Owncloud: How to Install on Ubuntu 16.04LTS with Let’s Encrypt SSL Certificate

This is an update of a previous post I did on ownCloud, at that point with Ubuntu 14.04LTS. This changes a few things, particularly the version of PHP, and some other things that can be ignored now. As of this writing, you will have Ubuntu Server 16.04.2 running ownCloud 9.1.4.

Dropbox, Google Drive, OneDrive, Box.com, and iCloud Drive…….These services all have one basic common feature: they run a service on your computer, and allow you to sync anything in a given folder (or folders) to a server(s) in the “cloud”, and other computers.

Sure, there are various differences. Google Drive and OneDrive allow you to edit files in some capacity. Dropbox is the big dog, having been around the longest (as far as I know). they also enjoy a lot of connectivity with third party apps, particularly on iOS and Android. That brings up another point; they’ve all got mobile clients, on iOS, Android, and sometimes even Blackberry and Windows Phone 8.

Apple has, since the writing of the original article, come out with iCloud Drive, which is tightly integrated with Finder on MacOS as well as iOS on the iPad and iPhone.

So what does this have to do with Owncloud? Owncloud does much of its competitors, however it has a distinct advantage: you host it on your server, therefore you control it, and the space is as unlimited as the space you own yourself. It’s also relatively easy to configure, as I’ll go through here.

There are drawbacks. For example, you’re constrained by your own bandwidth of your ISP’s connection. If you have a bandwidth cap, you’ve got to be careful with the amount of data you sync. And you also most definitely need to pay attention to the security of your network.

All in all though, Owncloud is an excellent package with a lively community on owncloud.org. The feature set most definitely rivals Dropbox and the others, and it’s also nice to check your sync client and see that the sky’s the limit in terms of space. Well, your hard drive’s the limit. 🙂

This article assumes you’re relatively comfortable with installing operating systems, and using SSH on a computer, either through Linux, OS X, or using something like Putty on Windows. Being comfortable with some form of Unix text editing is important too, such as VI, emacs, or Nano (the latter of which I generally use).

First things first: Install Ubuntu 16.04LTS

The first thing you need to do is install Ubuntu 16.04LTS. This version is long term supported until April 2021, so anything you build now will enjoy patching for quite some time. You can get Ubuntu 16.04LTS here.

While there’s also a desktop version which will run Owncloud just fine as well, I’m going to focus on the more stripped down server version primarily.

Installing it is pretty straightforward, so I’m not going to cover it here. Plus, there’s plenty of documentation for that all over the web and at Ubuntu’s own site here.

One thing note during installation is that I do select the SSH and LAMP server configurations, as it makes it easier and saves a couple steps later. If you’re doing this is on a virtual machine as I’ve done, it also makes it easier to get right into the server through SSH. Make sure you remember the root password for MySQL, because you’ll need that for adding the database for Owncloud. Do not make it the same as your login password.

Screen Shot 2014-06-11 at 4.24.20 PM

Following installing, go ahead and do a sudo apt-get update, then sudo apt-get upgrade, and accept all patches. There shouldn’t be too many for 14.04LTS, but that should be done first.

UPDATE – You’re definitely going to want to do the MySQL security configuration, because it just goes the extra length in making your MySQL installation a little bit more secure. Go into a terminal window, and paste:

sudo mysql_secure_installation

This will then ask a series of questions, such as if you’d like to disable anonymous users (yes!), remove test database (yes!), and disallow remote login (definitely). It doesn’t make it fool-proof, but every little bit helps, you know?

Installing Owncloud

First thing to note is that there are a couple different ways to install Owncloud; you can install from their repositories (my personal favorite) or you can install manually by uploading it to your /var/www folder and configuring from there. I dig the automatic way, because it also updates automatically too.

So you’ll need to go here to add their repositories and key. One thing to note though, is that you’ll want to add the repository key after you add the repository, but before you do an apt-get update, then apt-get install owncloud. So do the following steps:

  1. wget -nv https://download.owncloud.org/download/repositories/stable/Ubuntu_16.04/Release.key -O Release.key
    apt-key add - < Release.key
  2. sh -c "echo 'deb http://download.owncloud.org/download/repositories/stable/Ubuntu_16.04/ /' > /etc/apt/sources.list.d/owncloud.list"
    
  3. sudo apt-get update
  4. sudo apt-get install owncloud

That way, when you do the update, it doesn’t give you any key errors. NOTE: A lot of this is easier if you do it by SSHing into your server, instead of running off of the command line directly, or via an ESX client. Copying and pasting is so much easier this way!

Configuring Apache for Owncloud

There are a few minor things you need to do, in order to get your server’s Apache install ready for Owncloud.

Run the following commands:

  1. sudo a2enmod ssl
    sudo a2ensite default-ssl
    sudo a2enmod rewrite
  2. Restart your Apache server by typing
    sudo service apache2 restart

Next, you’ll need to edit the Apache configuration file to allow Owncloud to override the .htaccess file with it’s own.

  1. sudo nano /etc/apache2/apache2.conf
  2. Find “AllowOverride None” for /var/www and replace it with “AllowOverride All”
  3. Save the configuration file

At this point, you can point your browser to the IP address of your server with /owncloud on the end (http://xx.xx.xx.xx/owncloud), and it should give you the following:

Screen Shot 2014-06-18 at 3.54.04 PM

But stop there; you don’t want to configure your admin account yet. First, it is most definitely recommended to move the data directory for your Owncloud server outside of the Apache root, which is /var/www. I’d recommend just creating something at the root of your drive (or another partition, if you have one), such as /ocdata. It really doesn’t matter what you call it, as long as you put it into the configuration set-up. You’ll also want to give the web user and group ownership of that directory, by typing “sudo chown -R www-data:www-data /ocdata”.

Click on the “Advanced” option, so that you can select where the data directory will be going (in my case ocdata at the root), and then select MySQL with all the local information you created when installing the server. You do NOT want to use SQLite, if you plan on having any significant amount of files/data on the server.

You can name the database whatever you want, it doesn’t matter. Make sure you clear out the data path, and put the path in for the directory you created. MySQL host is “localhost”, unless of course you’ve decided to host the MySQL database on a different server, which is totally fine. You’re not done yet, but you’re getting closer!

Next, change the PHP configuration to allow large file uploads. By default, it’s only 2MB, which is probably too small for pretty much anyone. However, you can easily change this by editing the PHP config file:

  1. sudo nano /etc/php/7.0/apache2/php.ini
  2. Find “upload_max_filesize” and change it to something like 8G (8 gigabytes).
  3. Find “post_max_size” and change it to 8G as well.
  4. Find “output_buffering” and change it to 8192 (8GB in megabytes)
  5. sudo service apache2 restart

Now you can go into the Owncloud administration panel, located at the top right, and you will now see the following:

Screen Shot 2014-06-18 at 4.19.49 PM

Another thing you’ll want to do is modify the configurations for what the site goes to when you type http://yoursite. Right now, you have to type http://yoursite/owncloud to actually get to ownCloud, otherwise it’ll take you to the Ubuntu default page.

Type or copy/paste the following:

sudo nano /etc/apache2/sites-available/default-ssl.conf

Add the ServerName right above where it says ServerAdmin, and enter in what the Fully Qualified Domain Name for your server, such as Cloudstuff.mydomain.com.

Also, change the ServerAdmin to your email address. Lastly, where it says:

/var/www/html

Change it to:

/var/www/owncloud

Then restart Apache. This will make it so that when you type in https://cloudstuff.mydomain.com, it’ll go right to your ownCloud installation and not require typing /owncloud at the end of your URL.

Owncloud also needs to know that itself is a trusted domain. So go into your ownCloud configuration file, and add your FQDN where it most likely currently shows your IP address.

sudo nano /var/www/owncloud/config/config.php

Free SSL certificate with Let’s Encrypt

It used to be that the average home user or small business had to drop a bit of money on a certificate from Thawte or Verisign in order to get an SSL certificate, to show that their servers were secure. No longer the case! The EFF has created an amazing service for automated SSL certificate generation and installation that anyone can use.

Go to https://certbot.eff.org/#ubuntuxenial-apache, and follow the directions there, which basically boils down to:

sudo apt-get install python-letsencrypt-apache 
 Then:
sudo letsencrypt --apache
  1. “Which names would you like to activate HTTPS for?” Probably just the one, the name of the server you entered under “ServerName” above.
  2. “E-Mail address”. Put your e-mail address here.
  3. Agree with the Terms of Service. Or don’t, but then you can’t use Let’s Encrypt. 🙂
  4. “Please choose whether HTTPS access is required or optional”. Just do required. There’s really nothing lost, and definitely a lot gained, when forcing HTTPS on every connection.
Save that, and now you’re free to drag and drop large files. NOTE: I’ve not had much luck with files above 4GB in the web interface, but up to 8GB seems to work just fine in either the Owncloud sync client or a webDAV client like Cyberduck.
It seems to time out. There’s probably a fix, but honestly, the times I’ve needed to upload a single file bigger than 4GB through the web interface is pretty much nonexistent.

That’s basically it. You’ve got your own cloud server, complete with web page uploads, as well as great clients for OS X, Windows, Linux, iOS, and Android.

The sync clients are free on the desktop, but on mobile (on iOS at least; I don’t know about Android) it’s .99 cents. Well worth it though, since you can upload photos and videos directly from your phone, which is fantastic. You can also share links to files as well, directly from the mobile client. Very cool.

UPDATE

It’s also not a bad idea to go to SSLLabs.com, and run their SSL test against your server.

Posted in Tech.