Hi again,
adding to the list of questions...
I installed last night owncloud. As soon as it comes up, the first thing is a setup and security advice. And at the very top of the window, blinks for a few seconds a note announcing version 8.1.3 is available.
Setting up cache and ssl are the two warnings on this section. Cache seems to belong into ownclowd internals. I can research it, and use what the official documentation says, unless there is a zfsguru best practice to apply?
The other message "You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our security tips" points to zfsguru internals.
Can you point me where I should start?
Leaving the setup and going further down to the upgrade section, I pressed the update button, and that brought up a message and long list of files and directories which owncloud apparently tried to download.
"Make sure that your web server has write access to the following files and directories". I retried but it didn't work
so I stopped there.
So... what is your prescribed procedure when owncloud prompts the user to upgrade?
Thank you,
hg
Latest interface: | 0.3.1 |
Latest system: | 010 |
hgeorgescu User 41 posts |
| |||
CiPHER Developer 1199 posts |
HTTPS is not easy to setup. You need Apache or NGinx webserver, you need to configure it, you need to create your own SSL certificate and you need to configure your browser to accept it. You only need HTTPS if you access Owncloud via an unsafe network, like the internet. If you connect to Owncloud from your local network, HTTP is just fine! Upgrading may not work out of the box - probably the permissions would need to be set very wide and ZFSguru uses strict permissions for security reasons. Generally you update by updating ZFSguru to a newer system version. The versions may trail slightly with what is available upstream. | |||
ShaRose User 18 posts |
Actually, setting up HTTPS is pretty easy. I'm assuming you mean with LightHTTPd which is what the zfsguru control panel uses (I don't use owncloud, so I don't know if it does it's own thing). Oh, and make sure you do all of this as root. So use su. As said, you do need a certificate. If you own a domain you can get a free with with StartSSL (https://startssl.com/). Once you have that, make sure it's all cat'd together. (cat myserver.key mycert.crt myintermediate.pem > myserver.pem) Now we add https to lighthttpd. ssh in (or use the console) and use the following: ee /usr/local/etc/lighttpd/lighttpd.conf Now, use pagedown to go RIGHT to the bottom. We are going to add a few lines. # this tells it to listen on socket 443 $SERVER["socket"] == ":443" { # turn on the ssl engine for this port ssl.engine = "enable" # and this points it to the PEM encoded key / cert ssl.pemfile = "/my/path/to/cert/myserver.pem" } Hell, if you want, you can even force https (it'll even tell it to use the right domain name!) Just add the following lines: $HTTP["scheme"] == "http" { url.redirect = (".*" => "https://My.ZFSGuru.Server.Domain$0") } # note if you try and connect to https directly to the IP it'll still complain at you at first, but who would do that, right? $HTTP["host"] != "my.zfsguru.server.domain" { url.redirect = (".*" => "https://My.ZFSGuru.Server.Domain$0") } Then just restart lighthttpd with: service lighttpd restart And now browse to the settings. You should have a nice happy https server, and if you are used to using http it'll redirect you properly to https. Easy! | |||
CiPHER Developer 1199 posts |
Not that easy to be honest. But all things are relative. :) Having Lighttpd - the webserver for the ZFSguru interface - exposed to the internet is definitely not recommended. A separate webserver like Apache or NGinx is the bare minimum to protect your ZFS NAS server. |
Last Page |