Bitnami ownCloud

    ownCloud is a flexible, open source file sync and share solution. Whether using a mobile device, a workstation, or a web client, ownCloud provides the ability to put the right files at their employees’ fingertips on any device in one simple-to-use, secure, private and controlled solution.

    Please, take a look to the Quick Start Guide to know the basic use of this Stack.

    Quick reference card

      Cloud Servers Virtual Machines Native Installers
    LibreOffice installation directory /opt/bitnami/libreoffice N/A N/A

    How to start/stop the servers?

    Cloud Images

    Each Bitnami stack includes a control script that lets you easily stop, start and restart servers.

    The script is located at /opt/bitnami/ctlscript.sh. Call it without any arguments to restart all services:

    $ sudo /opt/bitnami/ctlscript.sh start
    

    Or use it to restart a specific service only by passing the service name as argument - for example 'mysql':

    $ sudo /opt/bitnami/ctlscript.sh restart mysql
    

    Virtual Machine

    Each Bitnami stack includes a control script that lets you easily stop, start and restart servers.

    The script is located at /opt/bitnami/ctlscript.sh. Call it without any arguments to restart all services:

    $ sudo /opt/bitnami/ctlscript.sh start
    

    Or use it to restart a specific service only by passing the service name as argument - for example 'mysql':

    $ sudo /opt/bitnami/ctlscript.sh restart mysql
    

    Native Installer

    You can use either the graphical manager tool or the command-line tool to start and stop the servers.

    Graphical Tool

    Bitnami stacks include a graphical tool to manage the servers easily (native installers only). Using this tool, you can start, stop and restart the servers and check the log files.

    manager-servers.png

     

     

     

     

     

     

     

     

     

     

    On Windows:

    • Double-click the "manager-windows.exe" file in your installation directory.  
    • You can also start the Manager tool using the Start Menu path Start -> Program Files -> Bitnami Stack -> Manager.

    On Linux and Mac OS X:

    • Double-click the "manager-osx" or "manager-linux-*" tool in your installation directory. 
    Command-line Tool

    Each Bitnami stack includes a control script that lets you easily stop, start and restart servers.

    The control script is only available for Linux and Mac OS X native installers. The script is located in your installation directory and named ctlscript.sh. Call it without any arguments to restart all services.

    On Linux:
    If your installation directory is /home/USER/wordpress-4.0.1-0, call the control script with the ‘start’ argument to start all servers. For example:

    $ cd /home/USER/wordpress-4.0.1-0
    $ ./ctlscript.sh start
    

    Or use it to restart a specific service only by passing the service name as argument - for example 'mysql':

    $ cd /home/USER/wordpress-4.0.1-0
    $ ./ctlscript.sh restart mysql
    

    On Mac OS X:
    If your installation directory is /Applications/wordpress-4.0.1-0, call the control script with the ‘start’ argument to start all servers. For example:

    $ cd /Applications/wordpress-4.0.1-0
    $ ./ctlscript.sh start
    

    Or use it to restart a specific service only by passing the service name as argument - for example 'mysql':

    $ cd /Applications/wordpress-4.0.1-0
    $ ./ctlscript.sh restart mysql
    

    Tabs end

    How to change the default URL?

    This approach describes how to configure your application to run in the root URL directly. Also, you will be able to modify the URL to a NEW_DOMAIN using the bnconfig tool. The details are described below.

    Automatic Approach

    This approach is based on the Bitnami Configuration Tool (bnconfig).

    Bitnami Cloud Hosting

    The best way to change your URL in BCH is to go to your application tab and modify it there. In the Bitnami Cloud Hosting console, select Servers, choose your server, Manage and go to the Applications tab. Press there the pencil next to the application which URL you want to modify and choose .

    Refer to this guide for more information.

    Cloud Images and Virtual Machines

    Moving the application to /

     If your application is running in "/owncloud" you can remove the prefix from the URL executing the following command:

    $ sudo /opt/bitnami/apps/owncloud/bnconfig --appurl /
    

    (use --help to check if that option is available for your application)

    Now you will be able to access to the application at http://YOUR_DOMAIN instead of http://YOUR_DOMAIN/owncloud.

    Updating the IP or hostname

    Some applications require to update the IP/domain if the machine IP/domain changes. The bnconfig tool also has an option which updates the IP automatically during boot, called machine_hostname (use --help to check if that option is available for your application). Note that this tool changes the URL to http://NEW_DOMAIN/owncloud

    sudo /opt/bitnami/apps/owncloud/bnconfig --machine_hostname NEW_DOMAIN
    

    If you already moved your application to the root URL you should include both options at the same time.

    sudo /opt/bitnami/apps/owncloud/bnconfig --appurl / --machine_hostname NEW_DOMAIN
    

    If you have configured your machine to use an static domain name or IP, you should rename or remove the "/opt/bitnami/apps/owncloud/bnconfig" file.

    sudo mv /opt/bitnami/apps/owncloud/bnconfig /opt/bitnami/apps/owncloud/bnconfig.disabled
    

    Native Installer

    Remember to use your actual installation directory instead of installdir.

    Moving the application to /

    If your application is running in "/owncloud" you can remove the prefix from the URL executing the following command:

    On Linux,

    installdir/apps/owncloud/bnconfig --appurl /
    

    On Mac OS X, 

    installdir/apps/owncloud/bnconfig.app/Contents/MacOS/installbuilder.sh --appurl /
    

    On Windows,

    installdir/apps/owncloud/bnconfig.exe --appurl /
    

    (use --help to check if that option is available for your application)

    Now you will be able to access to the application at http://YOUR_DOMAIN instead of http://YOUR_DOMAIN/owncloud.

    Updating the IP or hostname

    Some applications require to update the IP/domain if the machine IP/domain changes. The bnconfig tool also has an option which updates the IP , called machine_hostname (use --help to check if that option is available for your application). Note that this tool changes the URL to http://NEW_DOMAIN/owncloud.

    installdir/apps/owncloud/bnconfig --machine_hostname NEW_DOMAIN
    

    If you already moved your application to the root URL you should include both options at the same time.

    installdir/apps/owncloud/bnconfig --appurl / --machine_hostname NEW_DOMAIN
    

    Tabs end

    Manual Approach

    If you want to change the default URL from http://your_domain/owncloud to http://your_domain, edit the installdir/apps/owncloud/conf/httpd-prefix.conf file so that it looks like the file below:

    DocumentRoot "/installdir/apps/owncloud/htdocs"
    # Alias /owncloud/ "/installdir/apps/owncloud/htdocs/"
    # Alias /owncloud "/installdir/apps/owncloud/htdocs"
    
    (...)
    
     
    Remember that you must substitute installdir with your actual installation directory (for native installers) or /opt/bitnami (for cloud images and virtual machines).

    Some applications also require additional changes in their configuration files or in their database.

    How to create a full backup of ownCloud?

    Backup

    Bitnami stacks are self-contained and the simplest option for performing a backup is to copy or compress the Bitnami stack installation directory. To do so in a safe manner, you will need to stop all servers, so this method may not be appropriate if you have people accessing the application continuously.

    Cloud Server

    Follow these steps:

    • Change to the directory in which you wish to save your backup.
      cd /your/directory
      
    • Stop all servers.
      $ sudo /opt/bitnami/ctlscript.sh stop
      
    • Create a compressed file with the stack contents.
      $ sudo tar -pczvf application-backup.tar.gz /opt/bitnami
    • Restart all servers.
      $ sudo /opt/bitnami/ctlscript.sh start

    You should now download or transfer the application-backup.tar.gz file to a safe location.

    Virtual Machine

    Follow these steps:

    • Change to the directory in which you wish to save your backup.
      cd /your/directory
      
    • Stop all servers.
      $ sudo /opt/bitnami/ctlscript.sh stop
    • Create a compressed file with the stack contents.
      $ sudo tar -pczvf application-backup.tar.gz /opt/bitnami
    • Restart all servers.
      $ sudo /opt/bitnami/ctlscript.sh start
      

    You should now download or transfer the application-backup.tar.gz file to a safe location.

    Native Installer (Windows)

    Follow these steps:

    • Stop all servers using the shortcuts in the Start Menu or the graphical manager tool.
    • Create a compressed file with the stack contents. You can use a graphical tool like 7-Zip or WinZip.
    • Stop all servers using the shortcuts in the Start Menu or the graphical manager tool.

    You should now download or transfer the application-backup.zip file to a safe location.

    Native Installer (Linux and Mac OS X)

    Follow these steps:

    • Change to the directory in which you wish to save your backup.
      cd /your/directory
      
    • Stop all servers.
      $ sudo installdir/ctlscript.sh stop
      
    • Create a compressed file with the stack contents.
      $ sudo tar -pczvf application-backup.tar.gz installdir
      
    • Restart all servers.
      $ sudo installdir/ctlscript.sh start
      

    You should now download or transfer the application-backup.tar.gz file to a safe location.

    Tabs end

    Restore

    Bitnami stacks are self-contained, so to restore a stack, you only need to uncompress the backup file in the same location. It is important to use the same path that was used when the stack was originally installed.

    Cloud Server

    Follow these steps:

    • Change to the directory containing your backup.
      cd /your/directory
      
    • Stop all servers.
      $ sudo /opt/bitnami/ctlscript.sh stop
    • Rename the current directory to save it.
      $ sudo mv /opt/bitnami /opt/bitnamiBackup
    • Uncompress the backup file to the original directory.
      $ sudo tar -pxzvf application-backup.tar.gz -C /
    • Start all servers.
      $ sudo /opt/bitnami/ctlscript.sh start
      

    Virtual Machine

    Follow these steps:

    • Change to the directory containing your backup.
      cd /your/directory
      
    • Stop all servers.
      $ sudo /opt/bitnami/ctlscript.sh stop
    • Rename the current directory to save it.
      $ sudo mv /opt/bitnami /opt/bitnamiBackup
    • Uncompress the backup file to the original directory.
      $ sudo tar -pxzvf application-backup.tar.gz -C /
    • Start all servers.
      $ sudo /opt/bitnami/ctlscript.sh start
      

    Native Installer (Windows)

    Follow these steps:

    • Uncompress the backup file to the original directory.
    • Install services by launching a new command prompt and executing the following commands. Administrator privileges are required.
      $ cd installdir
      $ serviceinstall.bat INSTALL
      

    You can now start or stop servers using the graphical manager tool.

    Native Installer (Linux and Mac OS X)

    Follow these steps:

    • Change to the directory containing your backup.
      cd /your/directory
      
    • Stop all servers.
      $ sudo /opt/bitnami/ctlscript.sh stop
      
    • Rename the current directory to save it.
      $ sudo mv installdir installdirBackup
    • Uncompress the backup file to the original directory.
      $ sudo tar -pxzvf application-backup.tar.gz -C /
      
    • Start all servers.
      $ sudo installdir/ctlscript.sh start
      

    Tabs end

    IMPORTANT: When restoring, remember to maintain the original permissions for the files and folders. For example, if you originally installed the stack as 'root', make sure that the restored files are owned by 'root'.


    If you want to create only a database backup, refer to these instructions for MySQL and PostgreSQL.

    How to fix the WebDav error in the admin panel?

    Your web server is not yet properly setup to allow files synchronization because the WebDAV interface seems to be broken. Please double check the installation guides.
    

    If you see this error in your admin panel it is because you did not configure your own certificate for your server. You can find more info about how to configure your own SSL certificate here.

    You can continue using the ownCloud Desktop clients to sync files. 

    How to upgrade ownCloud?

    It is strongly recommended to create a backup before starting the update process. If you have important data, create and try to restore a backup to ensure that everything works properly.

    There are two different ways to upgrade your application.

    • You can upgrade the application and all stack components, such as PHP, Ruby, MySQL and Apache.
    • You can upgrade the application only without modifying any other stack components.
      • Use the links provided in the application page on the wiki.

    Upgrading from the ownCloud admin panel

    ownCloud already have installed the "Updater" app that allows you to upgrade ownCloud application from the admin panel directly. For security reasons, ownCloud files do not have write access for the web server user but that is required if you want to upgrade the application.

    Before running the "Updater" app, run the following commands to change the owner of the files in your installation:

    sudo chown -R daemon /opt/bitnami/apps/owncloud/htdocs
    sudo chmod 644 /opt/bitnami/apps/owncloud/htdocs/.user.ini

    Then run the upgrade process from the admin panel: "Admin" -> "Update center" and run the upgrade process.

    If the upgrade works well, we strongly suggest to restore the permissions of your folder. 

    sudo chown -R bitnami /opt/bitnami/apps/owncloud/htdocs
    sudo chmod 444 /opt/bitnami/apps/owncloud/htdocs/.user.ini
    sudo chown -R daemon /opt/bitnami/apps/owncloud/htdocs/config /opt/bitnami/apps/owncloud/htdocs/apps

    Then you can access to your new ownCloud application. You can find more info at http://owncloud.org/support/upgrade/

    Full Stack upgrade from ownCloud 4.0.x to ownCloud 4.5.x

    It is strongly recommended that you create a backup before starting the update process. If you have important data, it is advisable that you create and try to restore a backup to ensure that everything works properly.

    1. From ownCloud 4.0.x installation, save the following folders:
      1. /installdir/apps/owncloud/data
      2. /installdir/apps/owncloud/htdocs/config
    2. Export the database using phpMyAdmin (using the user root and the password used in the installation process) on the URL: http://127.0.0.1/phpmyadmin. After log in, select the bitnami_owncloud database, and press in Export button. Export it using the default parameters.
    3. Uninstall the ownCloud 4.0.x installation keeping the full backup done before.
    4. Install the new ownCloud 4.5.x.
    5. After the installation is complete, copy the data folder saved from the 4.0.x installation in the new /installdir/apps/owncloud/data path.
    6. Edit the config/config.php file from the 4.0.x installation and change the 'dbpassword' and 'datadirectory' parameters using the new ones that can be found in the new /installdir/apps/owncloud/htdocs/config/config.php file.
    7. Afterwards, copy the config folder from the 4.0.x installation updated with the new dbpassword parameter in the new /installdir/apps/owncloud/htdocs/config path.
    8. Finally, the database must be imported. To do so,
      1. Access to the new phpMyAdmin and log in. Click on bitnami_owncloud database and remove all tables.
      2. Click on the import button and import your saved file with the default options.
      3. Click on the SQL button and execute the following SQL commands to create the tables that they are not present in the previous version:
    CREATE TABLE IF NOT EXISTS `oc_queuedtasks` (
      `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
      `app` varchar(255) NOT NULL DEFAULT '',
      `klass` varchar(255) NOT NULL DEFAULT '',
      `method` varchar(255) NOT NULL DEFAULT '',
      `parameters` varchar(255) NOT NULL DEFAULT '',
      PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
    CREATE TABLE IF NOT EXISTS `oc_group_admin` (
      `gid` varchar(64) NOT NULL DEFAULT '',
      `uid` varchar(64) NOT NULL DEFAULT ''
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
    CREATE TABLE IF NOT EXISTS `oc_share` (
      `id` int(11) NOT NULL AUTO_INCREMENT,
      `share_type` tinyint(4) NOT NULL DEFAULT '0',
      `share_with` varchar(255) DEFAULT NULL,
      `uid_owner` varchar(255) NOT NULL DEFAULT '',
      `parent` int(11) DEFAULT NULL,
      `item_type` varchar(64) NOT NULL DEFAULT '',
      `item_source` varchar(255) DEFAULT NULL,
      `item_target` varchar(255) DEFAULT NULL,
      `file_source` int(11) DEFAULT NULL,
      `file_target` varchar(512) DEFAULT NULL,
      `permissions` tinyint(4) NOT NULL DEFAULT '0',
      `stime` bigint(20) NOT NULL DEFAULT '0',
      `accepted` tinyint(4) NOT NULL DEFAULT '0',
      `expiration` timestamp DEFAULT CURRENT_TIMESTAMP,
      PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
    
    1. Restart the apache service and access to your upgraded application.
    Full Stack upgrade from ownCloud 6.0.x to ownCloud 7.0.x

    It is strongly recommended that you create a backup before starting the update process. If you have important data, it is advisable that you create and try to restore a backup to ensure that everything works properly.

    1. From ownCloud 6.0.x installation, save the following folders:
      1. /installdir/apps/owncloud/data
      2. /installdir/apps/owncloud/htdocs/config
    2. Export the database using phpMyAdmin (using the user root and the password used in the installation process) on the URL: http://127.0.0.1/phpmyadmin. After log in, select the bitnami_owncloud database, and press in Export button. Export it using the default parameters.
    3. Uninstall the ownCloud 6.0.x installation keeping the full backup done before.
    4. Install the new ownCloud 7.0.x.
    5. After the installation is complete, copy the data folder saved from the 6.0.x installation in the new /installdir/apps/owncloud/data path.
    6. Edit the config/config.php file from the 6.0.x installation and change the 'dbpassword' and 'datadirectory' parameters using the new ones that can be found in the new /installdir/apps/owncloud/htdocs/config/config.php file. Also modify the 'version' parameter to match the new one.
    7. Afterwards, copy the config folder from the 6.0.x installation updated with the new dbpassword parameter in the new /installdir/apps/owncloud/htdocs/config path.
    8. Finally, the database must be imported. To do so,
      1. Access to the new phpMyAdmin and log in. Click on bitnami_owncloud database and remove all tables.
      2. Click on the import button and import your saved file with the default options.
      3. Click on the SQL button and execute the following SQL commands to create add the permissions column in the filecache table
    ALTER TABLE oc_filecache ADD permissions int(11);
    
    1. Restart the apache service and access to your upgraded application.

    How to configure ownCloud Sync Clients?

    The ownCloud Sync Clients lets you sync one ore more specified directories on the local machine with your ownCloud application. Files on your ownCloud are automatically the same as the ones on the local disk.

    You can download the Client for Windows, OS X or Linux at http://owncloud.org/sync-clients/

    Once you installed on your system, check that you have a cloud icon in your Desktop dock. Click on it and go to "Settings". You have to set hte IP address of the machine where you installed Bitnami ownCloud stack. Note that you have to set the port if you installed on Linux or OS X and add the "/owncloud" sub-URI:

    This will create a folder in your system. Every file you copied into this folder will be automatically sync to the ownCloud application.

    How to configure the email settings of ownCloud?

    This is required so your application can send notifications via email. If you are using the Native installers, you can configure it during the installation. If you are using the Virtual Machines or AMI's you can configure the email settings manually. You can find below an example of configuring the email using a GMail account.

    Edit the installdir/apps/owncloud/htdocs/config/config.php and add the following at the end of the file:

    ...
    "mail_smtpmode" => 'smtp',
    "mail_smtphost" => 'ssl://smtp.gmail.com:465',
    "mail_smtpauth" => true,
    "mail_smtpname" => 'your_account@gmail.com',
    "mail_smtppassword" => 'your_account_password',
    );
    ?>
    

    Note that you have to configured the admin email from the ownCloud admin panel: Settings -> Personal -> Email

    How to configure Cron Jobs?

    OwnCloud allows three methods for executing background jobs.

    http://doc.owncloud.org/server/7.0/a...ound_jobs.html

    By the default the AJAX mode is configured to run the scheduled tasks. If you want to use the operating system cron feature (Cron option) you need to configure your system.

    To edit the crontab you can run the following command and add the following line.

    $ sudo crontab -u daemon -e
    
    */15 * * * *  /opt/bitnami/php/bin/php -f /opt/bitnami/apps/owncloud/htdocs/cron.php > /dev/null 2>&1
    

    Note that the cron job will be executed by the daemon user (web server user).

    How to enable SSL?

    You can see how to configure Apache to enable SSL connections at How to enable SSL to access through https?

    How to debug ownCloud errors?

    Once Apache starts, it will create two log files, the access_log and the error_log /installdir/apache2/logs directory or in /var/log/httpd if you are using Amazon Linux or Red Hat Enterprise cloud images.

    In Virtual Machines, Cloud Images and Ubuntu based Bitnami Cloud Hosting images installdir is /opt/bitnami.

    The access_log file is used to track client requests. When a client requests a document from the server, Apache records several parameters associated with the request in this file, such as: the IP address of the client, the document requested, the HTTP status code, and the current time.

    The error_log file is used to record important events. This file includes error messages, startup messages, and any other significant events in the life cycle of the server. This is the first place to look when you run into a problem when using Apache.

    If no error is found, you will see a message similar to:

    Syntax OK
    /installdir/ctlscript.sh : httpd started
    

    The main MySQL log file is created at /installdir/mysql/data/mysqld.log file.

    How to increase the allowed size of the uploaded files?

    ownCloud configures the max upload size in the installdir/apps/owncloud/conf/htaccess.conf file. By default is configured to 512M.

    ...
    <IfModule mod_php5.c>
    php_value upload_max_filesize 513M
    php_value post_max_size 513M
    php_value memory_limit 512M
    ...

    You can change these options to increase the size. Please, specify the size using "M" (i.e. 1000M) and not "G" (i.e. 1G). There is known issues with 2048M but 2000M is working fine.

    Remind to restart the Apache server after this change and also replace INSTALLDIR with your installation directory.

    How to modify the ownCloud trusted domains?

    If you only have one domain configured to access to your ownCloud installation, you can do it using the bnconfig tool

    /opt/bitnami/apps/owncloud/bnconfig --machine_hostname NEW_HOSTNAME
    

    If you have one or more domains to access to your ownCloud installation, you can add them manually in /opt/bitnami/apps/owncloud/htdocs/config/config.php:

    'trusted_domains' =>
    array (
        0 => "FIRST_DOMAIN",
        1 => "SECOND_DOMAIN",
        2 => "THIRD_DOMAIN",
    ),
    
     

    How to integrate ownCloud and LibreOffice?

    By the time this wiki entry was written (ownCloud 7.0.2), ownCloud required LibreOffice version 4.2 to work. Please, use that version.

    To use ownCloud with LibreOffice you will need to have LibreOffice and Java installed in your system. We include the option to include LibreOffice component in our Bitnami Cloud Hosting servers but we do not include the component in our stacks. To allow ownCloud work with LibreOffice you will need to install it manually.

    Installing LibreOffice Manually

    To install LibreOffice, download it from https://www.libreoffice.org/download/libreoffice-still/ and follow the installation steps.

    Once it has been installed, we will need the path to the libreoffice binary.

    • GNU/Linux:
    which libreoffice
    
    • MacOSX:
    /Applications/LibreOffice.app/Contents/MacOS/soffice
    • Windows:
    libreoffice_installation_directory/program/soffice.exe
    Including LibreOffice in Bitnami Cloud Hosting servers

    The LibreOffice component is optional, and you will need to enable it during the server creation in the Development Options configuration:

    Libreoffice_Develpment_Options.png

    Once the server has been created, the LibreOffice binary path will be:

     /opt/bitnami/libreoffice/program/soffice.bin
    Configuring ownCloud to work with LibreOffice

    To allow ownCloud to use LibreOffice for editing ODT and Microsoft Word files, we will need to add the LibreOffice binary path in the Owncloud configuration file. To do it, you must add the line below in /opt/bitnami/apps/owncloud/htdocs/config/config.php just before the last one:

    'preview_libreoffice_path' => 'path_to_your_libreoffice_binary'

    If you are using Bitnami Cloud Hosting, ensure that the LibreOffice directory has the correct permissions. To do it, you can run:

    sudo chmod -R 755 /opt/bitnami/libreoffice

    The last step before start to edit files is to apply the configuration in the ownCloud Administration panel. To do it, access to your ownCloud dashboard, go to the Administrator panel, and click on Apply and Test in the Documents section. It could be possible that you might need to do it twice until the configuration is properly applied.

    ownCloud_LibreOffice_FirstTry.png

    The first time we apply the configuration we must face an Error.

    ownCloud_LibreOffice_SecondTry.png

    The configuration will be applied properly the second time that we click on Apply and test

     
    If all went well, we will be able to edit ODT and Microsoft Word files in the Documents application.
     

    Security & setup warnings

    ownCloud provide several tips to improve the application performance when you access to the admin panel. You have the explanation about them below.
     
    No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our documentation.
     
    ownCloud recommend to configure caching. It improves performance by storing data, code, and other objects in memory. You can read more here .
     
    You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our security tips.
     
    ownCloud also suggests to access using HTTPS instead of HTTP. Maybe this link could interest you (force https access).
     
    The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.
    

    To follow this suggestion, you should add the line belown in installdir/apps/owncloud/conf/httpd-app.conf:

    Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

     

    How to configure fail2ban to work with ownCloud?

    If you want to limit the number of attemps that the users could try to log in to ownCloud (and avoid brute-force attacks), you could try to install fail2ban and configure it to work with Bitnami ownCloud.
     
    To do it, first of all we need to install fail2ban:
    sudo apt-get update
    sudo apt-get install fail2ban
    
     
    Go to ownCloud, click on your username on top right, go to Admin section, scroll down to the Log section and choose: warnings, errors and fatal issues.

     
    Now, we must configure fail2ban properly. To do so, please follow the steps below:
    • Create the /etc/fail2ban/filter.d/owncloud.conf and add the following code:
    [Definition]
    failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>\)","level":2,"time":".*"}
    ignoreregex =
    • Copy /etc/fail2ban/jail.conf to /etc/fail2ban/jail.local. Add the code below in /etc/fail2ban/jail.local:
    #OwnCloud
    [owncloud]
    enabled  = true
    filter   = owncloud
    action = iptables-multiport[name=owncloud, port="http,https"]
    logpath  = /opt/bitnami/apps/owncloud/data/owncloud.log
    maxretry = 5
    findtime = 600
    bantime = 600

    This fail2ban configuration will ban the IP of any user that tried to access five (maxretry) different times during the last 10 minutes (findtime) without success. Note that the ban only will affect to the ports 80 and 443, and the user with the banned IP will not be able to contact the web server during 10 minutes (bantime)

    Before apply the configuration (restart the fail2ban server), we must test if the regex configuration is properly configured. To do it, go to your Bitnami ownCloud login page, write an unexistand user/password credentials and try to login to get a login error.

    Just after do it, run this command:

    sudo fail2ban-regex /opt/bitnami/apps/owncloud/data/owncloud.log /etc/fail2ban/filter.d/owncloud.conf 

    If the last two lines of the output show you at least 1 matched it means that the regex is properly configured:

    Lines: 412 lines, 0 ignored, 1 matched, 397 missed
    Missed line(s):: too many to print.  Use --print-all-missed to print all 397 lines

    Finally, you can apply the configuration:

    sudo /etc/init.d/fail2ban restart

    To be sure that all is working, you could try to login five different times with unexistand credentials. At the 5th unsuccessfull attempt, you will be banned during 10 minutes.

    Tag page (Edit tags)
    • No tags
    Page statistics
    184255 view(s), 37 edit(s) and 23749 character(s)

    Comments

    You must login to post a comment.