Linux, Microsoft

Owncloud Ubuntu

Leave a comment

I was recently tasked again to come up with a better solution than using dropbox. iFolder is great when it was working, at least from an IT perspective. The end users thought it was a little bit bulky and wanted something a little easier to use and understand. That’s when I saw owncloud – It had all the features of webdav without many of the headaches.

Owncloud is opensource – they even have packages for Ubuntu! I was excited.

apt-get install mp3info curl libcurl3 libcurl3-dev php5-curl zip build-essential
wget http://owncloud.org/releases/owncloud-1.2.tar.bz2
tar xvjf owncloud-1.2.tar.bz2
mv owncloud /var/www/
chown -R www-data:www-data owncloud/
**EDIT2** it’s now up to final 2.0 http://owncloud.org/releases/owncloud-2.tar.bz2

Browser to http://serveripaddress/owncloud
There is no LDAP setup quite yet. Maybe next revision?

Since I wanted to connect a windows machine to this server as a test, I setup a user and then attempted to connect to the webdav.
Unfortunately we require another piece of software to be installed to support owncloud:
http://www.netdrive.net/
NetDrive is free for personal use. Webdrive, a variant of NetDrive, is not free. If this gets approved by the PTB, then we’ll end up buying maybe 25 licenses (for developers).

After the install of netdrive and a reboot, you can connect to your owncloud server!
You may have noticed on the http://serveripaddress/owncloud site when you logged in as the administrator, you can see at the very bottom of the page:
“Hint: Mount it via webdav like this: webdav://address/to/your/webdav/here/owncloud.php”
You will need that entire address to connect using NetDrive.

After connection you will see your webdav drive as a shared drive on My Computer.

***EDIT***
Turns out that you don’t require this software. You can just edit a registry key and add it to you windows 7 machine without issues:
Start the WebClient service
Add the following key in regedit
HKLM\SYSTEM\CurrentControlSet\services\WebClient\Parameters
“BasicAuthLevel” set to “2”

Since this is an external/internal facing server, I had to secure it up a bit.
Firewall rule only allowing ports 80, and 443. SSH can be accessed internally only.

I edited the hosts file to deny all, and only allow certain ranges for my networks:
Hosts.deny

sshd:all

Hosts.allow

sshd:internaliprange/24 publicip anotherip

nano /etc/fail2ban/filter.d/apache-owncloud.conf

# Fail2Ban configuration file
# Author: TheLibrarie.com
# $Revision: 001 $
#

[Definition]

failregex = -.* 401 499
OR
failregex = -.*POST.*/index\.php
ignoreregex =

Test with the regex
fail2ban-regex /var/log/apache2/access.log /etc/fail2ban/filter.d/apache-owncloud.conf

As that worked, I put the following in my /etc/fail2ban/jail.local

[owncloud]
enabled = true
port = http,https
filter = apache-owncloud
logpath = /var/log/apache/access.log
maxretry = 5

/etc/init.d/fail2ban restart

I also noticed that someone could simply navigate to http://servername/owncloud/data and see all the usernames and then drill down into all of the files. Obviously a huge issue.
I edited /etc/apache2/sites-available/default to disallow directory listing for the entire site:
nano /etc/apache2/sites-available/default
Under “Directory /var/www/>” Change the following line from:
Options Indexes FollowSymLinks MultiViews
To
Options -Indexes IncludesNOEXEC FollowSymLinks MultiViews
apache2ctl restart

Final Thoughts:
After I run through some more testing on my end, I will unleash it to the QA department to hit the crap out of it. If it still passes testing, I’ll implement SSL. And then test again. Then release to the masses.

**EDIT3**
I’ve installed the 2b1 beta – there is LDAP, but I haven’t configured just yet. I had to write this down before I forget:
Change PHP to allow larger than 2MB file uploads

nano /etc/php5/apache2/php.ini
Search for “2m”
Change to 10m
Save, quit, restart apache

**EDIT4**
IE9 has some issues with compatibility mode for this software. I had to add this to the html meta portion (:
meta http-equiv="X-UA-Compatible" content="IE=9" /

**EDIT5**
I was having problems with downloading certain docx files – the server was thinking these were actually compressed archives. I had to edit the mimetypes.fixlist.php file with the following:
nano /owncloud/lib/mimetypes.fixlist.php
'docx'=>'application/msword',
ETC – add any other applications you require

Leave a Reply

Your email address will not be published. Required fields are marked *