seconds, so the extra step is trivial as long as you want a similar format. And choosing a different filesystem or naming convention or mount point is trivial.

I understand that, but I am not generally replicating. I am setting something up on a new site for a different client. There is nothing to replicate from. So it is a matter of setting up the process to handle it each time.

wirestyle22

Any good ML documentation on best practices for securing your OwnCloud server?

JaredBusch

@wirestyle22 said:

Any good ML documentation on best practices for securing your OwnCloud server?

• Use fail2ban
• Good password security on any account with admin access
• Always keep things updated (php, apache, etc.)
• Disallow http
• maintain a valid SSL certificate
• Do not allow any port except 443 to hit the server from the public internet.