After the installation you have immediate access to ownCloud through the built-in web interface that allows you to upload and download files, manage a calendar and contacts, viewing pictures and playing music:
 |
| The ownCloud web interface |
There are basically two ways to achieve this: You can either use one of the ownCloud sync clients that are available for different platforms and allow you to synchronize a local directory with your ownCloud files (just like the Dropbox client for your Dropbox storage). This way you can make your files available on a fast local drive and independently from a network connection. On the other hand having multiple copies of your files on different devices somewhat defeats the idea of centralized storage, and if you store Gigabytes and Terabytes of data in ownCloud it is just not practical to sync all of it to any device.
Luckily you can choose to sync only parts of your ownCloud data. For the remaining files I would recommend to access them online through a WebDAV share. WebDAV is an open standard protocol to access files through an http(s) connection. Therefore it is firewall and proxy server friendly (unlike the traditional file sharing protocols SMB/CIFS and NFS), and it is available for all different client platforms.
Use SSL and get it right
On the other hand plain http is not really secure. No problem if you use it on an internal or firewalled network, but I would not recommend to send your login data and private files over an unencrypted Internet connection. You want to use an SSL encrypted https link for the WebDAV connection, and this is possible with ownCloud out-of-the-box, but ... like with every application using https you will run into the issue that it initially uses auto-generated self-signed certificates that no browser will trust by default.
It is easy though to install a custom certificate for ownCloud and get rid of all the browser security warnings. Here are the required steps:
1. Configure a DNS resolvable server name
You need to have authoritative access to a public DNS domain and register your ownCloud server's name in it. For the following instructions I assume that the name owncloud.example.org resolves to the IP address of your ownCloud server.
Configure the server's Linux OS and apache/httpd installation to use this name. For the BitNami ownCloud appliance the following steps are required:
- Edit /etc/hostname to include the short name (owncloud)
- Edit /etc/hosts to include a line that resolves both the short name and the FQDN to the server's public IP address:
1.2.3.4 owncloud owncloud.example.org - Edit the apache config file /opt/bitnami/apache2/conf/httpd.conf. Find the line starting with ServerName and change it to:
ServerName owncloud.example.org:80 - Edit the apache config file /opt/bitnami/apache2/conf/extra/httpd-ssl.conf. Find the line starting with ServerName in the SSL virtual host definition and change it to:
ServerName owncloud.example.org
There are many commercial providers that offer trusted SSL certificates. I chose Startcom's StartSSL service, because they offer Class 1 certificates for free and use a very fast and purely electronical/automated way to validate that you are the legitimate domain holder. If you use their services for the first time then I suggest to choose their Express Lane to get a free certificate for your domain really quick. With the StartSSL certificate wizard you can even auto-generate a private key and the certificate request (CSR) without the need to run cryptic openssl commands in a shell.
Of course you can also use any other provider to get your own certificate. In the end you will only need a certificate that matches your server's fully qualified DNS name (like owncloud.example.org) stored in a server.crt file and a corresponding private key file. When generating the certificate in StartSSL's web interface be sure to save the password protected private key in a text file. For usage with apache httpd you need to have the private key in decrypted format. You can use the "Decrypt private key" function from the StartSSL's toolbox to generate that. Store it in a file named server.key.
3. Configure apache to use the custom certificate
Once you have the files server.crt and server.key just copy them to the directory /opt/bitnami/apache2/conf of the ownCloud server replacing the existing files there. If there are one or more intermediate CAs in your server's certificate trust chain then you need to create a file named /opt/bitnami/apache2/conf/server-ca.crt, put all intermediate certificates in there and uncomment the line
SSLCertificateChainFile "/opt/bitnami/apache2/conf/server-ca.crt"
in the config file /opt/bitnami/apache2/conf/extra/httpd-ssl.conf.
Hint: The free StartSSL certificates use an intermediate CA. Download the StartCom Class 1 Primary Intermediate Server CA certificate and store it as the above mentioned file.
Once you have completed these steps restart apache by running
/opt/bitnami/ctlscript.sh restart apache
If you encouter errors then check the log files in /opt/bitnami/apache2/logs to get a clue of what's wrong and double check the syntax of the config files and the availability of the certificate files.
Using WebDAV with Windows clients
In the "Personal Settings" dialog of the ownCloud web interface you will find the WebDAV path displayed:
 |
| ownCloud configuration screen |
The path will be displayed with either a http:// or an https:// prefix depending on what protocol you used to access the web interface. Both ways will work, but remember that https is SSL encrypted and http not.
Windows has built-in WebDAV support. In Windows 7 you just need to make sure that the "WebClient" service is enabled and running. To connect the WebDAV share you need to map it as a network drive in Explorer while using the URL as network path:
 |
| Map a WebDAV share in Windows Explorer |
 |
| WebClient registry tweaks |
- Create a value named AuthForwardServerList of type REG_MULTI_SZ and enter the URL of your ownCloud server here
- Change the BasicAuthLevel value to 2
- Raise the FileSizeLimitInBytes value to the maximum (hex. 0xffffffff)
- Restart the WebClient service to make these changes effective
Regardless of these registry tweaks you will experience the following limitations when using the Windows built-in WebDAV client:
- The automatic "Reconnect at logon/sign-in" doesn't work. The connection will still be shown in Explorer, but won't get restored. When selecting it you will be prompted for credentials again (although you already saved them).
- Using https will only work if you are using a trusted SSL certificate for your ownCloud server (see instructions above)
Here is how to configure NetDrive for ownCloud:
 |  |
| NetDrive connection configuration | Advanced connection settings |
Thanks for the articles, you've saved me some time :)
ReplyDeleteBTW, didn't you find OwnCloud to be sluggish somehow?
OwnCloud itself is not inherently sluggish. Probably the machine that it runs on causes the problems. A second vCPU and more RAM helps. And the more network bandwidth (on both ends) the better ...
DeleteThank you for article. How did you increase size of the data folder?
ReplyDeleteI added a second large disk to the VM and mounted in onto the data folder. There might be different ways to do it, but I liked the idea of separating the data from the OS.
DeleteGreat Article!
ReplyDeleteThanks a lot for the helpful article
ReplyDeleteThanks for the article, is summarises pretty much my own experience. In my case using a synology NAT.
ReplyDeleteMicrosoft says that it is a feature of basic authentication in Windows, NOT to remember a user’s credentials. See https://support.microsoft.com/en-us/help/943280/prompt-for-credentials-when-you-access-webdav-based-fqdn-sites-in-wind.
There is a work around though. I use a batch file that runs at log via Task Scheduler that goes like this:
Net USE z: https://yoursubdomain.synology.me:5006 /user:yourlogin yourpassword /persistent:no
In this example Z is the drive letter to mount. If you use * it will be the first free letter. Persistent:no switch stops a broken mapping showing at start up, so each login will map the drive afresh.
Obviously you would put your own URL or IP and or port number that refers to your storage space, along with your login details and password.
The down side to this approach is that your username and passwords are visible in a batch file, so make sure that it is located in your user account and that the schedule only runs it from there and for the user it relates to.