Hello again ! I set up the perfect server https://www.howtoforge.com/tutorial/perfect-server-ubuntu-16-04-nginx-bind-dovecot-and-ispconfig-3/ and now I ´d like to get owncloud running. I got as far as installing ownlcoud through their command-line tool occ. seems to be installed ok: Code: sudo -u www-data php occ status - installed: true - version: 10.0.8.5 - versionstring: 10.0.8 - edition: Community I created a site in ispconfig and copied according to this thread: https://www.howtoforge.com/communit...-and-owncloud-nginx-ceontos-6-5-on-vps.68139/ the following to the NGINX directive Code: add_header Strict-Transport-Security "max-age=15552000; includeSubDomains"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ \.php$ { try_files /b615814d8f2c19dbcb25b1fbae07ce38.htm @php2; } location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } # set max upload size client_max_body_size 1G; fastcgi_buffers 16 4K; fastcgi_ignore_headers X-Accel-Buffering; gzip off; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; location / { rewrite ^ /index.php$uri; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { return 404; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } location ~ ^(.+?\.php)(/.*)?$ { try_files $1 =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$1; fastcgi_param PATH_INFO $2; fastcgi_param HTTPS $https; {FASTCGIPASS} fastcgi_intercept_errors on; fastcgi_index index.php; fastcgi_buffers 64 64K; fastcgi_buffer_size 256k; fastcgi_param modHeadersAvailable true; fastcgi_read_timeout 7200; } location @php2 { fastcgi_split_path_info ^((?U).+\.php)(/?.+)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS $https; {FASTCGIPASS} fastcgi_intercept_errors on; fastcgi_index index.php; fastcgi_buffers 64 64K; fastcgi_buffer_size 256k; fastcgi_param modHeadersAvailable true; fastcgi_read_timeout 7200; } location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice fastcgi_param front_controller_active true; fastcgi_read_timeout 180; {FASTCGIPASS} fastcgi_intercept_errors on; fastcgi_request_buffering off; #Available since NGINX 1.7.11 } location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri $uri/ =404; index index.php; } # Adding the cache control header for js and css files # Make sure it is BELOW the PHP block location ~ \.(?:css|js)$ { try_files $uri /index.php$uri$is_args$args; add_header Cache-Control "max-age=15778463"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; } location ~ \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg|map)$ { add_header Cache-Control "public, max-age=7200"; try_files $uri /index.php$uri$is_args$args; access_log off; } Now, before caring about subdomains and https I would like to see owncloud served under http://xx.xxx.xxx.xxx/owncloud but all it does is downloading the index.php Thanks in advance ! tim
There are several things that might gone wrong, first, you did a sudo -u www-data, but websites in ISPConfig do not run as www-data, so you installed it under a wrong user. The website users in ISPConfig usernames web1, web2 etc. It might work anyway, but you probably can not sore any files in owncloud due to wrong permissions. You should be able to correct that with chown by changing the owner to the proper web user. Then you access a website trough it's domain name, so when you created a website mydomain.tld and installed owncloud into the 'web' dir of that site, then owncloud is accessed by entering the domain name mydomain.tld in the browser. accessing by IP like you tried it will not work.
Thank you Till for the quick response! I changed the owner to web3. In the past I manually editied the nginx available-sites configs, so I am a little unsure how to do it though ispconfig. I want owncloud to be served via forced https on cloud.domain.tld. steps done: 1) Added A record "cloud" on local nameserver pointing to IP 2) created subdomain "cloud" in ispconfig. type= proxy; path = https://ip.ip.ip.ip.ip/owncloud options: if ($scheme != "https") { rewrite ^ https://cloud.domain.tldy$request_uri? permanent; } 3) added the above mentioned directives to sites´s nginx-directives, enabled SSL + letsencrypt + PHP-FPM opening http(s)://cloud.domain.tld only yields a 404 what am I missing please ? thank you !
1) Added A record "cloud" on local nameserver pointing to IP 2) Create a website cloud.yourdomain.tld. 3) paste the owncloud nginx config into the nginx directives field of the options tab of the site. 4) Install owncloud into the web directory of the site. That should be all, there is no proxying or similar things involved.
Still Error 404 I did Code: chown -R web3:client0 /var/www/html/owncloud/ chmod -R 755 /var/www/html/owncloud/ Code: sudo -u web3 php occ status - installed: true - version: 10.0.8.5 - versionstring: 10.0.8 - edition: Community zone file : Code: $TTL 3600 @ IN SOA ns1.domain.tld. root.domain.tld. ( 2018052901 ; serial, todays date + todays serial # 7200 ; refresh, seconds 540 ; retry, seconds 604800 ; expire, seconds 3600 ) ; minimum, seconds ; domain.tld. 3600 TXT "v=spf1 mx a ~all" domain.tld. 3600 MX 10 b0x.domain.tld. domain.tld. 3600 NS ns2.domain.tld. b0x 3600 A xxx.xxx.xxx.xxx domain.tld. 3600 NS ns1.domain.tld. www 3600 A xxx.xxx.xxx.xxx domain.tld. 3600 A xxx.xxx.xxx.xxx ns1.domain.tld. 3600 A xxx.xxx.xxx.xxx ns2.domain.tld. 3600 A xxx.xxx.xxx.xxx 100 3600 PTR b0x.domain.tld cloud 3600 A xxx.xxx.xxx.xxx owncloud is installed in /var/www/html/owncloud/ Above nginx directives copied into into the options of site cloud.domain.tld I also noticed that the box of Let´s s encrypt SSL does not stick. Ideas ? Feels like I am close. thanks again, tim
The path /var/www/html/owncloud/ is not the path of an ISPConfig website. If you installed owncloud there, then it is not installed in a website which explains that you can not reach it. The website directory of the domain cloud.domain.tld is /var/www/cloud.domain.tld/web/ and in this directory you'll have to install owncloud.
If you don't want to reinstallowncloud then you can try to copy it, but not sure if owncloud stores any fixed paths in its config files or database. Code: cp -prf /var/www/html/owncloud/* /var/www/cloud.domain.tld/web/ this either means that the cloud domain is not reachable from lets encrypt server or it is not reachable from your server or some rewrite rules cause LE to fail when it tries to verify it's token.
If the tick in Let's Encrypt box does not stick, LE can not get the certificate. Maybe name service problem? See the Let's Encrypt debugging instructions: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ Have you tried creating a new website with ISPConfig and installing owncloud in that?
Ok guys, reinstalled the whole server from scratch, and finally owncloud is showing up. 2 things: 1) upon installation its asking me for a "data folder", default is "/var/www/clients/client0/web1/web/data" should i leave it like that ? 2) since LE box is not ticking, here the content of letsencrypt.log, there are errors Code: 2018-05-29 22:41:03,475:DEBUG:letsencrypt.cli:Root logging level set at 30 2018-05-29 22:41:03,476:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2018-05-29 22:41:03,477:DEBUG:letsencrypt.cli:letsencrypt version: 0.4.1 2018-05-29 22:41:03,477:DEBUG:letsencrypt.cli:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--rsa-key-size', '4096', '--email', '[email protected]', '--domains', 'cloud.counter.party', '--webroot-path', '/usr/local/ispconfig/interface/acme'] 2018-05-29 22:41:03,477:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone) 2018-05-29 22:41:03,478:DEBUG:letsencrypt.cli:Requested authenticator webroot and installer None 2018-05-29 22:41:03,478:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /usr/local/ispconfig/interface/acme/.well-known/acme-challenge 2018-05-29 22:41:03,478:DEBUG:letsencrypt.display.ops:Single candidate plugin: * webroot Description: Webroot Authenticator Interfaces: IAuthenticator, IPlugin Entry point: webroot = letsencrypt.plugins.webroot:Authenticator Initialized: <letsencrypt.plugins.webroot.Authenticator object at 0x7fad691d4550> Prep: True 2018-05-29 22:41:03,479:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt.plugins.webroot.Authenticator object at 0x7fad691d4550> and installer None 2018-05-29 22:41:04,091:DEBUG:root:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. args: (), kwargs: {} 2018-05-29 22:41:04,096:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org 2018-05-29 22:41:04,712:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 658 2018-05-29 22:41:04,715:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '658', 'Expires': 'Tue, 29 May 2018 22:41:04 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Tue, 29 May 2018 22:41:04 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json'}. Content: '{\n "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",\n "meta": {\n "caaIdentities": [\n "letsencrypt.org"\n ],\n "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",\n "website": "https://letsencrypt.org"\n },\n "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",\n "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",\n "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",\n "pc0wCl-T-bE": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",\n "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"\n}' 2018-05-29 22:41:04,715:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '658', 'Expires': 'Tue, 29 May 2018 22:41:04 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Tue, 29 May 2018 22:41:04 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json'}): '{\n "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",\n "meta": {\n "caaIdentities": [\n "letsencrypt.org"\n ],\n "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",\n "website": "https://letsencrypt.org"\n },\n "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",\n "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",\n "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",\n "pc0wCl-T-bE": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",\n "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"\n}' 2018-05-29 22:41:04,717:DEBUG:letsencrypt.cli:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/letsencrypt", line 9, in <module> load_entry_point('letsencrypt==0.4.1', 'console_scripts', 'letsencrypt')() File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1986, in main return config.func(config, plugins) File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 689, in obtain_cert le_client = _init_le_client(config, authenticator, installer) File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 206, in _init_le_client acc, acme = _determine_account(config) File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 191, in _determine_account config, account_storage, tos_cb=_tos_cb) File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 116, in register acme = acme_from_config_key(config, key) File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 41, in acme_from_config_key return acme_client.Client(config.server, key=key, net=net) File "/usr/lib/python2.7/dist-packages/acme/client.py", line 63, in __init__ self.net.get(directory).json()) File "/usr/lib/python2.7/dist-packages/acme/messages.py", line 169, in from_json raise jose.DeserializationError(str(error)) DeserializationError: Deserialization error: Wrong directory fields
and then try again to activate LE. I would change that to /var/www/clients/client0/web1/private/data You might have to create that flder then and change the owner to the web user and client group of the site. The benefit is that this folder is outside of the web root then. I'm not quite sure, but it might be an issue in the ISPConfig 3.1dev code that you use.Please downgrade to the current release 3.1.12 like this: cd /tmp wget http://www.ispconfig.org/downloads/ISPConfig-3.1.12.tar.gz tar xvfz ISPConfig-3.1.12.tar.gz cd ispconfig3_install/install php -q update.php
Thank you ! just confirming ownership: chown -R web1:www-data /var/www/cloud.domain.tld/web/ chown -R web1:client0 /var/www/clients/client0/web1/web/data correct, or should owncloud also be in the client0 group ?
Btw, might I recommend NextCloud over OwnCloud? With OwnCloud there has some peculiar things happened and the original devs etc. all moved on to NextCloud.
