ownCloud, meet NAS Box ...

I have this NAS box, it’s awesome. However as more and more deivces (phone, tablet, desktop, etc ..) started to use this NAS box for storage and backups, managing all these files from command line got old, really quick. Enter ownCloud.

Normally I would protest to the fullest when it came to putting more than one primary service on a box. But as I have need for it at the moment, I’ll lower the picket signs.

This box takes on a few roles: provide storage for and accept backups from multiple boxes and devices; house /home user files and allow other systems to mount them as such; and provide a backend for my ‘Download the Internet’ button (Ha, just kidding, kinda, … well, it’s in the works).

It started out as ‘fun’ managing things from the command line, but it’s just not convenient. I needed a front-end.

This particular ownCloud setup will really be meant for just one user. All of my files go on this NAS box under /home/user. ‘/home’ is actually symlinked to ‘/mnt/trinity/beta’. In the past, I’ve simply used two boxes, one for files and one for a desktop, and have mounted ‘/home’ from the NAS export ‘/mnt/trinity/beta’. This has worked wonderfully in the past, but we’re moving away from that system at the moment.

This box will go back to being a simple NAS box. But now it needs an interface.

Enter ownCloud:

With ownCloud you can sync & share your files, calendar, contacts and more.
Access your data from all your devices, on an open platform you can extend and modify.

I’ve known about it for quite some time now, but never really thought to put it on a NAS box as its main interface. I don’t like the idea of mixing services (ex, if you have a web server, it should serve web pages and not additionally handle email). But with everything being so lightweight (and enough ram to spare) it shouldn’t hurt anything.

Installation

This box is running Debian (7). You should update the commands and paths below to match your system. First, run updates:

1
root@blackpool:~# apt-get update && apt-get upgrade

Then install php5-fpm php5-gd php5-sqlite:

1
root@blackpool:~# apt-get install php5-fpm php5-gd php5-sqlite

These are the only things I had to install, however you should check to make sure your installation contains all the requirements listed here.

Now, for (what would be) suPHP/group permissions hell fun. You can’t have ‘php’ (running as nginx user www-data) access, modify, delete, etc., files of other users. Even if you have the proper symlinks in place. ownCloud will have all the user files in /installed/path/owncloud/data/{user}/files. PHP by default is running as www-data. If I wanted ‘/installed/path/owncloud/data/me/files’ to symlink to ‘/home/me‘, php/www-data, would not have access to ‘my’ files. So, I decided to run php as ‘me’, the home user. I’m doing it this way because my ocd will not allow me to chown -R me:www-data /home/user. That’s just silly – shutter.

Php-fpm allows you to run php instances as different users via a cool feature called ‘pools’. It’s the closest thing to Apache’s ‘suPhp’.

I would be the only one accessing this interface anyway, as it is on my private network, thus you can edit any of the following paths to match your preferences.

1
2
root@blackpool:~# cd /etc/php5/fpm/pool.d/
root@blackpool:/etc/php5/fpm/pool.d# cp -pv www.conf me.conf

In ‘me.conf’ file, you need to change the pool name:

1
2
; pool name ('www' here)
[me]

… the user/group proccess to match your username:

1
2
3
4
5
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = me
group = me

… the default socket (assuming you don’t want to use the ‘www’ socket):

1
listen = /var/run/php5-fpm.sock.me

… and the socket permissions:

1
2
3
4
5
6
7
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = www-data
listen.group = www-data

Assuming that is all you wish to change, restart php-fpm and check for your new socket:

1
2
3
root@blackpool:/etc/php5/fpm/pool.d# service php5-fpm restart && ll /var/run/php5-fpm.sock.me 
Restarting PHP5 FastCGI Process Manager: php5-fpm.
srw-rw---- 1 www-data www-data 0 Nov 7 20:17 /var/run/php5-fpm.sock.me

If you don’t have any errors you can move on to installing ownCloud.

First, to have this as secure as possible, it should be accessed via https/ssl. You can generate a self-signed certificate from command line:

Assuming the hostname for this installation: ‘me.backup.whiteroom’

1
2
3
4
root@blackpool:~# openssl req -nodes -newkey rsa:2048 -keyout me.backup.whiteroom.key -out me.backup.whiteroom.csr
root@blackpool:~# openssl x509 -req -days 365 -in me.backup.whiteroom.csr -signkey me.backup.whiteroom.key -out me.backup.whiteroom.crt
root@blackpool:~# cp -pv me.backup.whiteroom.crt /etc/ssl/certs/
root@blackpool:~# cp -pv me.backup.whiteroom.key /etc/ssl/private/

Next, install nginx and owncloud:

1
2
3
4
5
6
7
8
9
10
11
12
root@blackpool:~# apt-get install nginx
...
..
.
root@blackpool:~# cd /opt
root@blackpool:/opt# wget https://download.owncloud.org/community/owncloud-7.0.2.tar.bz2
root@blackpool:/opt# tar xvjf owncloud-7.0.2.tar.bz2
root@blackpool:/opt# cd owncloud/

# Since I'll be the only user accessing this interface (and since php will be running as 'me', I'm changing the ownership to 'me' to prevent permission errors):

root@blackpool:/opt/owncloud/# chown -R me. .

ownCloud is installed! Now nginx needs to be configured to match the work we’ve done. A working configuration file for nginx can be found here.

These are the changes I’ve made:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# /etc/nginx/sites-enabled/me.backup.whiteroom.conf

# This should match the socket path you created;

upstream php-handler {
#server 127.0.0.1:9000;
server unix:/var/run/php5-fpm.sock.me;
}

...
..
.

# Replace any instances of 'server_name' with your server name (ex, https://me.backup.whiteroom);

server {
listen 80;
server_name me.backup.whiteroom;

...
..
.

# Update the path of your SSL certs:

ssl_certificate /etc/ssl/certs/me.backup.whiteroom.crt;
ssl_certificate_key /etc/ssl/private/me.backup.whiteroom.key;

...
..
.

# Update the root install path:

# Path to the root of your installation
root /opt/owncloud;

# :wq! (<-- xD).

Restart nginx:

1
root@blackpool:~# service restart nginx

If you don’t have any errors, you can move on to the installation page –> https://yourservername, in my case https://me.backup.whiteroom. On this page, if your server meets all the requirements, you should be able to enter a new admin user. Once that is complete, login and add yourself (/home user) as a new user.

Login

The default path (in this case) is /opt/owncloud/data/me. There, two files are created, ‘files’ and ‘cache’. As these are just the default files, I removed ‘files’ and did the following:

1
2
3
4
5
6
7
8
9
10
11
root@blackpool:~# su - me
me@blackpool:~$ cd /opt/owncloud/data/me
me@blackpool:/opt/owncloud/data/me$ ln -s /home/me ./files
me@blackpool:/opt/owncloud/data/me$ ll
total 20
drwxr-xr-x 2 me me 4096 Nov 7 19:33 cache
lrwxrwxrwx 1 me me 8 Nov 7 19:33 files -> /home/me
drwxr-xr-x 6 me me 4096 Nov 7 19:35 files_trashbin
drwxr-xr-x 3 me me 4096 Nov 7 19:36 gallery
drwxr-xr-x 2 me me 4096 Nov 7 19:37 lucene_index
drwxr-xr-x 14 me me 4096 Nov 7 19:37 thumbnails

Log out, and login as your home user

Create a new user

If all went well, you should see a list of your home files.

Home

The ownCloud interface is flawless and smooth. I’m pretty sure the rest of this night will be spent cleaning out old files I haven’t touched in years.