Using ownCloud - Entware/Entware GitHub Wiki
Introduction
OwnCloud provides universal access to your files via the web, computer or mobile devices — wherever you are.
Requirements
- Ability to open TCP81 port to access ownCloud from internet.
Installation
- Install these packages:
opkg install \
coreutils-stat \
bzip2 \
php7-cgi \
php7-cli \
lighttpd-mod-fastcgi \
lighttpd-mod-access \
lighttpd-mod-expire \
lighttpd-mod-setenv \
php7-mod-ctype \
php7-mod-curl \
php7-mod-dom \
php7-mod-fileinfo \
php7-mod-gd \
php7-mod-hash \
php7-mod-iconv \
php7-mod-json \
php7-mod-mbstring \
php7-mod-pcntl \
php7-mod-pdo \
php7-mod-pdo-sqlite \
php7-mod-session \
php7-mod-simplexml \
php7-mod-sqlite3 \
php7-mod-xml \
php7-mod-xmlwriter \
php7-mod-xmlreader \
php7-mod-openssl \
php7-mod-intl \
php7-mod-zip
- Download and unpack ownCloud files. Alternatively, get the Nextcloud server package.
wget -O - http://download.owncloud.org/community/owncloud-10.2.1.tar.bz2 | \
bzip2 -cd | tar -xvC /opt/share/www/
- Add following strings at the end of
/opt/etc/lighttpd/lighttpd.conf
:
server.port = 81
fastcgi.server = (
".php" =>
( "localhost" =>
( "socket" => "/tmp/php-fcgi.sock",
"bin-path" => "/opt/bin/php-fcgi",
"max-procs" => 1,
"bin-environment" =>
( "PHP_FCGI_CHILDREN" => "2",
"PHP_FCGI_MAX_REQUESTS" => "1000"
)
)
)
)
server.modules += ("mod_setenv")
$HTTP["url"] =~ "^/(own|next)cloud($|/)" {
# Hardening
# - Directories
$HTTP["url"] =~ "^/(own|next)cloud/(build|tests|config|lib|3rdparty|templates|data)($|/)" {
url.access-deny = ("")
}
# - Files
$HTTP["url"] =~ "^/(own|next)cloud/(\.|autotest|occ|issue|indie|db_|console)" {
url.access-deny = ("")
}
# - Directory listing
dir-listing.active = "disable"
# - Cache control and security headers for static resources
# Consider adding jpg in the regex below to cache thumbnails as well
$HTTP["url"] =~ "^/(own|next)cloud/\.(css|js|woff2?|svg|gif)$" {
# Enable browser cache
expire.url = ( "" => "access plus 365 days")
# Security headers
setenv.add-response-header += (
"Cache-Control" => "public, max-age=15778463",
"X-Content-Type-Options" => "nosniff",
"X-XSS-Protection" => "1; mode=block",
"X-Robots-Tag" => "none",
"X-Download-Options" => "noopen",
"X-Permitted-Cross-Domain-Policies" => "none",
"Referrer-Policy" => "no-referrer",
)
}
}
- Edit
/opt/etc/php.ini
:
upload_max_filesize = 100M
post_max_size = 100M
memory_limit = 32M
- Start lighttpd:
/opt/etc/init.d/S80lighttpd start
Using Owncloud
Open http://<ip address of device>:81/owncloud
and create new account. You can access your files via Web interface or Desktop/Mobile clients.
occ
Command
Using the ownCloud’s occ command (ownCloud console) is ownCloud’s command-line interface. You can perform many common server operations with occ, such as installing and upgrading ownCloud, managing users and groups, encryption, passwords, LDAP setting, and more.
It's located at /opt/share/www/owncloud/occ
. For Entware, you need to change the first line to
#!/usr/bin/env php-cli
Upgrade Owncloud
Move your data and config out of the owncloud directory before upgrading. For more info, see
- https://doc.owncloud.org/server/10.0/admin_manual/maintenance/upgrade.html
- https://docs.nextcloud.com/server/10/admin_manual/maintenance/manual_upgrade.html
Advanced topics
Setup SSL
Instead of using port 81, you can setup HTTPS on port 443 with LetsEncrypt based on these instructions: https://redmine.lighttpd.net/projects/lighttpd/wiki/HowToSimpleSSL.
Install the relevant php7 module
opkg install php7-mod-openssl openssl-util
Add this to /opt/etc/lighttpd/lighttpd.conf with the desired hostname.
server.modules += ("mod_openssl")
$SERVER["socket"] == "0.0.0.0:443" {
ssl.engine = "enable"
ssl.acme-tls-1 = "/opt/etc/lighttpd/dehydrated/tls-alpn-01"
ssl.openssl.ssl-conf-cmd = ("Protocol" => "-ALL, TLSv1.2, TLSv1.3") # (recommended to a
ssl.privkey= "/opt/etc/lighttpd/certs/www.example.com/privkey.pem"
ssl.pemfile= "/opt/etc/lighttpd/certs/www.example.com/cert.pem"
ssl.ca-file= "/opt/etc/lighttpd/certs/www.example.com/chain.pem"
}
Edit the hostname in the snippet below, then run it to generate a temporary certificate.
#!/opt/bin/bash
certdir=/opt/etc/lighttpd/certs
hostname=www.example.com
mkdir -p $certdir/$hostname && openssl req -new -x509 -keyout $certdir/$hostname/privkey.pem -out $certdir/$hostname/cert.pem -days 365 -nodes -config <(cat <<-EOF
[ req ]
distinguished_name = dn
prompt = no
[ dn ]
CN = $hostname
[ req_ext ]
subjectAltName = @san
[ san ]
DNS = $hostname
EOF
) && cp $certdir/$hostname/cert.pem $certdir/$hostname/chain.pem
Then start the web server. If it was already running, use restart instead.
/opt/etc/init.d/start/S80lighttpd start
Download dehydrated. I had to patch it slightly as there's no DNS section in the temporary certificate, so I wouldn't accept the temporary cert.
mkdir -p /opt/etc/lighttpd/dehydrated/tls-alpn-01
cd /opt/share && git clone https://github.com/lukas2511/dehydrated && cd dehydrated
./dehydrated --register --accept-terms
sed -i "s#grep DNS:.*DNS:#grep Issuer: | _sed 's/Issuer:#" dehydrated
Generate new certs and register them with LetsEncrypt.
./dehydrated -d www.example.com -t tls-alpn-01 --out /opt/etc/lighttpd/certs --alpn /opt/etc/lighttpd/dehydrated/tls-alpn-01 -c -x
Restart the webserver to load the new certificates.
/opt/etc/init.d/start/S80lighttpd restart
MySQL database
opkg install mariadb-server \
mariadb-client \
php7-mod-pdo-mysql
mysql_install_db --force
/opt/etc/init.d/S70mysqld restart
Create nextcloud user / database in mysql
... to be continued ...
Connect to MySQL datastore at 127.0.0.1:3306 (don't use localhost!)
Compression
Compress texty assets to gain speed over slower connections and save bandwidth in general.
opkg install lighttpd-mod-compress gzip
mkdir -p /opt/var/cache/compress
Set the cache dir in /opt/etc/lighttpd/conf.d/30-compress.conf
compress.cache-dir = "/opt/var/cache/compress"
Then add this to the lighttpd config for owncloud
$HTTP["url"] =~ "^/(own|next)cloud($|/)" {
# Compress cache-dir
compress.cache-dir = "/opt/var/cache/compress"
compress.allowed-encodings = ("bzip2", "gzip", "deflate")
compress.filetype = ( "application/atom+xml", "application/javascript", "application/json", "application/ld+json", "application/manifest+json" )
compress.filetype += ( "application/rss+xml", "application/vnd.geo+json", "application/vnd.ms-fontobject", "application/x-font-ttf" )
compress.filetype += ( "application/x-web-app-manifest+json", "application/xhtml+xml", "application/xml", "font/opentype", "image/bmp" )
compress.filetype += ( "image/svg+xml", "image/x-icon", "text/cache-manifest", "text/css", "text/plain", "text/vcard", "text/vnd.rim.location.xloc" )
compress.filetype += ( "text/vtt", "text/x-component", "text/x-cross-domain-policy" )
...
Restart the webserver to enable compression.
/opt/etc/init.d/start/S80lighttpd restart
Verify it works by browsing around and check that compressed files are generated in the cache dir.
find /opt/var/cache
Redis cache
First install redis and start the redis server.
opkg install redis php7-pecl-redis
/opt/etc/init.d/S70redis start
Add this snippet to /opt/share/www/owncloud/config/config.php
'memcache.locking' => '\OC\Memcache\Redis',
'memcache.local' => '\OC\Memcache\Redis',
'redis' => [
'host' => 'localhost',
'port' => '6379',
],
After browsing around a bit in ownCloud, verify that the redis cache is in use with
redis-cli keys "*"
Issues
If this tutorial doesn't work for you, make a ticket and refer to me (@stefaang
). I'll have look when I'm in a good mood. For ownCloud/NextCloud specific issues, go to the corresponding issue trackers.
Large file issues (2GB+)
Nextcloud uses a LargeFileHelper to get around the 2GB limit.
Make sure you have coreutils-stat as busybox stat doesn't support the -c
flag.
Links
- ownCloud project page - https://owncloud.org/
- ownCloud on asuswrt-merlin - http://www.snbforums.com/threads/how-to-owncloud-on-router.10403/
- lighttpd-nextcloud-config - https://help.nextcloud.com/t/lighttpd-nextcloud-config/23110/11