Home OwnCloud server.......
Neil Bothwick puts one of his Raspberry Pis to work by adding a decentsized SD card and setting it up his own personal cloud.
Run a low-power OwnCloud server to share documents and to-do lists around your home.
There are plenty of cloud file storage and sharing services out there, why would you want the hassle of setting up your own? There are many reasons, beyond the perfectly acceptable ‘because you can’. Commercial services have limits on the amount or data you can store or transfer. They may or may not encrypt your data, but it is their encryption, you cannot be sure that they cannot read it. If you are sharing between computers on the same network, your data still has to go to their server, over a relatively slow upstream link, before it can be downloaded to another computer in the next room. On the other hand, commercial providers have large data farms with plenty of redundant storage and connectivity and, usually, comprehensive back up procedures. If you want to run your own personal cloud storage, you also have to take responsibility for that.
You’re still reading, so we assume you are interested in doing this. The three things you need are: an always on computer, some suitable software, and a decent amount of storage space. The first one could be any Linux computer you leave turned on, but we are going to use a Raspberry Pi for this. It’s ideally suited for the low-powered always on needs of a home network. You may have heard of the software, it’s called OwnCloud ( www.owncloud.org) and for the storage space you will need to add some to the Pi. For initial testing, a decent-sized SD card will give sufficient storage. As your storage needs grow, a USB external disk may be called for.
Setting up the Pi
We are going to use the latest Raspbian on the Pi, although these instructions will work with any distro based on Debian, so you could equally follow them on an Ubuntu desktop. Download the latest Raspbian Lite image from www.raspberrypi.org/downloads/raspbian and copy it to an SD card. Then put in it the Raspberry Pi and fire it up. Raspbian Lite is a headless version, so all commands are entered in a SSH session, so open a terminal on your computer and run $ ssh pi@IP-ADDRESS
using the IP address of your Pi. The default password is raspberry, so the first thing to do is run $ sudo raspi-config
and change the password. Then select the option to resize the filesystem to fit your SD card. You should also go into the advanced option section and give the Pi a hostname. When you exit raspi-config and reboot, it should then be accessible using the hostname you gave it (although this depends on your router).
Your Pi will be assigned an IP address by your router’s DHCP server. While such addresses are assigned dynamically, DHCP servers generally remember which address they gave to which hardware and give the same one each time. You can set up your server to use a static IP address, but it’s generally not necessary, especially if you set a hostname in raspi-config to give the Pi a useful name. This is the local address we are talking about, some sort of static address or domain is needed if you want to be able to connect from outside of your network. If you don’t have a static address, one of the dynamic DNS services will be useful.
Install a web server
OwnCloud is a web application, so it needs a web server to run it. Apache is the most popular web server, but it’s a bit heavyweight for a Pi, especially as we don’t need all its capabilities. Lightweight, but very functional, alternatives include lighttpd ( www.lighttpd.net) and Nginx ( http://nginx.org), we will use the former here. SSH into your Pi, make sure everything is up to date and then install lighttpd (known to its friends as ‘lighty’) and the required PHP modules with: $ apt-get update $ apt-get upgrade $ apt-get install lighttpd php5-cgi php5-gd php5-curl php5sqlite
Now point a browser at http://<IP-ADDRESS-OF-PI> and you’ll see the lighttpd placeholder page. We’ll disable access to this later on, after we’ve set up the home page.
Now it’s time to install OwnCloud, which is basically a case of unpacking the tarball into the web server’s DocumentRoot— the directory from which it serves files. In the Raspbian install of lighttpd, this is /var/www/html, so unpack the tarball with $ sudo tar -C /var/www/html -xf owncloud-9.0.2.tar.bz2
Installing OwnCloud
OwnCloud defaults to storing its data inside its DocumentRoot, which isn’t particularly secure, it’s safer to create a directory elsewhere for this, and make it owned by the user running the web server, www-data for Debian systems. $sudomkdir-p/var/ own cloud/ data $ sudo chown -R www-data: /var/owncloud
The server also needs write access to some directories in the DocumentRoot, which you do with this command $su doc how n-Rwww-d at a:/var/www/html/ own cloud /{ apps, config, themes, updater ,. user. i ni}
Don’t be tempted to simply chown the whole Owncloud directory, it’s more secure if you only allow the web server to write to the directories it needs to. If you try to open http://IP-ADDRESS/owncloud in your browser, you will get a Forbidden error, so there’s clearly some more configuration to do. There are various pre-made configurations in /etc/ lighttpd/conf-available. You enable them with the lighttpdenable-mod command, which symlinks them into the confenabled directory. Run: $ sudo lighttpd-enable-mod accesslog $ sudo lighttpd-enable-modfastcgi $ sudo lighttpd-enable-modfastcgi-php
then restart the server with: $ sudo systemctl restart lighttpd
and reload the page in your browser. Here you will be asked to create an admin user and password, Click on the ‘Storage & database’ link immediately below this and change the data folder to /var/owncloud/data. After a bit of whirring and clicking (well, the Pi is silent but that’s what it feels like) the OwnCloud home page shows up. At this point you can create folders and upload files by clicking the ‘+’ icon above the file list.
At the top right of the display you will see your user name as a drop-down menu. As your user is also the admin, this menu has extra options, for example you can create users and groups (these are for OwnCloud only, not to be confused with system users and groups). There is also an admin option and selecting this will load a page with various settings and a couple of warnings at the top. The first warns you that you are using HTTP and not HTTPS to transfer files. This is not a problem if you are only running OwnCloud on your private LAN, and it does make life a little easier for the Pi. If you are sharing files over the Internet, using HTTPS is a good idea and is covered later on.
OwnCloud admin
The other warning is about a memory cache. This isn’t required but does speed things up. To set this up, install the APCu (Alternative PHP Cache) program and then restart the server: $ sudo apt-get install php5-apcu $ sudo systemctl restart lighttpd
Then enable the cache in ownCloud by editing /var/www/html/owncloud/config/config.php and adding ‘memcache.local’ => ‘\OC\Memcache\APCu to the end of the file, just before the final closing parenthesis. After editing the end of the file should look like:
‘installed’ => true, ‘memcache.local’ => ‘\OC\Memcache\APCu’, );
Securing access
OwnCloud already has user names and passwords to control access, but if you are going to open your OwnCloud setup to the world at large, you will need to take some extra precautions. First of all, the advice to locate the data directory outside of the web server’s scope becomes even more important. If you cannot do this for any reason, you can disable access to it by lighttpd by editing /etc/lighttpd/ lighttpd.conf and adding: $HTTP["url"] =~ “^/owncloud/data/” {
url.access-deny = ("") } This blocks all access to the data directory. Then you should disable all directory listings by adding $HTTP["url"] =~ “^/owncloud($|/)” { dir-listing.activate = “disable” }
OwnCloud includes an Apache .htaccess file to implement these measures, but lighttpd does not use .htaccess files, you have to put everything in the configuration file and then restart the server. Many server administrators discourage the use of .htaccess anyway as it means every page load causes them all to be parsed again, while configuration files are loaded only once at startup.
The other important step for remote usage is to use HTTPS instead of HTTP. You can do this with a self-signed certificate. First you need to create a certificate:
$ cd /etc/lighttpd $ sudo openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes $ sudo chmod 400 server.pem $ sudo lighttpd-enable-mod ssl
While you’re at it, add HSTS (HTTP Strict Transport Security) by creating the file conf-enabled/10-hsts.conf containing:
server.modules += ( “mod_setenv” ) $HTTP["scheme"] == “https” {
setenv.add-response-header = ( “Strict-Transport-Security” => “max-age=31536000") }
You can change the name and location of the certificate file if you wish, as long as you edit the setting for sss.pemfile in 10-ssl.conf to match. Using a self-signed certificate will cause your web browser to warn you until you add an exception, but if you are only using it to access your own files from outside, that isn’t an issue. For more serious use, a proper SSL certificate is a better idea. Once you restart the server, you can access it as https://your.server/owncloud.
You will also have to configure your router to forward the relevant incoming port to your OwnCloud server. This is normally port 80 for HTTP and port 443 for HTTPS. If you want to enforce HTTPS usage when connecting from outside, only forward port 443 on your router.
There is another way to handle access from outside, to use a VPN. It is beyond the scope of this article to explain how to do that, but if you regularly connect to your network from outside, running OpenVPN or using a service like ZeroTier One saves you having to set up and secure for external access for each of your services.
Exploring OwnCloud
So you have set up OwnCloud and you can upload and download files, but you could do that with just a web server. What makes OwnCloud useful are its abilities to share files and other data. Click on the drop-down menu by your user name and go to the Users page to create users and groups. Each user has their own password and, just like with the Linux system, they can be collected into groups. Once you have created a user, you can share folders and files with them. Click on the share icon to the right of the file or folder name to open the sharing pane. Type part of a user or group name to see a list of matches, then select the one you want. It’s also
possible to share with a user on another OwnCloud server by typing user@server.address/owncloud. Once you have added a user to share with, a number of checkboxes enable you to specify what they can do with that share: whether they are re-share it with others and whether they can edit, overwrite or delete files you created.
If you just want someone to be able to download a file, without giving them access to the rest of your OwnCloud, tick the Share link box, this gives you a URL that you can pass to them to view or download the file directly. If you are concerned about others using this link, you can password protect it or set an expiry date.
Collaboration
Being able to let others view and upload files is good, but OwnCloud also allows for collaboration. At the moment, this is limited to word processor documents in ODT, DOC and DOCX format. The first step is to enable the Documents app, select Apps from the drop-down menu at the top left of the display, type documents in the search box then press the ‘Enable’ button for the app. Go back to the drop-down menu and you will see a new option for Documents. From here you can open an existing document, create a new one or upload one from your computer. See the ‘Share’ button at the top of the word processor display? Avoid it as it doesn’t work in the current release. Instead, go back to the Files view and share the file from there. Make sure you enable the ‘Can edit’ and ‘Can change’ options, then each user can open the file in their Documents app and make changes. As other users edit the file, you can see the changes in your editor, colour coded to show which user made which change.
Keeping in sync
Keeping your cloud documents synchronised with your desktop and mobile computers is easy as there are synchronisation programs for the three major desktop operating systems (Ubuntu, OpenSUSE and Fedora) as well as Windows and Mac, along with mobile apps for various platforms. Install them in the usual way then add an account with your server address and login details. As with the browser access, if you are using a self-signed SSL certificate, you will be asked whether to accept it the first time you connect. Then you can choose which folders to sync between the computer and server. The default is to keep a copy of everything on the server in ~/ownCloud, but you can choose individual directories to sync. You can sync whichever folders you want, there is no arbitrary limit as with most commercially provided serves, especially their free versions. Once setup, the desktop client sits in the system tray and notifies you when files are updated. Setting up the mobile clients is similar, but if you want to be able to sync when out and about, you will need to set up your router, and OwnCloud, for external access.
There are a couple of tweaks you may want to make to the setup. We mentioned disabling the lighttpd placeholder page. You can delete the index.lighttpd.html placeholder file from the DocumentRoot and then prevent any directory listings of that URL by adding this to /etc/lighttpd/lighttpd.conf: $HTTP["url"] =~ “^/$” { dir-listing.activate = “disable”
The default maximum file upload size is 512MB, which is possibly sufficient for Internet use but you may want to exchange larger files over your LAN. You can change the limit in the File Handling section of the Admin page. If you see a message about missing permissions, make sure owncloud/. user.ini is owned by www-data and restart the server. It may take a few minutes for this change to take effect. If you start uploading large files, you will soon fill the Pi’s SD card. If you attach a USB hard drive, copy the contents of /var/ owncloud/data to the drive and then mount the drive at /var/owncloud/data you can have as much space as you want. That should get you started with OwnCloud, but there are plenty of other options to explore.