Building a Home File Server with ownCloud 4.5 and Subsonic

Copyright © 2013 Brendan Kidwell. Permission is granted to copy, distribute and/or modify this document under the terms of the Attribution-NonCommercial-ShareAlike 3.0 Unported License.

Introduction

Over the last few years we’ve seen “cloud storage” become a popular kind of service for home users. Services like Dropbox make it easy to synchronize your files across many devicesm.

But these “cloud” services are inherently untrustworthy. While Dropbox assures us that they aren’t looking at our data and wouldn’t use it against us (at least not without a warrnat), ultimately they are in control of our data and we must blindly trust that they don’t screw up. They have screwed up in the past, badly.

The problem with trusting Dropbox to keep your data private isn’t Dropbox’s poor security, it’s the notion of trusting any third party at all. Some people prefer to build their own solution instead of trusting a service to keep their data safe.

Open source software developers have watched how people use “cloud” services and have been working on their own alternatives which rely on freely available software and the user optionally owning and/or physically controlling the machine the software runs on. Now, setting up your own “cloud” server doesn’t necessarily guarantee that you’re perfectly protected from a security breach — nothing is perfect, and honestly you could do something wrong that leaves you vulnerable — but at least you’re not vulnerable as one among many thousands of users who may be affected by a hack or a government attack on a popular “cloud” service.

In this article I will introduce two applications you can use to build your own “cloud” server, ownCloud 4.5 (not yet updated for ownCloud 5.0) and Subsonic. ownCloud is a file sharing platform that provides a web page interface to upload, download, and read your files as well as a number of synchronization clients to help you keep your files up to date on many devices automatically. Subsonic is a web-based audio and video collection application that lets you play your files in any browser on any device.

owncloud_example

I presented this project at the Greater Boston Desktop GNU/Linux Users Group meetup on 6 February 2013. Download the talk here:

Project Overview

The system I describe in this guide is a web server that you host in your own home network or optionally at a remote hosting facility. It provides the following:

  • A web interface to upload, browse, and download your personal files. Optionally more than one user can each have their own private libraries
  • A WebDAV interface that allows you to mount your file collection directly in a file manager
  • An API that allows automatic syncing of selected folders, across more than one client (like Dropbox)
  • A web interface for searching and streaming your audio and video files directly in a browser

data_flow

We will setup an Nginx web server as the front-end, and install ownCloud in the context /owncloud and Subsonic in the context /subsonic. For ease of access, instead of relying on Subsonic’s rudimentary upload interface or some external method, we will configure Subsonic to index and play files from folders Audio and Video in the ownCloud installation.

Prerequisites and Materials

This howto guide assumes that you have at least an intermediate understanding of Linux, including how to install it from scratch on a spare computer, installing packages, editing configuration files, etc. Most of the commands and package names given in the guide are specific to Debian-based and/or Ubuntu-based systems (Ubuntu is a descendant of Debian) but if you know another free software OS very well, you can easily follow along and translate where necessary.

In fact, all of the software described will run just fine on Windows or OS X as well as Linux and BSD operating systems. If you want to follow the guide literally step-by-step, you should use Ubuntu as your OS.

You will need:

  • A spare computer or a leased server or virtual machine in a data center like prgmr.com or Amazon EC2
    • At least 384MiB of RAM (the more the merrier; if you can have lots of RAM, start with 2GiB)
    • Enough storage capacity to accommodate all the files you’re planning to store on the system
  • Your favorite operating system — this guide will use Lubuntu because it comes with a newbie-friendly but very lightweight desktop interface which maybe be easier for some people to use than the text-only Ubuntu Server edition.
  • A network connection — You will need Internet connectivity to setup the server and install the software, but after that it’s possible to use the server in a mode either accessible from the Internet or not according to your preference.

As a bare minimum estimate, it will take at least an evening to build the system, but you should allow yourself a couple of days to take your time to understand the components and customize the software to suit your needs.

Setting Up and Configuring the Server Machine

To start with, you need a physical machine or a virtual machine installed somewhere — either in the corner of your living room or at a hosting provider. Install the OS if it’s not already installed; instructions for writing a boot thumbdrive or DVD and installing Lubuntu are provided on the Lubuntu web site.

Static IP Address

The first thing you want to do is ensure that your server has a static IP address. If you are using a remotely hosted server, you can skip this step; your hosting provider will have already setup an Internet-accessible static IP address on your machine for you.

Normally when you connect a new computer to your home network, your router automatically assigns it the next available IP address in its dynamic address pool, which is typically in the range 192.168.1.100 to 192.168.1.199. Since other machines are going be to making inbound connections to your server, they need to know ahead of time what the address is; if you let the router assign the address dynamically, it may not be the same value in a few months as it is today.

Before you assign a static IP address to your server, you need to know what IP addresses you can use that are not in the pool used by your router for dynamic addresses. On your server, open a command prompt window and run the nm-tool command.

$ nm-tool
 
NetworkManager Tool
 
State: connected (global)
 
- Device: eth1  [nat] ----------------------------------------------------------
  Type:              Wired
  Driver:            e1000
  State:             connected
  Default:           yes
  HW Address:        08:00:27:4C:DB:F3
 
  Capabilities:
    Carrier Detect:  yes
    Speed:           1000 Mb/s
 
  Wired Properties
    Carrier:         on
 
  IPv4 Settings:
    Address:         192.168.1.103
    Prefix:          24 (255.255.255.0)
    Gateway:         192.168.1.1
 
    DNS:             192.168.1.1

Make a note of the values “Address”, “Prefix”, “Gateway”, and “DNS”. (DNS may have more than one value.)

The “Address” value is the current dynamic IP address assigned to your server. The last byte is probably 100 or not much above it. A good rule of thumb is to setup your static IP address with the same first three byes and the last changed to 50, for example 192.168.1.50. Make a note of this new value you choose as your “Static IP Address”.

Now, in your Applications menu, go to Preferences -> Network Connections. Select the active network connection and click the Edit button.

edit_network_connection

Go to the IPv4 Settings tab. Set Method to Manual. Fill in one Address using the value you wrote down before for “Static IP Address”. The Netmask column will have the part in parentheses from the Prefix value in the nm-tool output. The Gateway column will have same value as in nm-tool. And last, fill in your DNS server(s), separated by spaces.

Click Save. Now open up a web browser and try to view a web page from the Internet. Hopefully everything worked and now you have a static IP address that can be known to all the clients that will connect to the server.

The directions given here are of a kind of quick and dirty rule-of-thumb style. It should for most people who don’t already have any servers with static IP addresses setup in their home network. More advanced users should use their home router’s configuration pages to manage statically assigned IP addresses, but this is beyond the scope of this howto guide.

Hostname

Optionally, you may want to setup a hostname for the server so you don’t have to have to remember the static IP address you assigned to it. There are a number of methods for doing this, but the simplest is to edit the hosts file on each client machine (not the server!):

$ sudo nano /etc/hosts

Add the following to the end of the file:

192.168.1.50 files

Type Ctrl + x to save and quit.

This maps the IP address 192.168.1.50 to the hostname files. We will use the hostname files to refer to the server for the rest of this guide. Make sure you fill in your actual static IP address from the previous step if it’s different from mine.

For Windows clients, the procedure is nearly the same. Click Start; type “cmd“; right-click on the result and select Run as Administrator. Then run

notepad C:\Windows\System32\Drivers\etc\hosts

and add the mapping to the file the same as above, then save and quit Notepad. The file format is the same as for a Unix machine.

Now in a command prompt window make sure you can ping the server:

$ ping files
PING files (192.168.1.50) 56(84) bytes of data.
64 bytes from files (192.168.1.50): icmp_req=1 ttl=64 time=1.08 ms
64 bytes from files (192.168.1.50): icmp_req=2 ttl=64 time=0.377 ms
^C
--- files ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.377/0.730/1.084/0.354 ms

Hit Ctrl + c to stop the ping command. If you’re not getting a response, the server isn’t online or you did something wrong.

Create ‘files’ User

The last step before installing the applications is to create a new user under whose account the applications will run. When you installed OS, you probably created an account for yourself (for example, my login name is brendan). You might in the future want to use this server for other things like remote desktop service or possibly running a TV. The user account for the server applications should be different.

In the server’s Applications menu, go to System Tools -> Users and Groups. Create a new user called files (since this will be for file server applications). Set the Account Type to Administrator.

user_settings

Then click the Manage Groups button and make sure that files is a member of the sudo group. This will allow you to perform all the rest of the installation steps in this guide while logged in as files.

SSH Server

Depending on where your server lives and what else it’s doing, you may or may not decide to perform the rest of the installation remotely. You definitely don’t need to be at the server’s hardware console from here on. You just have to enable remote SSH access. Open a command prompt window on the server and install openssh-server.

$ sudo apt-get install openssh-server

Now from your favorite desktop or laptop you should be able to remotely log in:

$ ssh files@files

For the rest of this guide, unless otherwise stated, when I give command prompt instructions, I’ll assume you’re SSHed in as user files on the server files.

Install Nginx Web Server, PHP, MySQL, and Java

Apache is the default web server on Ubuntu but I find that Nginx’s configuration is easier to understand and manage, so this guide uses Nginx.

ownCloud is a PHP application that uses a MySQL database, and Subsonic is a Java application. So install all these prerequisites as well as some additional packages needed by ownCloud:

$ sudo apt-get install curl libcurl3 mysql-server nginx openjdk-6-jre \
php-apc php-xml-parser php5-cgi php5-curl php5-gd php5-intl php5-mysql \
php5-sqlite smbclient

Be sure to remember the root password you set when you install mysql.

Nginx doesn’t integrate automatically with PHP, but it doesn’t take a lot of work to set it up. Unlike some other web server setups where PHP is loaded as a library running inisde the web server, to use PHP with Nginx, PHP needs to be always running as its own process, ready to service requests using the FastCGI protocol. To setup PHP as a FastCGI server, create a new Upstart configuration file for it:

$ sudo nano /etc/init/php-fastcgi-files.conf

Put this in the file and hit CTRL-X to save and quit:

# /etc/init/php-fastcgi-files.conf
# php-fastcgi-files - starts php-cgi as an external FASTCGI process
description "php-fastcgi-files - keep up php-fastcgi"
start on runlevel [2345]
stop on runlevel [!2345]
respawn
exec /usr/bin/sudo -u files PHP_FCGI_CHILDREN=5 PHP_FCGI_MAX_REQUESTS=125 /usr/bin/php-cgi -q -b /tmp/php-fastcgi-files.socket

This sets up an Upstart job that runs in the background as a service. The job launches PHP as a FastCGI server running as the user files and using the Unix socket in /tmp/php-fastcgi-files.socket to communicate with clients.

Start the service.

$ sudo service php-fastcgi-files start
php-fastcgi-files start/running, process 10098

Next, edit the default Nginx site configuration file to make Nginx aware of this socket:

$ sudo nano /etc/nginx/sites-available/default

Add the following to the top of the file:

upstream phpfiles {
  server unix:/tmp/php-fastcgi-files.socket;
}

Finally, add this line to the end of the server section, inside that section, near the bottom of the file:

  include apps/*.conf;

This makes it easy to run several applications on the same host name, IP address, and port number, and still keep separate configuration files for each application. Save and quit with Ctrl + x.

phpMyAdmin

The last prerequisite and the first actual application I suggest installing is phpMyAdmin. ownCloud will only need one MySQL database, and it is possible to simply create it from the command line, but in case you want to install other MySQL-based applications and perform backups and other maintenance, phpMyAdmin will make things a lot easier.

On your personal desktop computer, go to http://www.phpmyadmin.net/home_page/downloads.php and follow the link for the latest version of phpMyAdmin. It’s easiest if you get one of the bz2 files, either phpMyAdmin-*-all-languages.tar.bz2 or phpMyAdmin-*-english.tar.bz2. Now use a file transfer tool to copy the downloaded file to a new folder on the server /home/files/Apps. My favorite file transfer tool is FileZilla, but anything that supports SSH/SFTP will work.

Now go to your SSH command prompt session on the server and extract the file.

$ mkdir ~/Apps
$ cd ~/Apps
$ tar -jxf phpMyAdmin-3.5.6-all-languages.tar.bz2
$ mv phpMyAdmin-3.5.6-all-languages phpmyadmin

Configure Nginx to find phpMyAdmin.

$ sudo mkdir /etc/nginx/apps
$ sudo nano /etc/nginx/apps/phpmyadmin.conf

Add this to the config file, save and quit:

rewrite ^/phpmyadmin$ /phpmyadmin/ permanent;
location /phpmyadmin/ {
  alias /home/files/Apps/phpmyadmin/;
  index index.php;
}
location ~ ^/phpmyadmin/(.*\.php)$ {
  root /home/files/Apps;
  fastcgi_intercept_errors on;
  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  fastcgi_pass phpfiles;
  include fastcgi_params;
}

This configuration file tells Nginx first to redirect any request for /phpmyadin to /phpmyadmin/ in case you forget the slash when you type the URL. Next it says that anywhere in the phpmyadmin folder, if a file is not specified in the request, look for index.php and run that. Finally it configures PHP as a request handler for PHP files, with /home/files/Apps as the document root folder for this application (i.e. /phpmyadmin maps to /home/files/Apps/phpmyadmin) and enables. The fastcgi_pass phpfiles command refers to the phpfiles upstream FastCGI process we configured in the previous step.

Restart Nginx to make the configuration take effect.

$ sudo service nginx restart
Restarting nginx: nginx.

Create a config folder.

$ cd ~/Apps/phpmyadmin
$ mkdir config
$ chmod o+rw config

Go to http://files/phpmyadmin/setup/ . Click the New Server button, then Save on the Edit Server screen, and finally Save on the Overview screen. Back in the command prompt, install the configuration and remove the temporary folder.

$ mv config/config.inc.php .
$ chmod o-rw config.inc.php
$ rm -rf config

phpMyAdmin should be all set to use at http://files/phpmyadmin/ now. Log in as the MySQL root user.

phpmyadmin

Finally you’re ready to install ownCloud and Subsonic.

Installing ownCloud

ownCloud provides automated installation packages for major Linux distributions but since it uses Ubuntu’s default Apache web server and this guide uses Nginx, you will have to download the ownCloud tar archive distribution instead of the installer. In your browser, go to http://owncloud.org/support/install/ and click the .tar Archive button. Right-click on the download link provided and copy it to the clipboard. Go to your SSH session on the server and download the URL.

$ cd ~/Apps
$ wget [SHIFT-INS to paste URL here...]
--2013-02-05 02:02:16--  http://mirrors.owncloud.org/releases/owncloud-4.5.6.tar.bz2
Resolving mirrors.owncloud.org (mirrors.owncloud.org)... 50.30.42.17
Connecting to mirrors.owncloud.org (mirrors.owncloud.org)|50.30.42.17|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://owncloud.org/releases/owncloud-4.5.6.tar.bz2 [following]
--2013-02-05 02:02:16--  http://owncloud.org/releases/owncloud-4.5.6.tar.bz2
Resolving owncloud.org (owncloud.org)... 50.30.42.17
Reusing existing connection to mirrors.owncloud.org:80.
HTTP request sent, awaiting response... 200 OK
Length: 9161189 (8.7M) [application/x-bzip]
Saving to: `owncloud-4.5.6.tar.bz2'
 
100%[=====================================>] 9,161,189    434K/s   in 18s
 
2013-02-05 02:02:34 (484 KB/s) - `owncloud-4.5.6.tar.bz2' saved [9161189/9161189]
 
$ tar -jxf owncloud-4.5.6.tar.bz2

Before you configure ownCloud itself, you need to fix the maximum file upload size in PHP; its default is very small. Edit php.ini.

$ sudo nano /etc/php5/cgi/php.ini

Use the Ctrl + w “Where Is” command to search for and change the two settings post_max_size and upload_max_filesize to a comfortable value like 2000M (which is 2GB). Save and quit with Ctrl + x.

Restart PHP.

$ sudo service php-fastcgi-files restart
php-fastcgi-files stop/waiting
php-fastcgi-files start/running, process 13128

Install ownCloud into Nginx.

$ sudo nano /etc/nginx/apps/owncloud.conf

Add this to the config file, save and quit:

client_max_body_size 2000M;
 
rewrite ^/owncloud$ /owncloud/ permanent;
location /owncloud/ {
  alias /home/files/Apps/owncloud/;
  index index.php;
  try_files $uri $uri/ @owncloudwebdav;
}
location @owncloudwebdav {
  root /home/files/Apps;
  fastcgi_split_path_info ^(.+\.php)(/.*)$;
  fastcgi_pass phpfiles;
  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  include fastcgi_params;
}
location ~ ^/owncloud/(.*\.php)$ {
  root /home/files/Apps;
  fastcgi_intercept_errors on;
  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  fastcgi_pass phpfiles;
  include fastcgi_params;
}
 
location ~ ^/owncloud/(data|config|\.ht|db_structure\.xml|README) {
  deny all;
}

Restart Nginx.

$ sudo service nginx restart
Restarting nginx: nginx.

Go to phpMyAdmin at http://files/phpmyadmin/ . Go to Users and create a new user called owncloud with an accompanying database with the same name; the user creation screen lets you do both with one command.

create_owncloud_db

Now you can go to ownCloud and configure it. Go to http://files/owncloud/ and it prompts you to create an admin user. Create a user with your usual login name (for example brendan), with a password. Be sure to click the Advanced twisty and fill in the database settings.

owncloud_setup

Set the database type to MySQL and the username and database name to owncloud. Set the database host to localhost. Fill in your database password. Click Finish.

ownCloud is now ready to use.

Installing Subsonic

Subsonic also provides an automated install package which installs the application with its own built-in Java application server on port 4040. We’ll go ahead and use that.

In your browser, go to http://www.subsonic.org/pages/download.jsp and follow the link for “Debian/Ubuntu” installer. Use a file transfer tool to copy the downloaded file to /home/files on your file server. Run the installer.

$ sudo dpkg -i subsonic-4.7.deb 
Selecting previously unselected package subsonic.
(Reading database ... 140080 files and directories currently installed.)
Unpacking subsonic (from subsonic-4.7.deb) ...
Setting up subsonic (4.7) ...
 Adding system startup for /etc/init.d/subsonic ...
   /etc/rc0.d/K99subsonic -> ../init.d/subsonic
   /etc/rc1.d/K99subsonic -> ../init.d/subsonic
   /etc/rc6.d/K99subsonic -> ../init.d/subsonic
   /etc/rc2.d/S99subsonic -> ../init.d/subsonic
   /etc/rc3.d/S99subsonic -> ../init.d/subsonic
   /etc/rc4.d/S99subsonic -> ../init.d/subsonic
   /etc/rc5.d/S99subsonic -> ../init.d/subsonic
Started Subsonic [PID 2998, /var/subsonic/subsonic_sh.log]
Processing triggers for ureadahead ...

By default, Subsonic runs as the user root, but this needs to be changed to files.

$ sudo nano /etc/default/subsonic

Add one line, save and quit:

SUBSONIC_USER=files

Create Subsonic’s data folder:

$ sudo mkdir -p /var/subsonic
$ sudo chown -R files.files /var/subsonic

Since we aren’t running Subsonic in the root of the web server’s directory space, you need to edit Subsonic’s context path.

$ sudo nano /usr/share/subsonic/subsonic.sh

Change the line for SUBSONIC_CONTEXT_PATH to the value /subsonic (make sure there is no slash at the end), save and quit.

Restart the Subsonic service.

$ sudo service subsonic restart
 * Restarting Subsonic Daemon subsonic
Started Subsonic [PID 14178, /var/subsonic/subsonic_sh.log]
   ...done.

Install Subsonic into Nginx.

$ sudo nano /etc/nginx/apps/subsonic.conf

Add this to the config file, save and quit:

rewrite ^/subsonic$ /subsonic/ permanent;
location /subsonic/ {
  proxy_pass http://localhost:4040;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header Host $http_host;
}

Restart Nginx.

$ sudo service nginx restart
Restarting nginx: nginx.

Go to your new Subsonic instance and set it up, starting at http://files/subsonic/ . For your first login, you will log in as admin with the password admin.

On the next page, click link #1 for Change administrator password. Go back to http://files/subsonic/ and log in again.

Now click the #2 link for Set up media folders. You should create media folders in ownCloud so that the files are accessible there and in Subsonic. Open a new tab and go to http://files/owncloud/ . In the ownCloud tab, create two folders called Audio and Video in the top level of your Files area.

owncloud_new_folders

You’ll need to know the filesystem paths for those two folders. If you browse in ownCloud’s application folder, you’ll find a folder like this one:

$ cd ~/Apps/owncloud/data/brendan/files
$ ls
Audio  Video

So that paths will be

  • /home/files/Apps/owncloud/data/USERNAME/files/Audio
  • /home/files/Apps/owncloud/data/USERNAME/files/Video

Back in your browser’s Subsonic tab, write these into the Media folders screen you left open.

subsonic_media_folders

Scroll down to the bottom and click Save. Last, you can go back to Subsonic’s Home screen and click Don’t show this again. You don’t need to use the #3 link to setup a subsonic.org host name.

Finally, upload some media files into a new subfolder under Audio or Video using ownCloud. Go to Subsonic -> Settings -> Media folders -> Scan media folders now to rescan the media files. Now go back to Subsonic’s Home screen and you should see your files.

subsonic_loaded_files

Using the ownCloud and Subsonic Applications

As you have seen during the configuration phase of this project, a web browser that can make a connection to the server is all you need to access the two applications.

WebDAV Access

One of the most common non-browser access methods you’ll probably want will be WebDAV, which you can connect directly to from your file manager or file transfer tool.

Nautilus allows you to mount a WebDAV share as if it were a local folder and open files directly in local applications directly from the mounted folder. To do that, go to File -> Connect to Server, and fill in these details:

webdav_connect

Server hostname goes here
Type WebDAV
Folder /owncloud/remote.php/webdav
User name your user name
Password your password

And you should see a new share in the Places pane like this:

webdav_in_nautilus

Automatically Synchronizing Local Files to the Server

This is also easy. Just download the sync client for your OS here: http://owncloud.org/sync-clients/

The ownCloud Client will automatically create folder in your ownCloud file space called clientsync and sync that to ~/ownCloud on every device you install it on. If you have seen Dropbox, the operation of ownCloud Client should be familiar to you. Whenever you change a file on any synced machine, it is automatically queued to have its changes pushed to your ownCloud file space. If you are online now, the changes are pushed right away. In the other direction, ownCloud client automatically detects and downloads and changes from your ownCloud file space when other machines have pushed updates.

It is important to note that ownCloud Client does not sync all files in your online storage space — by default it ignores everything in other folders besides clientsync; if it didn’t do this, you might quickly find that your movies or other large files are being needlessly pushed to all your computers and taking up too much local storage space.

Advanced Configuration

Access from Outside Your Local Network

If you want to be able to access your server from everywhere on the Internet, you need to provide some kind of inbound connectivity to it. If your server is in a remote hosting facility, then of course you already have remote access to it. On the other hand, if your server lives at home, you probably have a NAT (network address translation)-style router that doesn’t allow anyone from the outside to connect to local devices on the inside, by default. This industry standard default configuration is of course for your own safety, so that you don’t have to worry so much about the security of every laptop and XBox on your network.

Most routers allow you to setup “port forwarding”. For example, if you’re running the aftermarket “DD-WRT” router operating system, instructions are provided here: http://www.dd-wrt.com/wiki/index.php/Port_Forwarding . In general, somewhere in the router’s configuration pages there should be a Port Forwarding function — it might be under a section called Appications & Gaming. Configure a mapping that allows remote connections on port 80 to be forwarded through to the IP address 192.168.1.50 (or whatever static IP address you assigned) on port 80.

Now if you note the “public” or “WAN” IP address on your router’s status page, you should be able to connect to that address in any web browser on the public Internet.

Internet Host Name

Of course, you’re probably not going to want to remember the public IP address of your router. There are services on the Internet that provide DNS names for your publicly accessible IP addresses. DynDNS is my favorite, and I recommend them, but their service does cost $20/year. There may be worthwhile free services comparable to DynDNS.

From a service like DynDNS, you will get a hostname like brendan-server.example-personal-dns-service.com which will always resolve to whatever public IP address you give it. Once you get that far, you can even install a tool like ddclient on your server which will periodically ping a public IP address lookup service (“Q: Hi I’m ddclient on Brendan’s computer. What public IP address am I connecting from?” “A: Hi ddclient. You are using 1.2.3.4.”) and then tell your DNS provider if the IP address ever changes.

Encrypting Traffic with TLS

And finally, if you’re connecting to your server over the public Internet, you should probably look into setting up HTTPS access instead of HTTP, to make sure no one steals your passwords or data while you use your server.

This subject can be scary for a non-expert, but it is possible to set up HTTPS by yourself.

HTTPS uses the TLS protocol’s public key cryptography implementation run HTTP over a secure channel. In public key cryptography, each party has a “public key” and a “private key”. If I encrypt a message with your “public key” and send it to you, only you can decrypt that message using your “private key”. Proving the authenticity of a message works in the other direction. I can run the encryption protocol on a hash (a signature) of a message using my private key, and send it to you to be decrypted by my public key. From these primitive operations, you can setup a lot of useful secure communication. (The implementation details get complicated very quickly; in fact once a connection is established, TLS uses symmetric encryption instead of public key encryption because it’s faster.)

The critical bootstrapping problem here is to prove that the “public key” that a random client gets for your server is in fact the real key belonging to your server. This is where “SSL/TLS certificates” come into play. Your browser comes pre-configured with the public keys of a number of known trusted “certificate authorities”. You need to get your key signed by one of those CAs … or by a CA whose key is in turned signed by one of the root CAs.

Signed certificates can be expensive. Most people don’t know this, but there is a certificate authority called Start SSL which provides basic signed certificates for free. Sign up for a StartSSL certificate and follow their instructions. They even have a page explaining explicitly how to install the certificate in Nginx!

After that, don’t forget to go through your Nginx configuration and your forwarded ports on your router to make sure that you’re using port 443 (HTTPS) in addition to, or instead of, port 80 (HTTP). Refer to the Nginx manual for more details about how to setup HTTPS.

21 thoughts on “Building a Home File Server with ownCloud 4.5 and Subsonic

  1. Having run into the same issue with the “upgrading filesystem cache” message and doing some internet trolling to resolve the issue I came across an article (https://forum.owncloud.org/viewtopic.php?f=23&t=9193) that suggested the following addition to my /etc/nginx/apps/owncloud.conf file:

    location ~ ^/owncloud/(.*\.php)$ {
    fastcgi_split_path_info ^(.+\.php)(/.*)$; <—— I added this line

    }

    After a quick restart of the nginx service and a logout/login of my account proved to resolve the issue. I can now get into OwnCloud without any issues…

  2. I am stuck at the following
    Finally, add this line to the end of the server section, inside that section, near the bottom of the file:

    include apps/*.conf;

    I am unsure as to where exactly it goes.

    Would this cause phpmyadmin not to be available?

    Thanks
    carltonb

  3. I am slowly starting to upgrade my home file server, installing owncloud and subsonic per your article. I am wondering why you used owncloud 4.x and not 5.x? Also wondering if any component in this solution requires the X window system; if not it seems safer to run the server without it.

    Thanks for posting. My old server just uses NFS for file sharing. This solution should be spiffier.

    • I covered 4.5 in my talk and in this article because 4.5 was current at the time. 5.0 came out a few weeks later and I found that my Nginx config recipes don’t quite work with 5.0, and I have not had time to come back here and edit the article; sorry. If you use Apache (the web server standard in Debian in Ubuntu) it’ll probably be pretty easy.

      Do you need an X Window system? No. I wrote this article for newbies and I assumed they’d be using one. ownCloud the server app does not require access to a desktop in order to configure or run.

Leave a Reply

Please view the Comment Policy before submitting a comment.
 

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>