Owncloud updates on Rasberry pi: version 6 —> 8

 

Update was from version 6 to 8 so there were some hitches.

For one thing the root directory of the installation was changed to

/var/www/owncloud

from

/usr/share/nginx/www/owncloud/

The automatic update procedure didn’t work but a fresh download followed by resynching worked. Otherwise one was presented with a screen that purported to update the apps but that didn’t work given a claimed csfk (or something) error.  There was a command line alternative  (./occ) that did not complete either, claiming that multiple version updates were not supported.

The main source of inspiration was this: https://pimylifeup.com/raspberry-pi-owncloud/

SSL Certificate

This time I wanted to use https to connect. The instructions for creating the certificate were this

sudo openssl req $@ -new -x509 -days 730 -nodes -out /etc/nginx/cert.pem -keyout /etc/nginx/cert.key

It looks like the certificate will expire in 730 days so it will expire on July 14, 2018.

This certificate does work, but since it’s self-signed one gets lots of scary warnings when first accessing the site.

Will explore ways of getting trusted certificates for free. For example there’s “Let’s Encrypt

nginx Configuration

The nginx webserver configuration files are

/etc/nginx/nginx.conf

and

/etc/nginx/nginx.conf/sites-enabled/owncloud.vhost

The nginx.conf file doesn’t need to be modified but it will include all the files in the sites-enabled directory. The owncloud.vhost is the one of interest.

 

upstream php-handler {
server 127.0.0.1:9000;
# server unix:/var/run/php5-fpm.sock;
}
server {
listen 8080;
server_name 192.168.1.70 alberding.mooo.com;
return 301 https://$server_name$request_uri; # enforce https
}
server {
listen 4433 ssl;
server_name 192.168.1.70 alberding.mooo.com “”;
ssl_certificate /etc/nginx/cert.pem;
ssl_certificate_key /etc/nginx/cert.key;
# Path to the root of your installation
root /var/www/owncloud;
client_max_body_size 1000M; # set max upload size
fastcgi_buffers 64 4K;
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README) {
deny all;
}
location / {
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ index.php;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
: include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_pass php-handler;
}
# Optional: set long EXPIRES header on static assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
# Optional: Don’t log access to assets
access_log off;
}
}

Because my Telus isp does not permit NAT loopback I have to access the server from 192.168.1.70:4433 when at home and alberding.mooo.com:4433 elsewhere. So both urls are listed after the listen 433 line.

 

ownCloud configuration

The main thing here is to insert the trusted domain names from which the server will be accessed. Here’s the file:

<?php
$CONFIG = array (
  'instanceid' => 'ocxoi546wkre',
  'passwordsalt' => 'asdfabafbsdfasdf',
  'secret' => 'a[sdvojaoisdjfoijasidjf',
  'trusted_domains' =>
  array (
    0 => '192.168.1.70:4433',
    1 => 'alberding.mooo.com:4433',
  ),
  'datadirectory' => '/var/www/owncloud/data',
  'overwrite.cli.url' => 'https://192.168.1.70:4433',
  'dbtype' => 'sqlite3',
  'version' => '8.2.6.2',
  'logtimezone' => 'UTC',
  'installed' => true,
  'mail_from_address' => 'alberding',
  'mail_smtpmode' => 'smtp',
  'mail_domain' => 'gmail.com',
  'mail_smtphost' => 'smtp.gmail.com',
  'theme' => '',
  'mail_smtpport' => '587',
  'mail_smtpsecure' => 'ssl',
);

Opening up the Modem Port

The last thing one should not forget is to open up port 4433 so that one can access the server via https from outside.

  • PortForward