Posted on by & filed under infrastructure, IT, performance, security, Tech.

Cloud Storage?

Are you worried about storing your files on services like Dropbox, Google Drive, or iCloud? Storage providers have had their fair share of compromises and bugs. Many cloud storage services claim to use encryption but this is usually referring to the SSL transport from the Cloud to your application or web browser. This isn’t the same as using file encryption where the data is stored. In fact, this is something that Edward Snowden honed in on when he was interviewed this summer.

It was suggested to use services like SpiderOak that encrypt files on the client side and give you control over your encryption keys. My experience with SpiderOak was short-lived. When I installed their client, I received a Python error window that said, “Python Quit Unexpectedly”.  Even if the service claims to encrypt, you are putting your files somewhere else and trusting that bugs won’t be introduced which compromise the encryption or authentication. Why not provide your cloud storage solution for yourself with an open source product?

I thought I would share my installation of ownCloud which, I think, takes advantage of the best tools in their class.

ownCloud DIY Cloud Storage

ownCloud is a WebDAV-based service that uses a web server on the front end and database system on the backend like SQLite, MariaDB, Oracle, MSSQL, and PostgreSQL. You install the application on your own Linux machine so you are in control over your own cloud. Installation has multiple steps but follows most LAMP installations. You can install this on Ubuntu by adding a repository to your sources. I found that I wasn’t getting the latest developed material so I chose to do it from the GitHub repo.

Installing Supporting Applications

First we need to install Nginx. I chose Nginx for its spdy support (HTTP/2) and PHP5-fpm which is a PHP accelerator using FastCGI. The application uses a database on the backend. I chose MySQL server 5.6 because of its high performance thread pooling and its great performance benchmarks.

For the GitHub part you need the following packages:

…and finally installing the source utility required:

Now you can install the development environment like so:

Then install ownCloud from git:

Adjust rights:

What about the php5-fpm stuff?

I deviated from the default unix socket for php5-fpm.  I made it listen to tcp port 9000 by doing the following

I also commented out the default Unix socket setting and added

Now it is time to bounce it to read the new settings.

This will reload the php5-fpm daemon and read the changed settings.

The glue: How do we tell Nginx what to do?

Tell Nginx about the php5-fpm upstream PHP handler. Add this to your /etc/nginx/sites-enabled/default file:

Now we need to add the site specification in Nginx by adding it to /etc/nginx/sites-enabled/default. Here is mine with server host names removed (make sure to add your own!). I searched around quite a bit to find Nginx configuration that suits our needs.  There are lot of Apache examples out there.

 

Make a MySQL database for ownCloud

Assuming MySQL experience, you just need to make a database with some reasonable grants:

…and then assign a grant:

Tell ownCloud where to put the data

Below is my configuration file with passwords changed.  I want to mention that it is a good practice to store web data out of the server root.  These files are available to Nginx and if there was a compromise this might mean your sensitive data would be exposed to the Internet, encrypted or not.

 

Make sure they start on reboot

Now that we have tied all the services together we should guarantee that they come up on server restart on the correct runlevel.  I have typically done this with sysv-rc-conf on Ubuntu systems.  Running this command allows you to check the runlevel you want the service to run on.

 

Screen Shot 2014-11-26 at 11.44.56 PM

Download and install the client

The clients are available here http://owncloud.org/sync-clients/ for Mac OS X, Windows, and Linux.

Once you install your client, it will ask you for a local folder to sync and to which folder on the server. At this point you can point your web browser to the Nginx service you defined: https://your.server.com:10000.  You will be asked to create an administrator account. You can then add users and plugin applications. You can share folders and files with users and offer public links.

ownCloud has a pretty extensible API for plugin support. I browsed their library and it felt like there were hundreds of plugins for ownCloud.

Here are a few notable plugins worth mentioning:

Server-side Encryption – Encrypts all the files on the server as described

Share Files – Allows you to share files with other users within their ownCloud share

External storage support – Allows you to mount and share external storage from Google Drive, AWS S3, and Dropbox

Galleries – A photo gallery that allows you to share with Internal External users

Loads of other applications for ownCloud…

Nginx content on Safari 

Cloud Storage on Safari

Tags: encryption, healthy paranoia, owncloud, security,

Comments are closed.