Blog => Blob => Jello

Random Stuff.

Lighttpd Configuration for ownCloud 6 (and ownCloud 7)

icon 2014-09-19 - Comments are closed

And so, as I was saying, I wanted to setup ownCloud.

For the record, I'm using Centos6, which is a few years old. The EPEL6 repository only provides ownCloud 4.5, so I needed to find owncloud6 somewhere else. So I've looked at:

Anyway, in the owncloud SRPM rebuild creates not only an owncloud-6.0.4-3.el6.noarch.rpm (which contains the ownCloud software itself), but also 3 packages for database backends:
  • owncloud-mysql-6.0.4-3.el6.noarch.rpm
  • owncloud-postgresql-6.0.4-3.el6.noarch.rpm
  • owncloud-sqlite-6.0.4-3.el6.noarch.rpm (I've picked this one, for what it's worth).
There are also 2 additionnal packages which provide owncloud configurations for some webservers:
  • owncloud-httpd-6.0.4-3.el6.noarch.rpm (for apache web server)
  • owncloud-nginx-6.0.4-3.el6.noarch.rpm (for nginx web server, obviously)
Since I hate configuring apache, and don't really know nginx, I've made my mind for lighttpd. But as you can see, there's no configuration package for it.

Impossible !, you said ? Don't tell me what I can't do.

First things first: install the packages:
cd ~rpmbuild/RPMS/noarch && yum --enablerepo=remi localinstall owncloud-6.0.4-3.el6.noarch.rpm owncloud-sqlite-6.0.4-3.el6.noarch.rpm
To make things easier for me, I've also installed the owncloud-httpd package to base my lighttpd configuration upon something known-working. The owncloud-httpd package provides this file:
Alias /owncloud /usr/share/owncloud
<Directory /usr/share/owncloud/>
    Options -Indexes
    <IfModule mod_authz_core.c>
    # Apache 2.4
    Require local
    <IfModule !mod_authz_core.c>
    # Apache 2.2
    Order Deny,Allow
    Deny from all
    Allow from
    Allow from ::1
    ErrorDocument 404 /core/templates/404.php
    php_value upload_max_filesize 512M
    php_value post_max_size 512M
    php_value memory_limit 512M
    SetEnv htaccessWorking true
    RewriteEngine on
    RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]
If you read those lines (almost) one by one, you realize it is not that hard to translate them to lighttpd syntax. So considering I've dedicated a virtual host for ownCloud, here is, roughly, what my configuration /etc/lighttpd/vhosts.d/owncloud.conf file is, with some additional comments just for you to understand it a bit more.
$SERVER["socket"] == ":443" {
  ssl.engine = "enable"
  # StartSSL CA certificate and intermediate certificate = "/etc/pki/tls/startcom.crt"
  # My own certificate, generated by startssl.
  ssl.pemfile = "/etc/pki/tls/MY_STARTSSL_CERT.pem"
  $HTTP["host"] == "host.domain.tld" {
    var.server_name = "host.domain.tld"
    # This does not really matter.
    server.document-root = "/srv/lighttpd/" + server_name = server_name
    # Bind URL path to filesystem path. (Alias /owncloud /usr/share/owncloud)
    alias.url = ( "/owncloud/" => "/usr/share/owncloud/" )
    # Disable indexes. (Options -Indexes)
    $HTTP["url"] =~ "^/owncloud($|/)" {
      dir-listing.activate = "disable"
    $HTTP["url"] =~ "^/owncloud/data/" {
      url.access-deny = ("")
    # Redirect / to /owncloud/
    url.redirect = (
      "^/(index.php|owncloud)?$" => "https://" + server_name + "/owncloud/"
    # Treat *everything* under remote.php as php. Not an option.
    $HTTP["url"] =~ "^/owncloud/remote.php/.*" { = ( "" => ".php" )
    # Owncloud 404 page (ErrorDocument 404 /core/templates/404.php)
    server.error-handler-404 = "/owncloud/core/templates/404.php"
    # It looks like ownCloud also has a 403 handler.
    server.error-handler-403 = "/owncloud/core/templates/403.php"
    # Specific logfile
    accesslog.filename = log_root + "/" + server_name + "/access.log"
This configuration file does not include the php_value directives implementation. This means that if you do not do anything about it, you won't be able to upload more than 2MB files. Out of laziness, I've decided to change the system-wide /etc/php.ini. The changes are pretty straightforward, so I won't talk more about them here.

For the record, the $HTTP["url"] =~ "^/owncloud/remote.php/.*" { = ( "" => ".php" ) } blob is a fix for the (in)famous "Why, Ô, why the hell files ending with a 0 in their name fail to upload ???" bug. It was... tricky... to track, but the fix makes sense once you understand how lighty internally works. This bug will happen more than you think: the ownCloud android app splits big (as in "more than 10MiB") files... and the first chunk for a big foo file, will be foo-0, which will trigger that bug.

The last thing you are required to perform is to change ownership of some writable files for lighttpd.
chown -R lighttpd:lighttpd /etc/owncloud /var/lib/owncloud
Unfortunately, this will be required every time you update the owncloud packages.

After tweaking php and restarting lighttpd, and provided that you have correctly made some generic configuration in lighttpd for php, https, to allow redirections, etc. you should now be able to:
  • Create and share contact
  • Use calendars
  • Upload up-to-512MB files through the web interface.

It should be noted, that I've installed my ownCloud 6 instance in the very last days prior to the ownCloud 7 release. So, early September, I've picked the owncloud-7.0.2-2.fc20 SRPM from fedora koji build platform and rebuilt it for my Centos release. The package rebuild, package update (+ that chown thingy -_-) and internal ownCloud upgrade went without any problem. The lighttpd configuration itself did not require any further tweaking.

OwnCloud 7, beside the overall general improvement, fixes a few issues I had to patch up manually (most of fixes are already reported in the github) in ownCloud 6, so I strongly suggest upgrading to version 7. I still have some minor bugs in the contact app (categories don't seem to be correctly set all the time), ...

But honestly, for now...

It just works.

icon Tags de l'article : , , , ,

First things first : https

icon 2014-09-15 - Comments are closed

When you're about to setup an your own owncloud, and when you know you will be using your owncloud mainly through a GSM network, the first thing you need is an SSL certificate, so that regular users wont be able to spy on your communications.

The first option I had in mind was to create a stupid self-signed certificate.

And I did it.
It worked.

But problem is, when you do that, you have to import the certificate in all the browsers and client you're about to use... Plus, android was sending me warnings all the time after I imported the self-signed Authority Certificate "be careful, network is |ns3cur3, d00d".

So my second option was to obtain a trusted certificate, signed by a trusted authorized. And honestly I did not want to spend money on it. It was for my own personnal usage, for the gods sake. So after a few research, I found 3 authorities doing this :

While Gandi can actually provides a one-time 1-year SSL certificate, and while cacert is not recognized by Android, can actually offer you a 1-year SSL certificate. For free. And when the certificate expires, you can just create another one. And, cherry on the top, startssl is a trusted authority on android.
See ? I'm not lying.

There are some limitations, of course. But for a single stupid https vhost it was enough.

And voila.

icon Tags de l'article : , ,