Owncloud errors

How to fix “the .htaccess file does not work” message

On various distros you need to edit the /etc/apache2/apache2.conf directly and replace the “AllowOverride None” with “AllowOverride All”. I found instruction from that link:

Manually disable locking state

  • put ownCloud in maintenance mode: edit config/config.php and change this line:
    'maintenance' => true,
  • Empty table oc_file_locks: Use tools such as phpmyadmin or connect directly to your database and run:
    DELETE FROM oc_file_locks WHERE 1
  • disable maintenance mode (undo first step).

Automatically reset locking state

Normally ownCloud should reset the locked state on its own via background jobs. So make sure your cron-jobs run properly (you admin page tells you when cron ran the last time): https://doc.owncloud.org/server/9.0/admin_manual/configuration_server/background_jobs_configuration.html803

Permanent solution (if it happens regularly)

Source/Links

Owncloud: Move data to other disk or disk replace

Prerequisites

Before you begin using this guide, an ownCloud server needs to be installed and configured. You can set one up by following this guide. If our installation guide was used, then the data directory is in ownCloud’s web root, which by default is located at /var/www/owncloud. In this example, we are moving ownCloud’s data directory to an attached additional storage volume that is mounted at /mnt/owncloud. If you are using DigitalOcean, you can mount a block storage volume to fulfill that role by following our How To Use Block Storage on DigitalOcean guide. Regardless of the underlying storage being used, this guide can help you move the data directory for ownCloud to a new location.

Step 1 – Moving the ownCloud Data Directory

When ownCloud is in use and backend changes are being made, there is the possibility that data may become corrupt or damaged. To prevent that from happening, we will stop Apache with the systemctlutility:

sudo systemctl stop apache2

Some of the service management commands do not display an output. To verify that Apache is no longer running, use the systemctl utility with the status command:

sudo systemctl status apache2

The last line of the output should state that it’s stopped.

Output
. . .
Stopped LSB: Apache2 web server.

Warning: It is highly recommended that you backup your data prior to making any changes. Copy the contents of the data directory to a new directory using the rsync command. Using the -aflag preserves the permissions and other directory properties, while the -v flag provides verbose output so you can monitor the progress. In the example below, we back up our content into a new directory, owncloud-data-bak, within our user’s home directory.

sudo rsync -av /var/www/owncloud/data/ ~/owncloud-data-bak/

With Apache stopped, we will move the data directory to the new location using the mv command:

sudo mv /var/www/owncloud/data /mnt/owncloud/

With the data directory relocated, we will update ownCloud so that it’s aware of this change.

Step 2 – Pointing ownCloud to the New Data Location

ownCloud stores its configurations in a single file, which we will edit with the new path to the datadirectory. Open the file with the nano editor:

sudo nano /var/www/owncloud/config/config.php

Find the datadirectory variable and update its value with the new location.

/var/www/owncloud/config/config.php

. . .
'datadirectory' => '/mnt/owncloud/data',
. . .

With the data directory moved and the configuration file updated, we are ready to confirm that our files are accessible from the new storage location.

Step 3 – Starting Apache

Now, we can start Apache using the systemctl command and regain access to ownCloud:

  • sudo systemctl start apache2

Finally, navigate to the ownCloud web interface:

https://server_domain_or_IP/owncloud

ownCloud is a web application and does not have a way to verify the integrity of its configuration. Therefore, access to the web interface means the operation was successful.

Conclusion

In this tutorial, we expanded the amount of disk space available to ownCloud. We accomplished this by moving its data directory to an additional storage volume. Although we were using a block storage device, the instructions here should be applicable for relocating the data directory regardless of the technology being used.

Source/Links

OwnCloud 8 Server: Manual Installation on Linux

Install OwnCloud 8.2 Installation Guide

Preferred Linux Installation Method (Ubuntu_14.04 owncloud-8.2.2-1.1) Preferred Linux Installation Method link
You can add the repository key to apt. Keep in mind that the owner of the key may distribute updates, packages and repositories that your system will trust (more information)
wget -nv https://download.owncloud.org/download/repositories/8.2/Ubuntu_14.04/Release.key -O Release.key
apt-key add - < Release.key
Run the following shell commands as root to add the repository and install from there.
sh -c "echo 'deb http://download.owncloud.org/download/repositories/8.2/Ubuntu_14.04/ /' >> /etc/apt/sources.list.d/owncloud.list"
apt-get update
apt-get install owncloud

Start the Installation Wizard

Moving data directory outside web server root

  • Stop your webserver
  • Check if your config.php already contains a datadirectory entry. If it does, remember that location (let’s assume it’s ‘/var/www/owncloud/data’ for now).
  • Change or create the “datadirectory” entry in config.php file, so that it points to wherever you want to have your data from now on. Assuming the directory you want to move the data folder to is ‘/media/usbdisk/ocdata’, your config.php should look like this after the change:
 <?php
   $CONFIG = array (
     'datadirectory' => '/media/usbdisk/ocdata/',
     'dbtype' => ...
  • Make sure the “ocdata” subdirectory doesn’t exist yet (or the command in the following step will move your data folder in a subdirectory of it)
  • Move all the existing files of the original data (/var/www/owncloud/data in our example) to that new location, e.g. under linux:
mv /var/www/owncloud/data /media/usbdisk/ocdata
  • Make sure the permission/ownership of the new folder is set up correctly, and that all files contained in it have the user running php as owner (see e.g. here for Linux how to find out which user that is). Let’s assume your apache runs as “www-data” (as it e.g. would under Ubuntu). Then you should change all folders/files to be owned by that user, like so:
chown -R www-data:www-data /media/usbdisk/ocdata
  • You can verify that the webserver can read the directory, this should show you the content of the folder:
sudo -u www-data ls -lisa /media/usbdisk/ocdata
  • Start your webserver
  • Possibly (if your files don’t show up) you might have to rescan your files (see e.g. here or here on how to do that)

Setting Strong Directory Permissions

For hardened security we recommend setting the permissions on your ownCloud directories as strictly as possible, and for proper server operations. This should be done immediately after the initial installation and before running the setup. Your HTTP user must own the config/, data/ and apps/ directories so that you can configure ownCloud, create, modify and delete your data files, and install apps via the ownCloud Web interface.

You can find your HTTP user in your HTTP server configuration files. Or you can use PHP Version and Information (Look for the User/Group line).

  • The HTTP user and group in Debian/Ubuntu is www-data.

The easy way to set the correct permissions is to copy and run this script. Replace the ocpath variable with the path to your ownCloud directory, and replace the htuser and htgroup variables with your HTTP user and group:

#!/bin/bash
ocpath='/var/www/owncloud'
ocpathofdata='/var/www/owncloud/data'
htuser='www-data'
htgroup='www-data'
rootuser='root'
printf "Creating possible missing Directories\n"
mkdir -p $ocpath/assets

printf "chmod Files and Directories\n"
find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640
find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750
printf "chown Directories\n"
chown -R ${rootuser}:${htgroup} ${ocpath}/
chown -R ${htuser}:${htgroup} ${ocpath}/apps/
chown -R ${htuser}:${htgroup} ${ocpath}/config/
chown -R ${htuser}:${htgroup} ${ocpathofdata}/
chown -R ${htuser}:${htgroup} ${ocpath}/themes/
chown -R ${htuser}:${htgroup} ${ocpath}/assets/
chmod +x ${ocpath}/occ

printf "chmod/chown .htaccess\n"
if [ -f ${ocpath}/.htaccess ]
 then
  chmod 0644 ${ocpath}/.htaccess
  chown ${rootuser}:${htgroup} ${ocpath}/.htaccess
fi
if [ -f ${ocpath}/data/.htaccess ]
 then
  chmod 0644 ${ocpath}/data/.htaccess
  chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess
fi

Enable HTTPS

Source: Enabling SSL

Using ownCloud without using an encrypted HTTPS connection opens up your server to a man-in-the-middle (MITM) attack, and risks the interception of user data and passwords. It is a best practice, and highly recommended, to always use HTTPS on production servers, and to never allow unencrypted HTTP.

Apache installed under Ubuntu comes already set-up with a simple self-signed certificate. All you have to do is to enable the ssl module and the default site. Open a terminal and run:

a2enmod ssl
a2ensite default-ssl
service apache2 reload

Important:You have to change the root folder of OwnCloud at the apache conf of ssl. Location:

/etc/apache2/sites-enabled/default-ssl.conf

Redirect all unencrypted traffic to HTTPS

The following examples are for Apache. Redirect all unencrypted traffic to HTTPS¶

To redirect all HTTP traffic to HTTPS administrators are encouraged to issue a permanent redirect using the 301 status code. When using Apache this can be achieved by a setting such as the following in the Apache VirtualHosts config:

<VirtualHost *:80>
  ServerName cloud.owncloud.com
  Redirect permanent / https://cloud.owncloud.com/
</VirtualHost>

Set Trusted Domains

All URLs used to access your ownCloud server must be whitelisted in your config.php file, under the trusted_domains setting. Users are allowed to log into ownCloud only when they point their browsers to a URL that is listed in the trusted_domains setting. You may use IP addresses and domain names. A typical configuration looks like this:

'trusted_domains' =>
 array (
  0 => 'localhost',
  1 => 'server1.example.com',
  2 => '192.168.1.50',
),

The loopback address, 127.0.0.1, is automatically whitelisted, so as long as you have access to the physical server you can always log in.

Adding our domains/URLs in the trusted domains

At this point i had to put the local url (for intranet access) and the public ip or url (for accessing the owncloud from the internet). If you get the following message

 add Untrasted Domain / redirect to localhost 

when you access the url of the owncloud you have to do that:

Enable HTTP Strict Transport Security

Source https://doc.owncloud.org/server/8.2/admin_manual/configuration_server/harden_server.html

While redirecting all traffic to HTTPS is good, it may not completely prevent man-in-the-middle attacks. Thus administrators are encouraged to set the HTTP Strict Transport Security header, which instructs browsers to not allow any connection to the ownCloud instance using HTTP, and it attempts to prevent site visitors from bypassing invalid certificate warnings.

This can be achieved by setting the following settings within the Apache VirtualHost file:

<VirtualHost *:443>
 ServerName cloud.owncloud.com
   <IfModule mod_headers.c>
     Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
   </IfModule>
</VirtualHost>

This example configuration will make all subdomains only accessible via HTTPS. If you have subdomains not accessible via HTTPS, remove includeSubdomains;. This requires the mod_headers extension in Apache. To enable mod_headers in Apache, run in terminal:

sudo a2enmod headers

Then restart Apache and check the security messages in admin account.