Configuring Federation Sharing

Introduction

Federated Cloud Sharing is now managed by the Federation app (9.0+), and is now called Federation sharing. When you enable the Federation app you can easily and securely link file shares between ownCloud servers, in effect creating a "cloud" of ownCloud installations.

For security reasons federated sharing strictly requires HTTPS (SSL/TLS).

Sharing With ownCloud 8 and Older

Direct Federation shares (label-direct-share-link) are not supported in ownCloud 8 and older, so you must create Federation shares with public links (label-public-link-share).

Creating a new Federation Share (9.0+ only)

Follow these steps to create a new Federation share between two ownCloud 9.0+ servers. This requires no action by the user on the remote server; all it takes is a few steps on the originating server.

  1. Enable the Federation app.

  2. Go to your ownCloud Admin page and scroll to the Sharing section. Verify that Allow users on this server to send shares to other servers and Allow users on this server to receive shares from other servers are enabled.

  3. Now go to the Federation section. By default, Add server automatically once a federated share was created successfully is checked. The Federation app supports creating a list of trusted ownCloud servers, which allows the trusted servers to exchange user directories and auto-complete the names of external users when you create shares. If you do not want this enabled, then un-check it.

    image

  4. Then, go to your Files page and select a folder to share. Click the share icon, and then enter the username and URL of the user on the remote ownCloud server. In this example, that is freda@https://example.com/owncloud. When ownCloud verifies the link, it displays it with the (remote) label. Click on this label to establish the link.

    image

  5. When the link is successfully completed, you have a single share option, and that is can edit.

    image

    You may disconnect the share at any time by clicking the trash can icon.

Configuring Trusted ownCloud Servers

You may create a list of trusted ownCloud servers for Federation sharing. This allows your linked ownCloud servers to share user directories, and to auto-fill user names in share dialogs. If Add server automatically once a federated share was created successfully is enabled on your Admin page, servers will be automatically added to your trusted list when you create new Federation shares.

You may also enter ownCloud server URLs in the Add ownCloud Server field. The yellow light indicates a successful connection, with no user names exchanged. The green light indicates a successful connection with user names exchanged. A red light means the connection failed.

image

Automatically Accept Remote Shares From Trusted Servers

To automatically accept remote shares from servers in the trusted servers list, when configuring Federated Cloud sharing, under admin  Settings  Sharing  Federated Cloud Sharing, check the checkbox labeled "Automatically accept remote shares from trusted servers".

Automatically accept remote shares from trusted servers in ownCloud

Due to security reasons auto-accepting doesn’t work when "Add server automatically once a federated share was created successfully" is checked.

All incoming shares from remote servers are accepted automatically when:

  1. The federation app’s autoAddServers config option is set to 0 (default); for example:

    occ config:app:set federation auto_accept_trusted --value '0'
  2. The federatedfilesharing app’s auto_accept_trusted config option is set to yes; for example:

    occ config:app:set federatedfilesharing auto_accept_trusted --value 'yes'
  3. A remote server is listed as trusted in the Federation app.

You’ll need to use a Public Link Share to create Federation shares with ownCloud 8.x and older.

Check the Share Link checkbox to expose more sharing options (which are described more fully in file_sharing_configuration). You may create a Federation share by allowing ownCloud to create a public link for you, and then email it to the person you want to create the share with.

image

You may optionally set a password and expiration date on it. When your recipient receives your email they must click the link, or copy it to a Web browser. They will see a page displaying a thumbnail of the file, with a button to Add to your ownCloud.

image

Your recipient should click the Add to your ownCloud button. On the next screen your recipient needs to enter the URL to their ownCloud server, and then press the return key.

image

Your recipient has to take one more step, and that is to confirm creating the federated cloud share link by clicking the Add remote share button.

image

Un-check the Share Link checkbox to disable any federated cloud share created this way.

Configuration Tips

The Sharing section on your Admin page allows you to control how your users manage federated cloud shares:

  • Check Enforce password protection to require passwords on link shares.

  • Check Set default expiration date to require an expiration date on link shares.

  • Check Allow public uploads to allow two-way file sharing.

Your Apache Web server must have mod_rewrite enabled, and you must have trusted_domains correctly configured in config.php to allow external connections (see Installation Wizard). Consider also enabling SSL to encrypt all traffic between your servers .

Your ownCloud server creates the share link from the URL that you used to log into the server, so make sure that you log into your server using a URL that is accessible to your users. For example, if you log in via its LAN IP address, such as http://192.168.10.50, then your share URL will be something like http://192.168.10.50/owncloud/index.php/s/jWfCfTVztGlWTJe, which is not accessible outside of your LAN. This also applies to using the server name; for access outside of your LAN you need to use a fully-qualified domain name such as http://myserver.example.com, rather than http://myserver.