Install OwnCloud 8.2 Installation Guide

Preferred Linux Installation Method (Ubuntu_14.04 owncloud-8.2.2-1.1) Preferred Linux Installation Method link
You can add the repository key to apt. Keep in mind that the owner of the key may distribute updates, packages and repositories that your system will trust (more information)
wget -nv https://download.owncloud.org/download/repositories/8.2/Ubuntu_14.04/Release.key -O Release.key
apt-key add - < Release.key
Run the following shell commands as root to add the repository and install from there.
sh -c "echo 'deb http://download.owncloud.org/download/repositories/8.2/Ubuntu_14.04/ /' >> /etc/apt/sources.list.d/owncloud.list"
apt-get update
apt-get install owncloud

Start the Installation Wizard

Moving data directory outside web server root

  • Stop your webserver
  • Check if your config.php already contains a datadirectory entry. If it does, remember that location (let’s assume it’s ‘/var/www/owncloud/data’ for now).
  • Change or create the “datadirectory” entry in config.php file, so that it points to wherever you want to have your data from now on. Assuming the directory you want to move the data folder to is ‘/media/usbdisk/ocdata’, your config.php should look like this after the change:
 <?php
   $CONFIG = array (
     'datadirectory' => '/media/usbdisk/ocdata/',
     'dbtype' => ...
  • Make sure the “ocdata” subdirectory doesn’t exist yet (or the command in the following step will move your data folder in a subdirectory of it)
  • Move all the existing files of the original data (/var/www/owncloud/data in our example) to that new location, e.g. under linux:
mv /var/www/owncloud/data /media/usbdisk/ocdata
  • Make sure the permission/ownership of the new folder is set up correctly, and that all files contained in it have the user running php as owner (see e.g. here for Linux how to find out which user that is). Let’s assume your apache runs as “www-data” (as it e.g. would under Ubuntu). Then you should change all folders/files to be owned by that user, like so:
chown -R www-data:www-data /media/usbdisk/ocdata
  • You can verify that the webserver can read the directory, this should show you the content of the folder:
sudo -u www-data ls -lisa /media/usbdisk/ocdata
  • Start your webserver
  • Possibly (if your files don’t show up) you might have to rescan your files (see e.g. here or here on how to do that)

Setting Strong Directory Permissions

For hardened security we recommend setting the permissions on your ownCloud directories as strictly as possible, and for proper server operations. This should be done immediately after the initial installation and before running the setup. Your HTTP user must own the config/, data/ and apps/ directories so that you can configure ownCloud, create, modify and delete your data files, and install apps via the ownCloud Web interface.

You can find your HTTP user in your HTTP server configuration files. Or you can use PHP Version and Information (Look for the User/Group line).

  • The HTTP user and group in Debian/Ubuntu is www-data.

The easy way to set the correct permissions is to copy and run this script. Replace the ocpath variable with the path to your ownCloud directory, and replace the htuser and htgroup variables with your HTTP user and group:

#!/bin/bash
ocpath='/var/www/owncloud'
ocpathofdata='/var/www/owncloud/data'
htuser='www-data'
htgroup='www-data'
rootuser='root'
printf "Creating possible missing Directories\n"
mkdir -p $ocpath/assets

printf "chmod Files and Directories\n"
find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640
find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750
printf "chown Directories\n"
chown -R ${rootuser}:${htgroup} ${ocpath}/
chown -R ${htuser}:${htgroup} ${ocpath}/apps/
chown -R ${htuser}:${htgroup} ${ocpath}/config/
chown -R ${htuser}:${htgroup} ${ocpathofdata}/
chown -R ${htuser}:${htgroup} ${ocpath}/themes/
chown -R ${htuser}:${htgroup} ${ocpath}/assets/
chmod +x ${ocpath}/occ

printf "chmod/chown .htaccess\n"
if [ -f ${ocpath}/.htaccess ]
 then
  chmod 0644 ${ocpath}/.htaccess
  chown ${rootuser}:${htgroup} ${ocpath}/.htaccess
fi
if [ -f ${ocpath}/data/.htaccess ]
 then
  chmod 0644 ${ocpath}/data/.htaccess
  chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess
fi

Enable HTTPS

Source: Enabling SSL

Using ownCloud without using an encrypted HTTPS connection opens up your server to a man-in-the-middle (MITM) attack, and risks the interception of user data and passwords. It is a best practice, and highly recommended, to always use HTTPS on production servers, and to never allow unencrypted HTTP.

Apache installed under Ubuntu comes already set-up with a simple self-signed certificate. All you have to do is to enable the ssl module and the default site. Open a terminal and run:

a2enmod ssl
a2ensite default-ssl
service apache2 reload

Important:You have to change the root folder of OwnCloud at the apache conf of ssl. Location:

/etc/apache2/sites-enabled/default-ssl.conf

Redirect all unencrypted traffic to HTTPS

The following examples are for Apache. Redirect all unencrypted traffic to HTTPS¶

To redirect all HTTP traffic to HTTPS administrators are encouraged to issue a permanent redirect using the 301 status code. When using Apache this can be achieved by a setting such as the following in the Apache VirtualHosts config:

<VirtualHost *:80>
  ServerName cloud.owncloud.com
  Redirect permanent / https://cloud.owncloud.com/
</VirtualHost>

Set Trusted Domains

All URLs used to access your ownCloud server must be whitelisted in your config.php file, under the trusted_domains setting. Users are allowed to log into ownCloud only when they point their browsers to a URL that is listed in the trusted_domains setting. You may use IP addresses and domain names. A typical configuration looks like this:

'trusted_domains' =>
 array (
  0 => 'localhost',
  1 => 'server1.example.com',
  2 => '192.168.1.50',
),

The loopback address, 127.0.0.1, is automatically whitelisted, so as long as you have access to the physical server you can always log in.

Adding our domains/URLs in the trusted domains

At this point i had to put the local url (for intranet access) and the public ip or url (for accessing the owncloud from the internet). If you get the following message

 add Untrasted Domain / redirect to localhost 

when you access the url of the owncloud you have to do that:

Enable HTTP Strict Transport Security

Source https://doc.owncloud.org/server/8.2/admin_manual/configuration_server/harden_server.html

While redirecting all traffic to HTTPS is good, it may not completely prevent man-in-the-middle attacks. Thus administrators are encouraged to set the HTTP Strict Transport Security header, which instructs browsers to not allow any connection to the ownCloud instance using HTTP, and it attempts to prevent site visitors from bypassing invalid certificate warnings.

This can be achieved by setting the following settings within the Apache VirtualHost file:

<VirtualHost *:443>
 ServerName cloud.owncloud.com
   <IfModule mod_headers.c>
     Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
   </IfModule>
</VirtualHost>

This example configuration will make all subdomains only accessible via HTTPS. If you have subdomains not accessible via HTTPS, remove includeSubdomains;. This requires the mod_headers extension in Apache. To enable mod_headers in Apache, run in terminal:

sudo a2enmod headers

Then restart Apache and check the security messages in admin account.