External Storage Configuration

Introduction

The External Storage Support application enables you to mount external storage services and devices as secondary ownCloud storage devices. You may also allow users to mount their own external storage services.

Starting with ownCloud 9.0, a new set of occ commands for managing external storage is introduced.

This also includes an option for the ownCloud admin to enable or disable sharing on individual external mountpoints. Sharing on such mountpoints is disabled by default.

Enabling External Storage Support

Prerequisite: Settings  Apps  External storage support is enabled. Tick the checkbox under Settings > Storage > "Enable External Storage".

Enabling External Storage Support in ownCloud

Storage Configuration

Before adding a storage in a production environment make sure its configuration is correct. Removal of the external storage or change of its configuration does not remove metadata entries from the database belonging to the previous storage configuration.

To create a new external storage mount, select an available backend from the dropdown Add storage. Each backend has different required options, which are configured in the configuration fields.

ownCloud External Storage Types

Each backend may also accept multiple authentication methods. These are selected with the dropdown under Authentication. Different backends support different authentication mechanisms; some specific to the backend, others are more generic. See external_storage/auth_mechanisms for more detailed information.

When you select an authentication mechanism, the configuration fields change as appropriate for the mechanism. The SFTP backend, for one example, supports username and password, Log-in credentials, save in session, and RSA public key.

An SFTP configuration example.

Required fields are marked with a red border. When all required fields are filled, the storage is automatically saved. A green dot next to the storage row indicates the storage is ready for use. A red or yellow icon indicates that ownCloud could not connect to the external storage, so you need to re-check your configuration and network availability.

If there is a connection issue with the target storage, it will be marked as unavailable for ten minutes. To re-check it, click the colored icon or reload your Admin page.

User and Group Permissions

A storage configured in a user’s Personal settings is available only to the user that created it. A storage configured in the Admin settings is available to all users by default, and it can be restricted to specific users and groups in the Available for field.

User and groups selector

Adding a storage for users or groups you don’t have access rights to, an error notification will be shown and a red square icon appears on the mount.

Mount Options

Hover your cursor to the right of any storage configuration to expose the settings button and trashcan. When clicking the trashcan icon, you delete the mountpoint. The settings button allows you to configure each storage mount individually with the following options:

  • Encryption

  • Read Only

  • Previews

  • Enable Sharing

  • Filesystem check frequency (Never, Once per direct access)

The Encryption checkbox is visible only, when the Encryption app is enabled.

Enable Sharing allows the ownCloud admin to enable or disable sharing on individual mountpoints. When sharing is disabled, the shares are retained internally, so that you can re-enable sharing and the previous shares become available again. Sharing is disabled by default.

Additional mount options exposed on mouseover.

Using Self-Signed Certificates

When using self-signed certificates for external storage mounts, the certificate must be imported into ownCloud.

Please refer to Importing System-wide and Personal SSL Certificates for more information.

Available storage backends

The following backends are provided by the external storages app. Other apps may provide their own backends, which are not listed here.

A non-blocking or correctly configured SELinux setup is needed for these backends to work. Please refer to the SELinux configuration.

Allow Users to Mount External Storage

Check "Allow users to mount external storage" to allow your users to mount storages on external services. Then enable the backends you want to allow.

Checkboxes to allow users to mount external storage services.

Be careful with the choices that you enable, as it allows a user to make potentially arbitrary connections to other services on your network!

Detecting Files Added to External Storages

  • Rescanning S3 for manually added files is not possible

    The command occ files:scan or a background job containing files scan is only available for POSIX but not for S3 and compatible filesystems.
  • We recommend configuring the background job Webcron or Cron to enable ownCloud to automatically detect files added to your external storages.

    You cannot scan/detect changed files on external storage mounts when you select the Log-in credentials, save in session authentication mechanism. However, there is a workaround, and that is to use Ajax cron mode. See Password-based Mechanisms for more information.
  • ownCloud may not always be able to find out what has been changed remotely (files changed without going through ownCloud), especially when it’s very deep in the folder hierarchy of the external storage.

    You might need to setup a cron job that runs

    sudo -u www-data ./occ files:scan --all`
  • Alternatively, replace --all with the user name to trigger a rescan of the user’s files periodically, for example every 15 minutes, which includes the mounted external storage.

    See occ’s file operations for more information.

Known limitations

  • Removal of the external storage or change of its configuration does not remove metadata entries belonging to the previous storage configuration. This may impact performance of the installation as previous configuration metadata entries get orphaned. Removal of orphaned storage entries can be done manually by using the occ files:remove-storage command.