Declaring Digital Independence
Looking to take a little more control over your digital life? Want to drop Google Drive or OneDrive for a self-hosted alternative? OwnCloud is a complete cross-platform solution with apps available for Linux, Android, or iOS. Today we’re going to set up our own instance on a VPS running Fedora 23.
Preparation⌗
Make note of the public ip address of your server or configure a DNS record
pointing to it. For the remainder of this guide we will refer to our server as
cloud.example.com
.
We are going to configure a somewhat standard setup with Apache and Mariadb. However, if you intend for your instance to be single-user you might consider using SQLite instead for better performance and lower overhead.
- Install Apache, OwnCloud, PHP, and all required PHP modules with the following command.
# If you want to use the mariadb backend.
dnf install owncloud-httpd owncloud-mysql
# If you want to use the sqlite backend.
dnf install owncloud-httpd owncloud-sqlite
- If you haven’t done so already, start and enable the Apache service.
systemctl enable --now httpd
- If you haven’t done so already, setup, start, and enable the Mariadb service.
systemctl enable --now mysqld
mysql_secure_installation
- Create a user and database for OwnCloud to use.
CREATE USER 'owncloud'@'localhost' IDENTIFIED BY 'password';
CREATE DATABASE IF NOT EXISTS owncloud;
GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
- Allow Apache to write to the configuration and data directory.
semanage fcontext -a -t httpd_sys_rw_content_t "/etc/owncloud(/.*)?"
semanage fcontext -a -t httpd_sys_rw_content_t "/var/lib/owncloud(/.*)?"
Vhost and SSL Configuration⌗
Add the base SSL configuration by creating the file
/etc/httpd/conf/base-ssl.conf
. You can add any additional options here, this
one is loosely based on the default configuration provided by Fedora. If you
don’t trust the Fedora developers to choose your cipher suite, Mozilla has a
wonderful
tool to help
you generate your configuration.
# Use separate log files for the SSL virtual hosts.
LogLevel warn
ErrorLog /var/log/httpd/ssl_error_log
TransferLog /var/log/httpd/ssl_transfer_log
# Enable SSL.
SSLEngine on
# Disallow insecure protocols.
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
# Follow system profile for ciphers.
SSLHonorCipherOrder on
SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
# Enable HSTS.
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains;
</IfModule>
- Add the base configuration by editing the file
/etc/httpd/conf/base-owncloud.conf
with the following content.
ServerName cloud.example.com
DocumentRoot /usr/share/owncloud
Alias /apps-appstore /var/lib/owncloud/apps
Alias /assets /var/lib/owncloud/assets
# Allows compliant CalDAV / CardDAV clients to be configured using only
# the domain name. For more details see # http://tools.ietf.org/html/rfc6764
Redirect 301 /.well-known/carddav /remote.php/carddav
Redirect 301 /.well-known/caldav /remote.php/caldav
Redirect 301 /.well-known/webdav /remote.php/webdav
- Next we add the actual virtual host. Create the file
/etc/httpd/conf.d/owncloud-vhost.conf
.
<VirtualHost *:80>
Include conf/base-owncloud.conf
</VirtualHost>
<VirtualHost *:443>
Include conf/base-owncloud.conf
Include conf/base-ssl.conf
SSLCertificateFile /etc/pki/tls/certs/cloud.example.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/cloud.example.com.key
</VirtualHost>
Run the Installer⌗
- Restart Apache
systemctl restart httpd
- Connect to your host and forward localhost to access the installer.
ssh -L 8080:localhost:80 cloud.example.com
- Navigate to localhost and follow the installation prompts.
- Make your instance accessible to the outside world.
ln -sf /etc/httpd/conf.d/owncloud-access.avail /etc/httpd/conf.d/z-owncloud-access.conf`
- Restart Apache
systemctl restart httpd
(Optional) Request SSL Certificate⌗
- Install the Let’s Encrypt client.
dnf install certbot
- Request a certificate.
certbot -d cloud.example.com --webroot -w /usr/share/owncloud certonly
- Add the certificate to the correct system PKI directory.
ln -sf /etc/letsencrypt/live/cloud.example.com/privkey.pem /etc/pki/tls/private/cloud.example.com.key
ln -sf /etc/letsencrypt/live/cloud.example.com/fullchain.pem /etc/pki/tls/certs/cloud.example.com.crt
Clients⌗
This list is obviously not exhaustive but it’s roughly my current setup. I currently use OwnCloud for my file synchronization, calendaring, tasks, and contacts.
- Android
- iOS
- Desktop
References⌗
Find any problems with this guide? Let me know by contacting me via e-mail or any of the social media networks in the footer.