Thursday, January 8, 2015

How to install OwnCloud 7 on CentOS 7

I based this post on this, http://www.itzgeek.com/how-tos/linux/centos-how-tos/install-owncloud-7-on-centos-7-rhel-7.html , but with some changes, like installing OwnCloud through the repository instead of extracting the tar archive. This way we get yum updates. There are other some minor changes.

We install with yum the prerequisites,

yum install httpd php php-mysql mariadb-server mariadb sqlite php-dom php-mbstring php-gd php-pdo wget


I don't like SELinux as it gave me a big headache with Samba 4 AD, and have disabled it already. The howto I am based on mentions to run this command in order to allow OwnCloud to write data, but I have not tested it:

setsebool -P httpd_unified 1


Opening ports to Apache in firewall,

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload


Start Apache and MariaDB,

systemctl start httpd.service
systemctl start mariadb.service

Auto start the service at system start-up.

systemctl enable httpd.service
systemctl enable mariadb.service

Download and setup. We first install the repo. It is the official one.

cd /etc/yum.repos.d/
wget http://download.opensuse.org/repositories/isv:ownCloud:community/CentOS_CentOS-7/isv:ownCloud:community.repo
yum install owncloud

Setting the owner to Apache:

chown -R apache:apache /var/www/html/owncloud/

Now we create the database and the user for MariaDB:

mysql -u root -p
create database clouddb;
grant all on clouddb.* to 'clouddbuser'@'localhost' identified by 'password';

Next is configure the virtual host Apache file,

vi /etc/httpd/conf.d/owncloud.conf

Add the following,

<Directory /var/www/html/owncloud>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

Restart Apache server,

systemctl restart httpd.service

And then you are good to go to https://yourserver/owncloud to further configuration. Select MySQL/MariaDB instead of SQLite.


Para este post me he basado en: http://www.itzgeek.com/how-tos/linux/centos-how-tos/install-owncloud-7-on-centos-7-rhel-7.html , pero con algunos cambios, como instalar OwnCloud a través del repostorio en vez de sólo extraer el fichero tar. De esta manera, tenemos actualizaciones con yum. Hay algún otro cambio menor.

Instalamos con yum los prerequisitos,

yum install httpd php php-mysql mariadb-server mariadb sqlite php-dom php-mbstring php-gd php-pdo wget


No me gusta SELinux ya que me dio muchos problemas en un AD con Samba 4, por lo que lo tengo deshabilitado. El howto en el que me baso indica ejecutar este comando para permitir a OwnCloud que pueda escribir sus propios datos. Esto no lo he testeado:

setsebool -P httpd_unified 1


Abrimos puertos para Apache en el firewall,

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload


Arrancamos Apache y MariaDB,

systemctl start httpd.service
systemctl start mariadb.service

Para que los servicios arranquen automáticamente en el botado,

systemctl enable httpd.service
systemctl enable mariadb.service

Bajamos OwnCloud y configuramos. Primero instalamos el repo. Es el oficial.

cd /etc/yum.repos.d/
wget http://download.opensuse.org/repositories/isv:ownCloud:community/CentOS_CentOS-7/isv:ownCloud:community.repo
yum install owncloud

Ponemos como propietario a Apache:

chown -R apache:apache /var/www/html/owncloud/

Ahora se crea la base de datos y el usuario en MariaDB:

mysql -u root -p
create database clouddb;
grant all on clouddb.* to 'clouddbuser'@'localhost' identified by 'password';

Lo siguiente es configurar el fichero de virtual host de Apache,

vi /etc/httpd/conf.d/owncloud.conf

Se añade lo siguiente,

<Directory /var/www/html/owncloud>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

Reiniamos el servidor Apache,

systemctl restart httpd.service

Y a partir de aquí ya podemos ir a https://yourserver/owncloud para seguir configurando. Seleccionamos MySQL/MariaDB en vez de SQLite.

Posted by at No comments:
Labels: , ,

Friday, January 2, 2015

Installing Samba 4 on CentOS 7

If you try to install a Samba 4 domain controller in a CentOS 7, you will find that some essential things are missing, like the samba-tool command which is required to set up AD.

This is because RHEL uses MIT Kerberos implementation which does not support Samba AD at the moment (they are working on it) as stated in https://blog.cryptomilk.org/2014/07/09/samba-ad-dc-in-fedora-and-rhel/

But we can use SerNet's repo for CentOS 7. There is another repo available for CentOS 6 also.

Steps are:

1. Go to https://portal.enterprisesamba.com and register.
2. Download the rpms, or better configure yum repo (you will find all there, just add it to /etc/yum.repos.d ).
3. Do a yum install sernet-samba-ad sernet-samba

 [root@setovi yum.repos.d]# yum search sernet  
 Loaded plugins: fastestmirror, langpacks  
 Loading mirror speeds from cached hostfile  
  * base: ftp.cixug.es  
  * extras: ftp.cixug.es  
  * updates: ftp.cixug.es  
 ============================================= N/S matched: sernet =============================================  
 sernet-samba.x86_64 : SerNet Samba SMB/CIFS file, print and authentication server  
 sernet-samba-ad.x86_64 : SerNet Samba AD domain controller  
 sernet-samba-client.x86_64 : SerNet Samba Client Utilities  
 sernet-samba-common.x86_64 : SerNet Samba Common Files  
 sernet-samba-debuginfo.x86_64 : Debug information for package sernet-samba  
 sernet-samba-libs.x86_64 : SerNet Samba Common Library Files  
 sernet-samba-libsmbclient-devel.x86_64 : SerNet Samba header files to develop programs with smbclient support  
 sernet-samba-libsmbclient0.x86_64 : SerNet Samba client library  
 sernet-samba-winbind.x86_64 : SerNet Samba winbind daemon and tool  
 sernet-samba-libwbclient-devel.x86_64 : Libraries and Header Files to Develop Programs with wbclient Support  
  Name and summary matches only, use "search all" for everything.  
 [root@setovi yum.repos.d]#
Si intentáis instalar un controlador de dominio Samba 4 en una CentOS 7, vais a encontraros con que faltan cosas esenciales, como el comando samba-tool con el que se configura el AD.

Esto se debe a que RHEL usa la implementación de Kerberos del MIT, que a día de hoy no soporta el AD de Samba, aunque están trabajando en ello. Más info en https://blog.cryptomilk.org/2014/07/09/samba-ad-dc-in-fedora-and-rhel/

Pero se puede usar los repos de SerNet para CentOS 7. Hay otro repo para CentOS 6 también.

Los pasos son:

1. Ir a https://portal.enterprisesamba.com y registrarse.
2. Descargar los rpms, o mejor configurar el repo (en la web encontraréis todo, sólo hay que añadirlo a /etc/yum.repos.d ).
3. Ejecutar un  yum install sernet-samba-ad sernet-samba

 [root@setovi yum.repos.d]# yum search sernet  
 Loaded plugins: fastestmirror, langpacks  
 Loading mirror speeds from cached hostfile  
  * base: ftp.cixug.es  
  * extras: ftp.cixug.es  
  * updates: ftp.cixug.es  
 ============================================= N/S matched: sernet =============================================  
 sernet-samba.x86_64 : SerNet Samba SMB/CIFS file, print and authentication server  
 sernet-samba-ad.x86_64 : SerNet Samba AD domain controller  
 sernet-samba-client.x86_64 : SerNet Samba Client Utilities  
 sernet-samba-common.x86_64 : SerNet Samba Common Files  
 sernet-samba-debuginfo.x86_64 : Debug information for package sernet-samba  
 sernet-samba-libs.x86_64 : SerNet Samba Common Library Files  
 sernet-samba-libsmbclient-devel.x86_64 : SerNet Samba header files to develop programs with smbclient support  
 sernet-samba-libsmbclient0.x86_64 : SerNet Samba client library  
 sernet-samba-winbind.x86_64 : SerNet Samba winbind daemon and tool  
 sernet-samba-libwbclient-devel.x86_64 : Libraries and Header Files to Develop Programs with wbclient Support  
  Name and summary matches only, use "search all" for everything.  
 [root@setovi yum.repos.d]#

Posted by at No comments:
Labels: , , ,

Friday, December 19, 2014

Installing Pydio 6 on CentOS 7

I am going to start this blog with this article, which describes the needed steps to install Pydio on a CentOS 7.

Right now there is no howto in http://pyd.io regarding this OS version, so I think it may be interesting. It is based on this existing howto. However you need to change some small things in order for it to work with CentOS 7.

I have used the minimal install from the iso named CentOS-7.0-1406-x86_64-DVD.iso .

First things first,

 yum install wget

Next step is providing the installation dependencies for Pydio,

 wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm  
 wget http://rpms.famillecollet.com/enterprise/remi-release-7.rpm  
 rpm -Uvh remi-release-7.rpm epel-release-7*.rpm  
 yum update


The following command will install PHP and its dependencies:

 yum install php php-apc php-mbstring php-pecl-apc php-mysql php-cli php-devel php-gd php-ldap php-pecl-memcache php-pspell php-snmp php-xmlrpc php-xml php-imap php-mcrypt*


Now you have to edit /etc/php.ini to change some parameters for Pydio to work properly. With vi or your preferred editor,

  • Change output_buffering = 4096 to output_buffering = Off
  • Change post_max_size = 8M to post_max_size = 1024M
  • Change upload_max_filesize = 2M to upload_max_filesize = 1024M

Next is installing and configuring MariaDB. It will start on boot.

 yum install mariadb-server  
 systemctl start mariadb.service  
 systemctl enable mariadb.service  
 /usr/bin/mysql_secure_installation

The last command is a wizard in which you can set the MySQL root password and some security settings more, like removing the anonymous user. The first question is the current root password, which is none so just press Enter.

Then you have to create the Pydio database, with the mysql command tool.

 mysql -u root -p


It will ask you for the password you have just set, hopefully.

Then enter the following SQL commands at the prompt to create the database and the Pydio user for the database.

 create database pydio;  
 create user pydio@localhost identified by 'mysqlpassword';  
 grant all privileges on pydio.* to pydio@localhost identified by 'mysqlpassword' with grant option;


... where mysqlpassword is the Pydio database user password. CTRL-d to exit.

Next step is installing Apache and mod_ssl. In my CentOS minimal installation Apache was already installed. And enabling the service to start on boot.

 yum install httpd  
 yum install openssl mod_ssl  
 systemctl start httpd.service  
 systemctl enable httpd.service

The following command will create a self-signed certificate for Pydio. As it is self-signed, browsers will issue a warning but whatever. It will last for 3650 days.

 openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/pki/tls/private/pydio.key -out /etc/pki/tls/certs/pydio.crt

You will be prompted with some questions about location, organization name and so on.

Next commands are to tell Apache about the paths to the certificate files we have just created.

 sed -i "s/localhost.crt/pydio.crt/g" /etc/httpd/conf.d/ssl.conf  
 sed -i "s/localhost.key/pydio.key/g" /etc/httpd/conf.d/ssl.conf

Next commands are for installing Pydio.

 rpm -Uvh http://dl.ajaxplorer.info/repos/pydio-release-1-1.noarch.rpm  
 yum update  
 yum --disablerepo=pydio-testing install pydio

Now we have to edit the Pydio .conf file for Apache because CentOS 7 installs Apache 2.4, and the default .conf has two directives which are no longed valid. If you don't to this, you will get a 403 Forbidden error if you try to access Pydio.

Edit /etc/httpd/conf.d/pydio.conf and delete the following lines:

 Order allow,deny  
 Allow from all

... and put this one instead of them:

 Require all granted

Restart Apache:

 systemctl restart httpd.service

And some commands to harden the file security. /usr/share/pydio is the default Pydio installation path.

 chown -R root:apache /usr/share/pydio  
 cd /usr/share/pydio  
 find ./ -type d -exec chmod u=rwx,g=rx,o= '{}' \;  
 find ./ -type f -exec chmod u=rw,g=r,o= '{}' \;  
 chown -R apache:apache /var/lib/pydio  
 cd /var/lib/pydio  
 find ./ -type d -exec chmod u=rwx,g=rx,o= '{}' \;  
 find ./ -type f -exec chmod u=rw,g=r,o= '{}' \;


Last find commands are not going to be very useful as Apache will write files with 644 mask. Have a look at this to configure SELinux.

And that's all! Browse to http://yourserver/pydio or better https://yourserver/pydio . If you are browsing from another computer you will need to open the web server ports in the firewall, or if you are in a hurry to test just disable the firewall service,

 systemctl stop firewalld.service \;



Voy a comenzar mi blog con este artículo, que describe los pasos necesarios para instalar Pydio en una CentOS 7.

En el momento de escribir esto no hay un howto en la web oficial http://pyd.io para esta versión de CentOS, así que creo que puede ser interesante. Me baso en este howto ya existente, cambiando ciertas cosas para que funcione en CentOS 7.

He usado la "minimal install" del iso CentOS-7.0-1406-x86_64-DVD.iso .

Lo primero es lo primero,

 yum install wget


En el paso siguiente proporcionamos las dependencias de instalación de Pydio,

 wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm  
 wget http://rpms.famillecollet.com/enterprise/remi-release-7.rpm  
 rpm -Uvh remi-release-7.rpm epel-release-7*.rpm  
 yum update


El comando siguiente instala PHP y sus dependencias:

 yum install php php-apc php-mbstring php-pecl-apc php-mysql php-cli php-devel php-gd php-ldap php-pecl-memcache php-pspell php-snmp php-xmlrpc php-xml php-imap php-mcrypt*


Ahora hay que editar el /etc/php.ini para cambiar algunos parámetros que Pydio necesita para funcionar correctamente. Con vi o tu editor preferido,

  • Cambia output_buffering = 4096 a output_buffering = Off
  • Cambia post_max_size = 8M a post_max_size = 1024M
  • Cambia upload_max_filesize = 2M a upload_max_filesize = 1024M
Ahora se instala y configura MariaDB. Arrancará en el botado.

 yum install mariadb-server  
 systemctl start mariadb.service  
 systemctl enable mariadb.service  
 /usr/bin/mysql_secure_installation

El último comando es un wizard en el que se establece la contraseña de root de MySQL y algunos settings más, como quitar el usuario anónimo. La primera pregunta es la contraseña de root actual, que es nula, así que pulsa Enter.

Ahora se crea la base de datos de Pydio, con la utilidad de línea de comandos mysql.

 mysql -u root -p


Te preguntará por la contraseña de root que acabas de poner.

A continuación introduce los siguientes comandos en el prompt SQL para crear la base de datos y el usuario de Pydio de base de datos.

 create database pydio;  
 create user pydio@localhost identified by 'mysqlpassword';  
 grant all privileges on pydio.* to pydio@localhost identified by 'mysqlpassword' with grant option;


... donde mysqlpassword es la contraseña del usuario de base de datos de Pydio. CTRL-d para salir.

El siguiente paso es instalar Apache y el mod_ssl. En mi instalación mínima de CentOS el Apache ya estaba instalado. Y habilitamos el servicio para que arranque en el botado.
 yum install httpd  
 yum install openssl mod_ssl  
 systemctl start httpd.service  
 systemctl enable httpd.service

El siguiente comando creará un certificado auto-firmado para Pydio. Como está auto-firmado, los navegadores mostrarán una advertencia, pero da igual. Durará 3650 días.

 openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/pki/tls/private/pydio.key -out /etc/pki/tls/certs/pydio.crt

Te preguntará ubicación, nombre de la organización, y algunas cosas más.

Los siguientes comandos son para decirle a Apache sobre las rutas a los archivos de certificado que acabamos de crear.
 sed -i "s/localhost.crt/pydio.crt/g" /etc/httpd/conf.d/ssl.conf  
 sed -i "s/localhost.key/pydio.key/g" /etc/httpd/conf.d/ssl.conf

Los siguientes comandos instalan Pydio.

 rpm -Uvh http://dl.ajaxplorer.info/repos/pydio-release-1-1.noarch.rpm  
 yum update  
 yum --disablerepo=pydio-testing install pydio

Ahora tenemos que edir el fichero .conf de Pydio para Apache porque CentOS 7 instala Apache 2.4, y el fichero .conf de por defecto tiene dos directivas que ya no son válidas para esta versión. Si no se hace esto, en vez de la web de Pydio aparecerán errores 403 Forbidden.

Edita
 Order allow,deny  
 Allow from all

... y pon esta en su lugar:

 Require all granted

Reiniciar Apache:

 systemctl restart httpd.service

Y ahora, unos comandos para fortalecer la seguridad a nivel de fichero. /usr/share/pydio es la ruta por defecto de instalación de Pydio

 chown -R root:apache /usr/share/pydio  
 cd /usr/share/pydio  
 find ./ -type d -exec chmod u=rwx,g=rx,o= '{}' \;  
 find ./ -type f -exec chmod u=rw,g=r,o= '{}' \;  
 chown -R apache:apache /var/lib/pydio  
 cd /var/lib/pydio  
 find ./ -type d -exec chmod u=rwx,g=rx,o= '{}' \;  
 find ./ -type f -exec chmod u=rw,g=r,o= '{}' \;


Los últimos comandos find no van a ser muy útiles ya que Apache escribirá ficheros con la máscara 644. Échale un vistazo a esto para configurar SELinux.

¡Y eso es todo! Navega a http://tuservidor/pydio o mejor a https://tuservidor/pydio . Si estás accediendo desde otro ordenador necesitarás abrir los puertos para servicio web en el firewall, o si tienes prisa por probarlo sólo deshabilita el firewall,

 systemctl stop firewalld.service \;

Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)