Masuk ke server Ubuntu (Aku guna Ubuntu 14.0.4 dan masa install aku hanya pilih install ssh-server je). Lepas tu guna putty masuk ke server tu. Biasanya ini best practices cara aku klu korang nak start.
apt-get update
apt-get upgrade
Install la MariaDB database yang akan femes masa kini. Tapi kalau korang nak guna yang lain kena la cari kat tempat lain ye!
sudo apt-get install mariadb-server
Guna skrip dibawah klu korang nak secure db korang. Tp aku recommend buat la.
mysql_secure_installation
Jawab soklan ikut macamana korang nak securitykan DB korang tu. Tak faham tanya pakcik google.
- Set root password? [Y/n] y
- Remove anonymous users? [Y/n] y
- Disallow root login remotely? [Y/n] y
- Remove test database and access to it? [Y/n] y
- Reload privilege tables now? [Y/n] y
Masuk ke MariaDB sebagai root dan korang create user baru untuk database Owncloud tu
mysql -u root -p
Enter password:
MariaDB [(none)]> CREATE DATABASE owncloud;
MariaDB [(none)]> GRANT ALL ON owncloud.* to ownclouduser@localhost identified by 'YOURPASSWORD';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \q
Install Nginx web server, PHP5-FPM dan pakej yang diperlukan ... just cut and paste je .. dulu penerangan kenapa kena install korang google la ...
sudo apt-get install nginx php5-fpm php5-common php5-cli php5-json php5-mysql php5-curl php5-intl php5-mcrypt php5-memcache php5-gd
Dah siap boleh la g download pakej Installer ownCLoud dari website dia.Version aku 7.0.4
cd /usr/share/
sudo wget https://download.owncloud.org/community/owncloud-7.0.4.tar.bz2
sudo tar xvfj owncloud-7.0.4.tar.bz2
sudo rm owncloud-7.0.4.tar.bz2
sudo chown -R www-data:www-data owncloud/
Korang kena generate sijil ssl dia dan adjust sket nginx config
sudo mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/owncloud.key -out /etc/nginx/ssl/owncloud.crt
Akan keluar satu scripts so follow Me la ...
Generating a 2048 bit RSA private key
..+++
....................+++
writing new private key to '/etc/nginx/ssl/owncloud.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:MY
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
Edit atau create virtual block dalam nginx
sudo vi /etc/nginx/sites-available/default
Masukan script ni la bro !.
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/var/run/php5-fpm.sock;
}
server {
listen 80;
server_name 10.0.0.11;
return 301 https://$server_name$request_uri; # enforce https
}
server {
listen 443 ssl;
server_name 10.0.0.11;
ssl_certificate /etc/nginx/ssl/owncloud.crt;
ssl_certificate_key /etc/nginx/ssl/owncloud.key;
# Path to the root of your installation
root /usr/share/owncloud;
client_max_body_size 10G; # set max upload size
fastcgi_buffers 64 4K;
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README) {
deny all;
}
location / {
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ index.php;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_pass php-handler;
}
# Optional: set long EXPIRES header on static assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
# Optional: Don't log access to assets
access_log off;
}
}
Enable kan script tadi ...
sudo ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default/
Editkan php-fpm config fail.
sudo vi /etc/php5/fpm/pool.d/www.conf
Masukan atau periksa value
listen = /var/www/php5-fpm.sock
listen.owner = www-data
listen.group = www-data
Restart Nginx and PHP-FPM.
sudo service nginx restart
sudo service php5-fpm restart
sudo service php5-fpm restart
