Building a Home File Server with ownCloud 4.5 and Subsonic
Copyright © 2013 Brendan Kidwell. Permission is granted to copy, distribute and/or modify this document under the terms of the Attribution-NonCommercial-ShareAlike 3.0 Unported License.
Introduction
Over the last few years we've seen “cloud storage” become a popular kind of service for home users. Services like Dropbox make it easy to synchronize your files across many devicesm.
But these “cloud” services are inherently untrustworthy. While Dropbox assures us that they aren't looking at our data and wouldn't use it against us (at least not without a warrant), ultimately they are in control of our data and we must blindly trust that they don't screw up. They have screwed up in the past, badly.
The problem with trusting Dropbox to keep your data private isn't Dropbox's poor security, it's the notion of trusting any third party at all. Some people prefer to build their own solution instead of trusting a service to keep their data safe.
Open source software developers have watched how people use “cloud” services and have been working on their own alternatives which rely on freely available software and the user optionally owning and/or physically controlling the machine the software runs on. Now, setting up your own “cloud” server doesn't necessarily guarantee that you're perfectly protected from a security breach — nothing is perfect, and honestly you could do something wrong that leaves you vulnerable — but at least you're not vulnerable as one among many thousands of users who may be affected by a hack or a government attack on a popular “cloud” service.
In this article I will introduce two applications you can use to build your own “cloud” server, ownCloud 4.5 (not yet updated for ownCloud 5.0) and Subsonic. ownCloud is a file sharing platform that provides a web page interface to upload, download, and read your files as well as a number of synchronization clients to help you keep your files up to date on many devices automatically. Subsonic is a web-based audio and video collection application that lets you play your files in any browser on any device.
I presented this project at the Greater Boston Desktop GNU/Linux Users Group meetup on 6 February 2013. Download the talk here:
Project Overview
The system I describe in this guide is a web server that you host in your own home network or optionally at a remote hosting facility. It provides the following:
- A web interface to upload, browse, and download your personal files. Optionally more than one user can each have their own private libraries
- A WebDAV interface that allows you to mount your file collection directly in a file manager
- An API that allows automatic syncing of selected folders, across more than one client (like Dropbox)
- A web interface for searching and streaming your audio and video files directly in a browser
We will setup an Nginx web server as the front-end, and install ownCloud in the context /owncloud and Subsonic in the context /subsonic. For ease of access, instead of relying on Subsonic's rudimentary upload interface or some external method, we will configure Subsonic to index and play files from folders Audio and Video in the ownCloud installation.
Prerequisites and Materials
This howto guide assumes that you have at least an intermediate understanding of Linux, including how to install it from scratch on a spare computer, installing packages, editing configuration files, etc. Most of the commands and package names given in the guide are specific to Debian-based and/or Ubuntu-based systems (Ubuntu is a descendant of Debian) but if you know another free software OS very well, you can easily follow along and translate where necessary.
In fact, all of the software described will run just fine on Windows or OS X as well as Linux and BSD operating systems. If you want to follow the guide literally step-by-step, you should use Ubuntu as your OS.
You will need:
- A spare computer or a leased server or virtual machine in a data center like prgmr.com or Amazon EC2
- At least 384MiB of RAM (the more the merrier; if you can have lots of RAM, start with 2GiB)
- Enough storage capacity to accommodate all the files you're planning to store on the system
- Your favorite operating system — this guide will use Lubuntu because it comes with a newbie-friendly but very lightweight desktop interface which maybe be easier for some people to use than the text-only Ubuntu Server edition.
- A network connection — You will need Internet connectivity to setup the server and install the software, but after that it's possible to use the server in a mode either accessible from the Internet or not according to your preference.
As a bare minimum estimate, it will take at least an evening to build the system, but you should allow yourself a couple of days to take your time to understand the components and customize the software to suit your needs.
Setting Up and Configuring the Server Machine
To start with, you need a physical machine or a virtual machine installed somewhere — either in the corner of your living room or at a hosting provider. Install the OS if it's not already installed; instructions for writing a boot thumbdrive or DVD and installing Lubuntu are provided on the Lubuntu web site.
Static IP Address
The first thing you want to do is ensure that your server has a static IP address. If you are using a remotely hosted server, you can skip this step; your hosting provider will have already setup an Internet-accessible static IP address on your machine for you.
Normally when you connect a new computer to your home network, your router automatically assigns it the next available IP address in its dynamic address pool, which is typically in the range 192.168.1.100 to 192.168.1.199. Since other machines are going be to making inbound connections to your server, they need to know ahead of time what the address is; if you let the router assign the address dynamically, it may not be the same value in a few months as it is today.
Before you assign a static IP address to your server, you need to know what IP addresses you can use that are not in the pool used by your router for dynamic addresses. On your server, open a command prompt window and run the nm-tool command.
$ nm-tool
NetworkManager Tool State: connected (global) - Device: eth1 [nat] ---------------------------------------------------------- Type: Wired Driver: e1000 State: connected Default: yes HW Address: 08:00:27:4C:DB:F3 Capabilities: Carrier Detect: yes Speed: 1000 Mb/s Wired Properties Carrier: on IPv4 Settings: Address: 192.168.1.103 Prefix: 24 (255.255.255.0) Gateway: 192.168.1.1 DNS: 192.168.1.1
Make a note of the values “Address”, “Prefix”, “Gateway”, and “DNS”. (DNS may have more than one value.)
The “Address” value is the current dynamic IP address assigned to your server. The last byte is probably 100 or not much above it. A good rule of thumb is to setup your static IP address with the same first three byes and the last changed to 50
, for example 192.168.1.50. Make a note of this new value you choose as your “Static IP Address”.
Now, in your Applications menu, go to Preferences → Network Connections. Select the active network connection and click the Edit button.
Go to the IPv4 Settings tab. Set Method to Manual. Fill in one Address using the value you wrote down before for “Static IP Address”. The Netmask column will have the part in parentheses from the Prefix value in the nm-tool output. The Gateway column will have same value as in nm-tool. And last, fill in your DNS server(s), separated by spaces.
Click Save. Now open up a web browser and try to view a web page from the Internet. Hopefully everything worked and now you have a static IP address that can be known to all the clients that will connect to the server.
The directions given here are of a kind of quick and dirty rule-of-thumb style. It should for most people who don't already have any servers with static IP addresses setup in their home network. More advanced users should use their home router's configuration pages to manage statically assigned IP addresses, but this is beyond the scope of this howto guide.
Hostname
Optionally, you may want to setup a hostname for the server so you don't have to have to remember the static IP address you assigned to it. There are a number of methods for doing this, but the simplest is to edit the hosts file on each client machine (not the server!):
$ sudo nano /etc/hosts
Add the following to the end of the file:
192.168.1.50 files
Type Ctrl+X to save and quit.
This maps the IP address 192.168.1.50 to the hostname files. We will use the hostname files to refer to the server for the rest of this guide. Make sure you fill in your actual static IP address from the previous step if it's different from mine.
For Windows clients, the procedure is nearly the same. Click Start; type “cmd”; right-click on the result and select Run as Administrator. Then run
notepad C:\Windows\System32\Drivers\etc\hosts
and add the mapping to the file the same as above, then save and quit Notepad. The file format is the same as for a Unix machine.
Now in a command prompt window make sure you can ping the server:
$ ping files
PING files (192.168.1.50) 56(84) bytes of data. 64 bytes from files (192.168.1.50): icmp_req=1 ttl=64 time=1.08 ms 64 bytes from files (192.168.1.50): icmp_req=2 ttl=64 time=0.377 ms ^C --- files ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.377/0.730/1.084/0.354 ms
Hit Ctrl+C to stop the ping command. If you're not getting a response, the server isn't online or you did something wrong.
Create 'files' User
The last step before installing the applications is to create a new user under whose account the applications will run. When you installed OS, you probably created an account for yourself (for example, my login name is brendan). You might in the future want to use this server for other things like remote desktop service or possibly running a TV. The user account for the server applications should be different.
In the server's Applications menu, go to System Tools → Users and Groups. Create a new user called files (since this will be for file server applications). Set the Account Type to Administrator.
Then click the Manage Groups button and make sure that files is a member of the sudo group. This will allow you to perform all the rest of the installation steps in this guide while logged in as files.
SSH Server
Depending on where your server lives and what else it's doing, you may or may not decide to perform the rest of the installation remotely. You definitely don't need to be at the server's hardware console from here on. You just have to enable remote SSH access. Open a command prompt window on the server and install openssh-server.
$ sudo apt-get install openssh-server
Now from your favorite desktop or laptop you should be able to remotely log in:
$ ssh files@files
For the rest of this guide, unless otherwise stated, when I give command prompt instructions, I'll assume you're SSHed in as user files on the server files.
Install Nginx Web Server, PHP, MySQL, and Java
Apache is the default web server on Ubuntu but I find that Nginx's configuration is easier to understand and manage, so this guide uses Nginx.
ownCloud is a PHP application that uses a MySQL database, and Subsonic is a Java application. So install all these prerequisites as well as some additional packages needed by ownCloud:
$ sudo apt-get install curl libcurl3 mysql-server nginx openjdk-6-jre \ php-apc php-xml-parser php5-cgi php5-curl php5-gd php5-intl php5-mysql \ php5-sqlite smbclient
Be sure to remember the root password you set when you install mysql.
Nginx doesn't integrate automatically with PHP, but it doesn't take a lot of work to set it up. Unlike some other web server setups where PHP is loaded as a library running inisde the web server, to use PHP with Nginx, PHP needs to be always running as its own process, ready to service requests using the FastCGI protocol. To setup PHP as a FastCGI server, create a new Upstart configuration file for it:
$ sudo nano /etc/init/php-fastcgi-files.conf
Put this in the file and hit Ctrl+X to save and quit:
- /etc/init/php-fastcgi-files.conf
# php-fastcgi-files - starts php-cgi as an external FASTCGI process description "php-fastcgi-files - keep up php-fastcgi" start on runlevel [2345] stop on runlevel [!2345] respawn exec /usr/bin/sudo -u files PHP_FCGI_CHILDREN=5 PHP_FCGI_MAX_REQUESTS=125 /usr/bin/php-cgi -q -b /tmp/php-fastcgi-files.socket
This sets up an Upstart job that runs in the background as a service. The job launches PHP as a FastCGI server running as the user files and using the Unix socket in /tmp/php-fastcgi-files.socket to communicate with clients.
Start the service.
$ sudo service php-fastcgi-files start
php-fastcgi-files start/running, process 10098
Next, edit the default Nginx site configuration file to make Nginx aware of this socket:
$ sudo nano /etc/nginx/sites-available/default
Add the following to the top of the file:
upstream phpfiles { server unix:/tmp/php-fastcgi-files.socket; }
Finally, add this line to the end of the server
section, inside that section, near the bottom of the file:
include apps/*.conf;
This makes it easy to run several applications on the same host name, IP address, and port number, and still keep separate configuration files for each application. Save and quit with Ctrl+X.
phpMyAdmin
The last prerequisite and the first actual application I suggest installing is phpMyAdmin. ownCloud will only need one MySQL database, and it is possible to simply create it from the command line, but in case you want to install other MySQL-based applications and perform backups and other maintenance, phpMyAdmin will make things a lot easier.
On your personal desktop computer, go to http://www.phpmyadmin.net/home_page/downloads.php and follow the link for the latest version of phpMyAdmin. It's easiest if you get one of the bz2 files, either phpMyAdmin-*-all-languages.tar.bz2 or phpMyAdmin-*-english.tar.bz2. Now use a file transfer tool to copy the downloaded file to a new folder on the server /home/files/Apps. My favorite file transfer tool is FileZilla, but anything that supports SSH/SFTP will work.
Now go to your SSH command prompt session on the server and extract the file.
$ mkdir ~/Apps $ cd ~/Apps $ tar -jxf phpMyAdmin-3.5.6-all-languages.tar.bz2 $ mv phpMyAdmin-3.5.6-all-languages phpmyadmin
Configure Nginx to find phpMyAdmin.
$ sudo mkdir /etc/nginx/apps $ sudo nano /etc/nginx/apps/phpmyadmin.conf
Add this to the config file, save and quit:
- /etc/nginx/apps/phpmyadmin.conf
rewrite ^/phpmyadmin$ /phpmyadmin/ permanent; location /phpmyadmin/ { alias /home/files/Apps/phpmyadmin/; index index.php; } location ~ ^/phpmyadmin/(.*\.php)$ { root /home/files/Apps; fastcgi_intercept_errors on; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass phpfiles; include fastcgi_params; }
This configuration file tells Nginx first to redirect any request for /phpmyadin to /phpmyadmin/ in case you forget the slash when you type the URL. Next it says that anywhere in the phpmyadmin folder, if a file is not specified in the request, look for index.php and run that. Finally it configures PHP as a request handler for PHP files, with /home/files/Apps as the document root folder for this application (i.e. /phpmyadmin maps to /home/files/Apps/phpmyadmin) and enables. The fastcgi_pass phpfiles command refers to the phpfiles upstream FastCGI process we configured in the previous step.
Restart Nginx to make the configuration take effect.
$ sudo service nginx restart
Restarting nginx: nginx.
Create a config folder.
$ cd ~/Apps/phpmyadmin $ mkdir config $ chmod o+rw config
Go to http://files/phpmyadmin/setup/ . Click the New Server button, then Save on the Edit Server screen, and finally Save on the Overview screen. Back in the command prompt, install the configuration and remove the temporary folder.
$ mv config/config.inc.php . $ chmod o-rw config.inc.php $ rm -rf config
phpMyAdmin should be all set to use at http://files/phpmyadmin/ now. Log in as the MySQL root user.
Finally you're ready to install ownCloud and Subsonic.
Installing ownCloud
ownCloud provides automated installation packages for major Linux distributions but since it uses Ubuntu's default Apache web server and this guide uses Nginx, you will have to download the ownCloud tar archive distribution instead of the installer. In your browser, go to http://owncloud.org/support/install/ and click the .tar Archive button. Right-click on the download link provided and copy it to the clipboard. Go to your SSH session on the server and download the URL.
$ cd ~/Apps $ wget [SHIFT-INS to paste URL here...]
--2013-02-05 02:02:16-- http://mirrors.owncloud.org/releases/owncloud-4.5.6.tar.bz2 Resolving mirrors.owncloud.org (mirrors.owncloud.org)... 50.30.42.17 Connecting to mirrors.owncloud.org (mirrors.owncloud.org)|50.30.42.17|:80... connected. HTTP request sent, awaiting response... 302 Found Location: http://owncloud.org/releases/owncloud-4.5.6.tar.bz2 [following] --2013-02-05 02:02:16-- http://owncloud.org/releases/owncloud-4.5.6.tar.bz2 Resolving owncloud.org (owncloud.org)... 50.30.42.17 Reusing existing connection to mirrors.owncloud.org:80. HTTP request sent, awaiting response... 200 OK Length: 9161189 (8.7M) [application/x-bzip] Saving to: `owncloud-4.5.6.tar.bz2' 100%[=====================================>] 9,161,189 434K/s in 18s 2013-02-05 02:02:34 (484 KB/s) - `owncloud-4.5.6.tar.bz2' saved [9161189/9161189]
$ tar -jxf owncloud-4.5.6.tar.bz2
Before you configure ownCloud itself, you need to fix the maximum file upload size in PHP; its default is very small. Edit php.ini.
$ sudo nano /etc/php5/cgi/php.ini
Use the Ctrl+W “Where Is” command to search for and change the two settings post_max_size
and upload_max_filesize
to a comfortable value like 2000M
(which is 2GB). Save and quit with Ctrl+X.
Restart PHP.
$ sudo service php-fastcgi-files restart
php-fastcgi-files stop/waiting php-fastcgi-files start/running, process 13128
Install ownCloud into Nginx.
$ sudo nano /etc/nginx/apps/owncloud.conf
Add this to the config file, save and quit:
- /etc/nginx/apps/owncloud.conf
client_max_body_size 2000M; rewrite ^/owncloud$ /owncloud/ permanent; location /owncloud/ { alias /home/files/Apps/owncloud/; index index.php; try_files $uri $uri/ @owncloudwebdav; } location @owncloudwebdav { root /home/files/Apps; fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_pass phpfiles; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~ ^/owncloud/(.*\.php)$ { root /home/files/Apps; fastcgi_intercept_errors on; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass phpfiles; include fastcgi_params; } location ~ ^/owncloud/(data|config|\.ht|db_structure\.xml|README) { deny all; }
Restart Nginx.
$ sudo service nginx restart
Restarting nginx: nginx.
Go to phpMyAdmin at http://files/phpmyadmin/ . Go to Users and create a new user called owncloud with an accompanying database with the same name; the user creation screen lets you do both with one command.
Now you can go to ownCloud and configure it. Go to http://files/owncloud/ and it prompts you to create an admin user. Create a user with your usual login name (for example brendan), with a password. Be sure to click the Advanced twisty and fill in the database settings.
Set the database type to MySQL and the username and database name to owncloud. Set the database host to localhost. Fill in your database password. Click Finish.
ownCloud is now ready to use.
Installing Subsonic
Subsonic also provides an automated install package which installs the application with its own built-in Java application server on port 4040. We'll go ahead and use that.
In your browser, go to http://www.subsonic.org/pages/download.jsp and follow the link for “Debian/Ubuntu” installer. Use a file transfer tool to copy the downloaded file to /home/files on your file server. Run the installer.
$ sudo dpkg -i subsonic-4.7.deb
Selecting previously unselected package subsonic. (Reading database ... 140080 files and directories currently installed.) Unpacking subsonic (from subsonic-4.7.deb) ... Setting up subsonic (4.7) ... Adding system startup for /etc/init.d/subsonic ... /etc/rc0.d/K99subsonic -> ../init.d/subsonic /etc/rc1.d/K99subsonic -> ../init.d/subsonic /etc/rc6.d/K99subsonic -> ../init.d/subsonic /etc/rc2.d/S99subsonic -> ../init.d/subsonic /etc/rc3.d/S99subsonic -> ../init.d/subsonic /etc/rc4.d/S99subsonic -> ../init.d/subsonic /etc/rc5.d/S99subsonic -> ../init.d/subsonic Started Subsonic [PID 2998, /var/subsonic/subsonic_sh.log] Processing triggers for ureadahead ...
By default, Subsonic runs as the user root, but this needs to be changed to files.
$ sudo nano /etc/default/subsonic
Add one line, save and quit:
- /etc/default/subsonic
SUBSONIC_USER=files
Create Subsonic's data folder:
$ sudo mkdir -p /var/subsonic $ sudo chown -R files.files /var/subsonic
Since we aren't running Subsonic in the root of the web server's directory space, you need to edit Subsonic's context path.
$ sudo nano /usr/share/subsonic/subsonic.sh
Change the line for SUBSONIC_CONTEXT_PATH
to the value /subsonic (make sure there is no slash at the end), save and quit.
Restart the Subsonic service.
$ sudo service subsonic restart
* Restarting Subsonic Daemon subsonic Started Subsonic [PID 14178, /var/subsonic/subsonic_sh.log] ...done.
Install Subsonic into Nginx.
$ sudo nano /etc/nginx/apps/subsonic.conf
Add this to the config file, save and quit:
- /etc/nginx/apps/subsonic.conf
rewrite ^/subsonic$ /subsonic/ permanent; location /subsonic/ { proxy_pass http://localhost:4040; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; }
Restart Nginx.
$ sudo service nginx restart
Restarting nginx: nginx.
Go to your new Subsonic instance and set it up, starting at http://files/subsonic/ . For your first login, you will log in as admin with the password admin
.
On the next page, click link #1 for Change administrator password. Go back to http://files/subsonic/ and log in again.
Now click the #2 link for Set up media folders. You should create media folders in ownCloud so that the files are accessible there and in Subsonic. Open a new tab and go to http://files/owncloud/ . In the ownCloud tab, create two folders called Audio and Video in the top level of your Files area.
You'll need to know the filesystem paths for those two folders. If you browse in ownCloud's application folder, you'll find a folder like this one:
$ cd ~/Apps/owncloud/data/brendan/files $ ls
Audio Video
So that paths will be
- /home/files/Apps/owncloud/data/USERNAME/files/Audio
- /home/files/Apps/owncloud/data/USERNAME/files/Video
Back in your browser's Subsonic tab, write these into the Media folders screen you left open.
Scroll down to the bottom and click Save. Last, you can go back to Subsonic's Home screen and click Don't show this again. You don't need to use the #3 link to setup a subsonic.org host name.
Finally, upload some media files into a new subfolder under Audio or Video using ownCloud. Go to Subsonic → Settings → Media folders → Scan media folders now to rescan the media files. Now go back to Subsonic's Home screen and you should see your files.
Using the ownCloud and Subsonic Applications
As you have seen during the configuration phase of this project, a web browser that can make a connection to the server is all you need to access the two applications.
WebDAV Access
One of the most common non-browser access methods you'll probably want will be WebDAV, which you can connect directly to from your file manager or file transfer tool.
Nautilus allows you to mount a WebDAV share as if it were a local folder and open files directly in local applications directly from the mounted folder. To do that, go to File → Connect to Server, and fill in these details:
Server | hostname goes here |
Type | WebDAV |
Folder | /owncloud/remote.php/webdav |
User name | your user name |
Password | your password |
And you should see a new share in the Places pane like this:
Automatically Synchronizing Local Files to the Server
This is also easy. Just download the sync client for your OS here: http://owncloud.org/sync-clients/
The ownCloud Client will automatically create folder in your ownCloud file space called clientsync and sync that to ~/ownCloud on every device you install it on. If you have seen Dropbox, the operation of ownCloud Client should be familiar to you. Whenever you change a file on any synced machine, it is automatically queued to have its changes pushed to your ownCloud file space. If you are online now, the changes are pushed right away. In the other direction, ownCloud client automatically detects and downloads and changes from your ownCloud file space when other machines have pushed updates.
It is important to note that ownCloud Client does not sync all files in your online storage space — by default it ignores everything in other folders besides clientsync; if it didn't do this, you might quickly find that your movies or other large files are being needlessly pushed to all your computers and taking up too much local storage space.
Advanced Configuration
Access from Outside Your Local Network
If you want to be able to access your server from everywhere on the Internet, you need to provide some kind of inbound connectivity to it. If your server is in a remote hosting facility, then of course you already have remote access to it. On the other hand, if your server lives at home, you probably have a NAT (network address translation)-style router that doesn't allow anyone from the outside to connect to local devices on the inside, by default. This industry standard default configuration is of course for your own safety, so that you don't have to worry so much about the security of every laptop and XBox on your network.
Most routers allow you to setup “port forwarding”. For example, if you're running the aftermarket “DD-WRT” router operating system, instructions are provided here: http://www.dd-wrt.com/wiki/index.php/Port_Forwarding . In general, somewhere in the router's configuration pages there should be a Port Forwarding function — it might be under a section called Appications & Gaming. Configure a mapping that allows remote connections on port 80
to be forwarded through to the IP address 192.168.1.50 (or whatever static IP address you assigned) on port 80
.
Now if you note the “public” or “WAN” IP address on your router's status page, you should be able to connect to that address in any web browser on the public Internet.
Internet Host Name
Of course, you're probably not going to want to remember the public IP address of your router. There are services on the Internet that provide DNS names for your publicly accessible IP addresses. DynDNS is my favorite, and I recommend them, but their service does cost $20/year. There may be worthwhile free services comparable to DynDNS.
From a service like DynDNS, you will get a hostname like brendan-server.example-personal-dns-service.com which will always resolve to whatever public IP address you give it. Once you get that far, you can even install a tool like ddclient on your server which will periodically ping a public IP address lookup service (“Q: Hi I'm ddclient on Brendan's computer. What public IP address am I connecting from?” “A: Hi ddclient. You are using 1.2.3.4.”) and then tell your DNS provider if the IP address ever changes.
Encrypting Traffic with TLS
And finally, if you're connecting to your server over the public Internet, you should probably look into setting up HTTPS access instead of HTTP, to make sure no one steals your passwords or data while you use your server.
This subject can be scary for a non-expert, but it is possible to set up HTTPS by yourself.
HTTPS uses the TLS protocol's public key cryptography implementation run HTTP over a secure channel. In public key cryptography, each party has a “public key” and a “private key”. If I encrypt a message with your “public key” and send it to you, only you can decrypt that message using your “private key”. Proving the authenticity of a message works in the other direction. I can run the encryption protocol on a hash (a signature) of a message using my private key, and send it to you to be decrypted by my public key. From these primitive operations, you can setup a lot of useful secure communication. (The implementation details get complicated very quickly; in fact once a connection is established, TLS uses symmetric encryption instead of public key encryption because it's faster.)
The critical bootstrapping problem here is to prove that the “public key” that a random client gets for your server is in fact the real key belonging to your server. This is where “SSL/TLS certificates” come into play. Your browser comes pre-configured with the public keys of a number of known trusted “certificate authorities”. You need to get your key signed by one of those CAs … or by a CA whose key is in turned signed by one of the root CAs.
Signed certificates can be expensive. Most people don't know this, but there is a certificate authority called Start SSL which provides basic signed certificates for free. Sign up for a StartSSL certificate and follow their instructions. They even have a page explaining explicitly how to install the certificate in Nginx!
After that, don't forget to go through your Nginx configuration and your forwarded ports on your router to make sure that you're using port 443 (HTTPS) in addition to, or instead of, port 80 (HTTP). Refer to the Nginx manual for more details about how to setup HTTPS.
Discussion
When I get to this step Go to http://files/phpmyadmin/setup/
I get a 403 access denied error. Any ideas?
nginx’s error log file might provide some clues.
I have the same problem as Sean. nginx's error log as follows:
2013/04/24 11:40:28 [error] 2398#0: *1 "/home/files/Apps/phpmyadmin/setup/index.php" is forbidden (13: Permission denied), client: 192.168.1.78, server: localhost, request: "GE$
2013/04/24 11:42:37 [error] 2398#0: *2 "/home/files/Apps/phpmyadmin/setup/index.php" is forbidden (13: Permission denied), client: 192.168.1.71, server: localhost, request: "GE$
2013/04/24 12:02:29 [error] 2398#0: *4 "/home/files/Apps/phpmyadmin/setup/index.php" is forbidden (13: Permission denied), client: 192.168.1.78, server: localhost, request: "GE$
2013/04/24 12:02:31 [error] 2398#0: *4 "/home/files/Apps/phpmyadmin/setup/index.php" is forbidden (13: Permission denied), client: 192.168.1.78, server: localhost, request: "GE$
2013/04/24 12:03:07 [error] 2398#0: *4 "/home/files/Apps/phpmyadmin/setup/index.php" is forbidden (13: Permission denied), client: 192.168.1.78, server: localhost, request: "GE$
2013/04/24 12:03:43 [error] 2398#0: *4 "/home/files/Apps/phpmyadmin/setup/index.php" is forbidden (13: Permission denied), client: 192.168.1.78, server: localhost, request: "GE$
2013/04/24 12:08:09 [error] 2523#0: *1 "/home/files/Apps/phpmyadmin/setup/index.php" is forbidden (13: Permission denied), client: 192.168.1.78, server: localhost, request: "GE$
Static IP set as: 192.168.1.71
Any help would be highly appreciated! Thanks!
After a bit of research I figure it is either related to permissions or to index.php not being included in nginx.config. Here is the current contents of my nginx.config:
[Edit by admin: moved to Pastebin] http://pastebin.com/yV4Lt19Q
OK, I figured what was wrong. The permissions for /home/files/ directory were set to drwx------ .... changed them to 755.
Hope it helps Sean and others.
Well, I've completed your tutorial but still not completely successful: owncloud seems to be stuck in "upgrading filesystem cache" ...
The log shows the following warning:
Warning PHP mysql_close(): 46 is not a valid MySQL-Link resource at /home/files/Apps/owncloud/lib/setup.php#277
Line 277 of setup.php reads:
mysql_close($connection);
Any ideas? I've been trying to find a solution but so far have been unsuccessful. I have also deleted the mysql user and database as well as owncloud and re-installed, but I always get the same error.
Thanks!
mv, is your PHP FastCGI process running as user 'files', the owner of /home/files/Apps/owncloud?
Oh nm, it was nginx that had permission trouble and you fixed that. I think I need to revisit the part of the guide where you create ~files/Apps/owncloud and comment on permissions. Either I missed DOCUMENTING that step or your OS's default permissions don't match the Ubuntu setup I used.
I have no comment on crash at lib/setup.php#277 yet.
It appears that the release of ownCloud 5.0 made my nginx configuration invalid. I tried installing ownCloud 5.0 today and it's doing some really strange stuff with paths and PHP parameters. The sample nginx configuration given on the ownCloud web site for 5.0 has no consideration for running in a folder under your web root like '/owncloud/'.
I will update this article when I have a solution. Use ownCloud 4.5 if you want the instructions here to work.
you should try madsonic its a fork of subsonic and is there a reason why you dont use apache ?
Thank you for suggesting Madsonic. I'll check it out. I used Nginx and not Apache because I find Apache's configuration file scheme too complicated. Personal preference.
[Edit: The web site for Madsonic isn't very impressive. I had to dig several clicks into the forum to find an About post acting as an about page.]
Have you found a solution to owncloud 5 yet?
Yes ... and then it broke. :^( Check back here in a few more weeks or subscribe to this page's RSS feed.
Awesome just subscribed!
Hi,
When I get to the step:
Now you can go to ownCloud and configure it. Go to http://files/owncloud/ and it prompts you to create an admin user
I get the message "No input file specified."
I have tried using 4.5.12 and 5.07 (as i cannot find 4.5.6 for download anywhere) and they both give me that error.
Any help would be great and thans for taking the time to write up this tutorial!
I figured the above question out
Having run into the same issue with the "upgrading filesystem cache" message and doing some internet trolling to resolve the issue I came across an article (https://forum.owncloud.org/viewtopic.php?f=23&t=9193) that suggested the following addition to my /etc/nginx/apps/owncloud.conf file:
location ~ ^/owncloud/(.*\.php)$ {
fastcgi_split_path_info ^(.+\.php)(/.*)$; <------ I added this line
...
}
After a quick restart of the nginx service and a logout/login of my account proved to resolve the issue. I can now get into OwnCloud without any issues...
Thanks for the suggestion. I'll confirm this hopefully some time in July and clean up the article and comments section.
I am stuck at the following
Finally, add this line to the end of the server section, inside that section, near the bottom of the file:
include apps/*.conf;
I am unsure as to where exactly it goes.
Would this cause phpmyadmin not to be available?
Thanks
carltonb
I am slowly starting to upgrade my home file server, installing owncloud and subsonic per your article. I am wondering why you used owncloud 4.x and not 5.x? Also wondering if any component in this solution requires the X window system; if not it seems safer to run the server without it.
Thanks for posting. My old server just uses NFS for file sharing. This solution should be spiffier.
I covered 4.5 in my talk and in this article because 4.5 was current at the time. 5.0 came out a few weeks later and I found that my Nginx config recipes don't quite work with 5.0, and I have not had time to come back here and edit the article; sorry. If you use Apache (the web server standard in Debian in Ubuntu) it'll probably be pretty easy.
Do you need an X Window system? No. I wrote this article for newbies and I assumed they'd be using one. ownCloud the server app does not require access to a desktop in order to configure or run.
I found your article and it's just what I was looking for. Any chance you will be updating it for Owncloud version 6? I'm going to play around with it, but I don't have the expertise to know what changes to make.
Thanks for the work,
Wayne
I may update it in the next few months. I'm starting to write a book about the larger topic of managing a personal server with many apps -- not just one. And I feel that ownCloud should be included in the series of recipes in the book. When my new ownCloud recipe is done I'll replace this page with a new version. Until then, refer to the ownCloud manual and support site.
Thanks for the update.
damnit, Brendan... now I have another project that I'll need to complete :P Excellent writeup, I must say.
To comment on this page, please copy and paste the following into an email and send it to me. Useful and informative comments will be published within a day or two.