Install ownCloud on Ubuntu 20.04

Introduction

This is a short guide to installing ownCloud on a fresh installation of Ubuntu 20.04. Run the following commands in your terminal to complete the installation.

This guide can not go into details and has its limits by nature. If you experience issues like with dependencies of PHP or other relevant things like the operating system, web server or database, look at the Detailed Installation Guide for more information.

Prerequisites and Notes

  • A fresh installation of Ubuntu 20.04 with SSH enabled.

  • This guide assumes that you are working as the root user.

  • Your ownCloud directory will be located in /var/www/owncloud/.

  • php 7.4 is the default version installable with Ubuntu 20.04.

  • Use the correct Multi-Processing Module (MPM).

  • Read the openSSL Version notes which are important when planning to use encryption.

Preparation

Set Your Domain Name

my_domain="Your.Domain.tld"
echo $my_domain

hostnamectl set-hostname $my_domain
hostname -f

Update Your System

First, ensure that all the installed packages are entirely up to date and that PHP is available in the APT repository. To do so, follow the instructions below:

apt update && \
  apt upgrade -y

Create the occ Helper Script

Create a helper script to simplify running occ commands:

FILE="/usr/local/bin/occ"
cat <<EOM >$FILE
#! /bin/bash
cd /var/www/owncloud
sudo -E -u www-data /usr/bin/php /var/www/owncloud/occ "\$@"
EOM

Make the helper script executable:

chmod +x $FILE

Install the Required Packages

apt install -y \
  apache2 libapache2-mod-php \
  mariadb-server openssl redis-server wget php-imagick \
  php-common php-curl php-gd php-gmp php-bcmath php-imap \
  php-intl php-json php-mbstring php-mysql php-ssh2 php-xml \
  php-zip php-apcu php-redis php-ldap php-phpseclib

Install smbclient php Module

If you want to connect to external storage via SMB you need to install the smbclient php module.

First install the required packages:

apt-get install -y libsmbclient-dev php-dev php-pear

Then install smblclient php module using pecl:

pecl channel-update pecl.php.net
mkdir -p /tmp/pear/cache
pecl install smbclient-stable
echo "extension=smbclient.so" > /etc/php/7.4/mods-available/smbclient.ini
phpenmod smbclient
systemctl restart apache2

Check if it was successfully activated:

php -m | grep smbclient

This should show the following output:

libsmbclient
smbclient

Additional useful tools helpful for debugging:

apt install -y \
  unzip bzip2 rsync curl jq \
  inetutils-ping  ldap-utils\
  smbclient

Configure Apache

Create a Virtual Host Configuration

FILE="/etc/apache2/sites-available/owncloud.conf"
cat <<EOM >$FILE
<VirtualHost *:80>
# uncommment the line below if variable was set
#ServerName $my_domain
DirectoryIndex index.php index.html
DocumentRoot /var/www/owncloud
<Directory /var/www/owncloud>
  Options +FollowSymlinks -Indexes
  AllowOverride All
  Require all granted

 <IfModule mod_dav.c>
  Dav off
 </IfModule>

 SetEnv HOME /var/www/owncloud
 SetEnv HTTP_HOME /var/www/owncloud
</Directory>
</VirtualHost>
EOM

Enable the Virtual Host Configuration

a2dissite 000-default
a2ensite owncloud.conf

Configure the Database

It’s recommended to execute mysql_secure_installation to secure the mariadb installation and set a strong password for the database user.

Ensure transaction-isolation level is set and performance_schema on.

sed -i "/\[mysqld\]/atransaction-isolation = READ-COMMITTED\nperformance_schema = on" /etc/mysql/mariadb.conf.d/50-server.cnf
systemctl start mariadb
mysql -u root -e \
  "CREATE DATABASE IF NOT EXISTS owncloud; \
  CREATE USER IF NOT EXISTS 'owncloud'@'localhost' IDENTIFIED BY 'password'; \
  GRANT ALL PRIVILEGES ON *.* TO 'owncloud'@'localhost' WITH GRANT OPTION; \
  FLUSH PRIVILEGES;"

It is recommended to run mysqltuner script to analyse database configuration after running with load for several days.

Once the database installation is complete, refer to the Database section in the Hardening and Security Guidance guide for additional important information.

a2enmod dir env headers mime rewrite setenvif
systemctl restart apache2

Installation

Download ownCloud

cd /var/www/
wget https://download.owncloud.com/server/stable/owncloud-complete-latest.tar.bz2 && \
tar -xjf owncloud-complete-latest.tar.bz2 && \
chown -R www-data. owncloud

Install ownCloud

We recommend to set a strong password for your owncloud admin user and the database user. 
occ maintenance:install \
    --database "mysql" \
    --database-name "owncloud" \
    --database-user "owncloud" \
    --database-pass "password" \
    --data-dir "/var/www/owncloud/data" \
    --admin-user "admin" \
    --admin-pass "admin"

Configure ownCloud’s Trusted Domains

my_ip=$(hostname -I|cut -f1 -d ' ')
occ config:system:set trusted_domains 1 --value="$my_ip"
occ config:system:set trusted_domains 2 --value="$my_domain"

Configure the cron Jobs

Set your background job mode to cron:

occ background:cron

Configure the execution of the cron job to every 15 min and the cleanup of chunks every night at 2 am:

echo "*/15  *  *  *  * /var/www/owncloud/occ system:cron" \
  | sudo -u www-data -g crontab tee -a \
  /var/spool/cron/crontabs/www-data
echo "0  2  *  *  * /var/www/owncloud/occ dav:cleanup-chunks" \
  | sudo -u www-data -g crontab tee -a \
  /var/spool/cron/crontabs/www-data

If you need to sync your users from an LDAP or Active Directory Server, add this additional Cron job. Every 4 hours this cron job will sync LDAP users in ownCloud and disable the ones who are not available for ownCloud. Additionally, you get a log file in /var/log/ldap-sync/user-sync.log for debugging.

 
echo "1 */6 * * * /var/www/owncloud/occ user:sync \
  'OCA\User_LDAP\User_Proxy' -m disable -vvv >> \
  /var/log/ldap-sync/user-sync.log 2>&1" \
  | sudo -u www-data -g crontab tee -a \
  /var/spool/cron/crontabs/www-data
mkdir -p /var/log/ldap-sync
touch /var/log/ldap-sync/user-sync.log
chown www-data. /var/log/ldap-sync/user-sync.log

Configure Caching and File Locking

occ config:system:set \
   memcache.local \
   --value '\OC\Memcache\APCu'
occ config:system:set \
   memcache.locking \
   --value '\OC\Memcache\Redis'
occ config:system:set \
   redis \
   --value '{"host": "127.0.0.1", "port": "6379"}' \
   --type json

Configure Log Rotation

FILE="/etc/logrotate.d/owncloud"
sudo cat <<EOM >$FILE
/var/www/owncloud/data/owncloud.log {
  size 10M
  rotate 12
  copytruncate
  missingok
  compress
  compresscmd /bin/gzip
}
EOM

Finalize the Installation

Make sure the permissions are correct:

cd /var/www/
chown -R www-data. owncloud

ownCloud is now installed. You can confirm that it is ready to enable HTTPS (for example using Let’s Encrypt) by pointing your web browser to your ownCloud installation.

To check if you have installed the correct version of ownCloud and that the occ command is working, execute the following:

occ -V
echo "Your ownCloud is accessable under: "$my_ip
echo "Your ownCloud is accessable under: "$my_domain
echo "The Installation is complete."
We recommend you check out the section Hardening and Security Guidance next.