Using ownCloud - Entware/Entware GitHub Wiki

Introduction

OwnCloud provides universal access to your files via the web, computer or mobile devices — wherever you are.

Requirements

  • Ability to open TCP81 port to access ownCloud from internet.

Installation

  • Install these packages:
opkg install \
coreutils-stat \
bzip2 \
php7-cgi \
php7-cli \
lighttpd-mod-fastcgi \
lighttpd-mod-access \
lighttpd-mod-expire \
lighttpd-mod-setenv \
php7-mod-ctype \
php7-mod-curl \
php7-mod-dom \
php7-mod-fileinfo \
php7-mod-gd \
php7-mod-hash \
php7-mod-iconv \
php7-mod-json \
php7-mod-mbstring \
php7-mod-pcntl \
php7-mod-pdo \
php7-mod-pdo-sqlite \
php7-mod-session \
php7-mod-simplexml \
php7-mod-sqlite3 \
php7-mod-xml \
php7-mod-xmlwriter \
php7-mod-xmlreader \
php7-mod-openssl \
php7-mod-intl \
php7-mod-zip
  • Download and unpack ownCloud files. Alternatively, get the Nextcloud server package.
wget -O - http://download.owncloud.org/community/owncloud-10.2.1.tar.bz2 | \
bzip2 -cd | tar -xvC /opt/share/www/
  • Add following strings at the end of /opt/etc/lighttpd/lighttpd.conf:
server.port = 81

fastcgi.server = (
  ".php" =>
    ( "localhost" =>
      ( "socket" => "/tmp/php-fcgi.sock",
        "bin-path" => "/opt/bin/php-fcgi",
        "max-procs" => 1,
        "bin-environment" =>
          ( "PHP_FCGI_CHILDREN" => "2",
            "PHP_FCGI_MAX_REQUESTS" => "1000"
          )
        )
     )
 )

server.modules += ("mod_setenv") 
$HTTP["url"] =~ "^/(own|next)cloud($|/)" {
  # Hardening
  # - Directories    
  $HTTP["url"] =~ "^/(own|next)cloud/(build|tests|config|lib|3rdparty|templates|data)($|/)" {
    url.access-deny = ("")
  }                                                       
  # - Files
  $HTTP["url"] =~ "^/(own|next)cloud/(\.|autotest|occ|issue|indie|db_|console)" {
    url.access-deny = ("") 
  }                                             
  # - Directory listing
  dir-listing.active = "disable"
  # - Cache control and security headers for static resources
  #   Consider adding jpg in the regex below to cache thumbnails as well
  $HTTP["url"] =~ "^/(own|next)cloud/\.(css|js|woff2?|svg|gif)$" {
    # Enable browser cache
    expire.url = ( "" => "access plus 365 days")
    # Security headers
    setenv.add-response-header += (   
      "Cache-Control" => "public, max-age=15778463",
      "X-Content-Type-Options" => "nosniff", 
      "X-XSS-Protection" => "1; mode=block", 
      "X-Robots-Tag" => "none",  
      "X-Download-Options" => "noopen", 
      "X-Permitted-Cross-Domain-Policies" => "none",
      "Referrer-Policy" => "no-referrer",   
    )
  }  
}
  • Edit /opt/etc/php.ini:
upload_max_filesize = 100M
post_max_size = 100M
memory_limit = 32M
  • Start lighttpd:
/opt/etc/init.d/S80lighttpd start

Using Owncloud

Open http://<ip address of device>:81/owncloud and create new account. You can access your files via Web interface or Desktop/Mobile clients.

Using the occ Command

ownCloud’s occ command (ownCloud console) is ownCloud’s command-line interface. You can perform many common server operations with occ, such as installing and upgrading ownCloud, managing users and groups, encryption, passwords, LDAP setting, and more.

It's located at /opt/share/www/owncloud/occ. For Entware, you need to change the first line to

#!/usr/bin/env php-cli

Upgrade Owncloud

Move your data and config out of the owncloud directory before upgrading. For more info, see

Advanced topics

Setup SSL

Instead of using port 81, you can setup HTTPS on port 443 with LetsEncrypt based on these instructions: https://redmine.lighttpd.net/projects/lighttpd/wiki/HowToSimpleSSL.

Install the relevant php7 module

opkg install php7-mod-openssl openssl-util

Add this to /opt/etc/lighttpd/lighttpd.conf with the desired hostname.

server.modules += ("mod_openssl")
$SERVER["socket"] == "0.0.0.0:443" {
    ssl.engine = "enable"
    ssl.acme-tls-1 = "/opt/etc/lighttpd/dehydrated/tls-alpn-01"
    ssl.openssl.ssl-conf-cmd = ("Protocol" => "-ALL, TLSv1.2, TLSv1.3") # (recommended to a
    ssl.privkey= "/opt/etc/lighttpd/certs/www.example.com/privkey.pem"
    ssl.pemfile= "/opt/etc/lighttpd/certs/www.example.com/cert.pem"
    ssl.ca-file= "/opt/etc/lighttpd/certs/www.example.com/chain.pem"
}

Edit the hostname in the snippet below, then run it to generate a temporary certificate.

#!/opt/bin/bash
certdir=/opt/etc/lighttpd/certs
hostname=www.example.com
mkdir -p $certdir/$hostname && openssl req -new -x509 -keyout $certdir/$hostname/privkey.pem -out $certdir/$hostname/cert.pem -days 365 -nodes -config <(cat <<-EOF
[ req ]
distinguished_name = dn
prompt = no
[ dn ]
CN = $hostname
[ req_ext ]
subjectAltName = @san
[ san ]
DNS = $hostname
EOF
) && cp $certdir/$hostname/cert.pem $certdir/$hostname/chain.pem

Then start the web server. If it was already running, use restart instead.

/opt/etc/init.d/start/S80lighttpd start

Download dehydrated. I had to patch it slightly as there's no DNS section in the temporary certificate, so I wouldn't accept the temporary cert.

mkdir -p /opt/etc/lighttpd/dehydrated/tls-alpn-01
cd /opt/share && git clone https://github.com/lukas2511/dehydrated && cd dehydrated
./dehydrated --register --accept-terms
sed -i "s#grep DNS:.*DNS:#grep Issuer: | _sed 's/Issuer:#" dehydrated

Generate new certs and register them with LetsEncrypt.

./dehydrated -d www.example.com -t tls-alpn-01 --out /opt/etc/lighttpd/certs --alpn /opt/etc/lighttpd/dehydrated/tls-alpn-01 -c -x

Restart the webserver to load the new certificates.

/opt/etc/init.d/start/S80lighttpd restart

MySQL database

opkg install mariadb-server \
             mariadb-client \
             php7-mod-pdo-mysql 

mysql_install_db --force
/opt/etc/init.d/S70mysqld restart

Create nextcloud user / database in mysql

... to be continued ...

Connect to MySQL datastore at 127.0.0.1:3306 (don't use localhost!)

Compression

Compress texty assets to gain speed over slower connections and save bandwidth in general.

opkg install lighttpd-mod-compress gzip
mkdir -p /opt/var/cache/compress

Set the cache dir in /opt/etc/lighttpd/conf.d/30-compress.conf

compress.cache-dir = "/opt/var/cache/compress"

Then add this to the lighttpd config for owncloud

$HTTP["url"] =~ "^/(own|next)cloud($|/)" {
  # Compress cache-dir
  compress.cache-dir = "/opt/var/cache/compress"
  compress.allowed-encodings = ("bzip2", "gzip", "deflate")
  compress.filetype = ( "application/atom+xml", "application/javascript", "application/json", "application/ld+json", "application/manifest+json" )
  compress.filetype += ( "application/rss+xml", "application/vnd.geo+json", "application/vnd.ms-fontobject", "application/x-font-ttf" )
  compress.filetype += ( "application/x-web-app-manifest+json", "application/xhtml+xml", "application/xml", "font/opentype", "image/bmp" )
  compress.filetype += ( "image/svg+xml", "image/x-icon", "text/cache-manifest", "text/css", "text/plain", "text/vcard", "text/vnd.rim.location.xloc" )
  compress.filetype += ( "text/vtt", "text/x-component", "text/x-cross-domain-policy" )
  ...

Restart the webserver to enable compression.

/opt/etc/init.d/start/S80lighttpd restart

Verify it works by browsing around and check that compressed files are generated in the cache dir.

find /opt/var/cache

Redis cache

First install redis and start the redis server.

opkg install redis php7-pecl-redis
/opt/etc/init.d/S70redis start

Add this snippet to /opt/share/www/owncloud/config/config.php

  'memcache.locking' => '\OC\Memcache\Redis',
  'memcache.local' => '\OC\Memcache\Redis',
  'redis' => [
    'host' => 'localhost',
    'port' => '6379',
  ],

After browsing around a bit in ownCloud, verify that the redis cache is in use with

redis-cli keys "*"

Issues

If this tutorial doesn't work for you, make a ticket and refer to me (@stefaang). I'll have look when I'm in a good mood. For ownCloud/NextCloud specific issues, go to the corresponding issue trackers.

Large file issues (2GB+)

Nextcloud uses a LargeFileHelper to get around the 2GB limit. Make sure you have coreutils-stat as busybox stat doesn't support the -c flag.

Links