Blog => Blob => Jello

Random Stuff.

Lighttpd Configuration for ownCloud 6 (and ownCloud 7)

icon 2014-09-19

And so, as I was saying, I wanted to setup ownCloud.

For the record, I'm using Centos6, which is a few years old. The EPEL6 repository only provides ownCloud 4.5, so I needed to find owncloud6 somewhere else. So I've looked at:

Anyway, in the owncloud SRPM rebuild creates not only an owncloud-6.0.4-3.el6.noarch.rpm (which contains the ownCloud software itself), but also 3 packages for database backends:
  • owncloud-mysql-6.0.4-3.el6.noarch.rpm
  • owncloud-postgresql-6.0.4-3.el6.noarch.rpm
  • owncloud-sqlite-6.0.4-3.el6.noarch.rpm (I've picked this one, for what it's worth).
There are also 2 additionnal packages which provide owncloud configurations for some webservers:
  • owncloud-httpd-6.0.4-3.el6.noarch.rpm (for apache web server)
  • owncloud-nginx-6.0.4-3.el6.noarch.rpm (for nginx web server, obviously)
Since I hate configuring apache, and don't really know nginx, I've made my mind for lighttpd. But as you can see, there's no configuration package for it.

Impossible !, you said ? Don't tell me what I can't do.

First things first: install the packages:
cd ~rpmbuild/RPMS/noarch && yum --enablerepo=remi localinstall owncloud-6.0.4-3.el6.noarch.rpm owncloud-sqlite-6.0.4-3.el6.noarch.rpm
To make things easier for me, I've also installed the owncloud-httpd package to base my lighttpd configuration upon something known-working. The owncloud-httpd package provides this file:
Alias /owncloud /usr/share/owncloud
<Directory /usr/share/owncloud/>
    Options -Indexes
    <IfModule mod_authz_core.c>
    # Apache 2.4
    Require local
    </IfModule>
    <IfModule !mod_authz_core.c>
    # Apache 2.2
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
    Allow from ::1
    </IfModule>
    ErrorDocument 404 /core/templates/404.php
    php_value upload_max_filesize 512M
    php_value post_max_size 512M
    php_value memory_limit 512M
    SetEnv htaccessWorking true
    RewriteEngine on
    RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]
</Directory>
If you read those lines (almost) one by one, you realize it is not that hard to translate them to lighttpd syntax. So considering I've dedicated a virtual host for ownCloud, here is, roughly, what my configuration /etc/lighttpd/vhosts.d/owncloud.conf file is, with some additional comments just for you to understand it a bit more.
$SERVER["socket"] == ":443" {
  ssl.engine = "enable"
  # StartSSL CA certificate and intermediate certificate
  ssl.ca-file = "/etc/pki/tls/startcom.crt"
  # My own certificate, generated by startssl.
  ssl.pemfile = "/etc/pki/tls/MY_STARTSSL_CERT.pem"
  $HTTP["host"] == "host.domain.tld" {
    var.server_name = "host.domain.tld"
    # This does not really matter.
    server.document-root = "/srv/lighttpd/" + server_name
    server.name = server_name
    # Bind URL path to filesystem path. (Alias /owncloud /usr/share/owncloud)
    alias.url = ( "/owncloud/" => "/usr/share/owncloud/" )
    # Disable indexes. (Options -Indexes)
    $HTTP["url"] =~ "^/owncloud($|/)" {
      dir-listing.activate = "disable"
    }
    $HTTP["url"] =~ "^/owncloud/data/" {
      url.access-deny = ("")
    }
    # Redirect / to /owncloud/
    url.redirect = (
      "^/(index.php|owncloud)?$" => "https://" + server_name + "/owncloud/"
    )
    # Treat *everything* under remote.php as php. Not an option.
    $HTTP["url"] =~ "^/owncloud/remote.php/.*" {
      fastcgi.map-extensions = ( "" => ".php" )
    }
    # Owncloud 404 page (ErrorDocument 404 /core/templates/404.php)
    server.error-handler-404 = "/owncloud/core/templates/404.php"
    # It looks like ownCloud also has a 403 handler.
    server.error-handler-403 = "/owncloud/core/templates/403.php"
    # Specific logfile
    accesslog.filename = log_root + "/" + server_name + "/access.log"
  }
}
This configuration file does not include the php_value directives implementation. This means that if you do not do anything about it, you won't be able to upload more than 2MB files. Out of laziness, I've decided to change the system-wide /etc/php.ini. The changes are pretty straightforward, so I won't talk more about them here.

For the record, the $HTTP["url"] =~ "^/owncloud/remote.php/.*" { fastcgi.map-extensions = ( "" => ".php" ) } blob is a fix for the (in)famous "Why, Ô, why the hell files ending with a 0 in their name fail to upload ???" bug. It was... tricky... to track, but the fix makes sense once you understand how lighty internally works. This bug will happen more than you think: the ownCloud android app splits big (as in "more than 10MiB") files... and the first chunk for a big foo file, will be foo-0, which will trigger that bug.

The last thing you are required to perform is to change ownership of some writable files for lighttpd.
chown -R lighttpd:lighttpd /etc/owncloud /var/lib/owncloud
Unfortunately, this will be required every time you update the owncloud packages.

After tweaking php and restarting lighttpd, and provided that you have correctly made some generic configuration in lighttpd for php, https, to allow redirections, etc. you should now be able to:
  • Create and share contact
  • Use calendars
  • Upload up-to-512MB files through the web interface.

It should be noted, that I've installed my ownCloud 6 instance in the very last days prior to the ownCloud 7 release. So, early September, I've picked the owncloud-7.0.2-2.fc20 SRPM from fedora koji build platform and rebuilt it for my Centos release. The package rebuild, package update (+ that chown thingy -_-) and internal ownCloud upgrade went without any problem. The lighttpd configuration itself did not require any further tweaking.

OwnCloud 7, beside the overall general improvement, fixes a few issues I had to patch up manually (most of fixes are already reported in the github) in ownCloud 6, so I strongly suggest upgrading to version 7. I still have some minor bugs in the contact app (categories don't seem to be correctly set all the time), ...

But honestly, for now...

It just works.

icon Tags de l'article : , , , ,

Comments are closed

icon Flux RSS des commentaires de cet article

Comments are closed for this entry.