Latest interface: 0.3.1
Latest system: 010
hgeorgescu
User

41 posts

Posted on 23 September 2015 @ 12:06
Hi again,
adding to the list of questions...
I installed last night owncloud. As soon as it comes up, the first thing is a setup and security advice. And at the very top of the window, blinks for a few seconds a note announcing version 8.1.3 is available.

Setting up cache and ssl are the two warnings on this section. Cache seems to belong into ownclowd internals. I can research it, and use what the official documentation says, unless there is a zfsguru best practice to apply?
The other message "You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our security tips" points to zfsguru internals.
Can you point me where I should start?

Leaving the setup and going further down to the upgrade section, I pressed the update button, and that brought up a message and long list of files and directories which owncloud apparently tried to download.
"Make sure that your web server has write access to the following files and directories". I retried but it didn't work
so I stopped there.
So... what is your prescribed procedure when owncloud prompts the user to upgrade?
Thank you,
hg

CiPHER
Developer

1199 posts

Posted on 23 September 2015 @ 17:56
HTTPS is not easy to setup. You need Apache or NGinx webserver, you need to configure it, you need to create your own SSL certificate and you need to configure your browser to accept it.

You only need HTTPS if you access Owncloud via an unsafe network, like the internet. If you connect to Owncloud from your local network, HTTP is just fine!

Upgrading may not work out of the box - probably the permissions would need to be set very wide and ZFSguru uses strict permissions for security reasons. Generally you update by updating ZFSguru to a newer system version. The versions may trail slightly with what is available upstream.
ShaRose
User

18 posts

Posted on 23 September 2015 @ 21:17
Actually, setting up HTTPS is pretty easy. I'm assuming you mean with LightHTTPd which is what the zfsguru control panel uses (I don't use owncloud, so I don't know if it does it's own thing).

Oh, and make sure you do all of this as root. So use su.

As said, you do need a certificate. If you own a domain you can get a free with with StartSSL (https://startssl.com/). Once you have that, make sure it's all cat'd together. (cat myserver.key mycert.crt myintermediate.pem > myserver.pem)

Now we add https to lighthttpd. ssh in (or use the console) and use the following:
ee /usr/local/etc/lighttpd/lighttpd.conf

Now, use pagedown to go RIGHT to the bottom. We are going to add a few lines.

# this tells it to listen on socket 443
$SERVER["socket"] == ":443" {
# turn on the ssl engine for this port
ssl.engine = "enable"
# and this points it to the PEM encoded key / cert
ssl.pemfile = "/my/path/to/cert/myserver.pem"
}

Hell, if you want, you can even force https (it'll even tell it to use the right domain name!) Just add the following lines:

$HTTP["scheme"] == "http" {
url.redirect = (".*" => "https://My.ZFSGuru.Server.Domain$0")
}
# note if you try and connect to https directly to the IP it'll still complain at you at first, but who would do that, right?
$HTTP["host"] != "my.zfsguru.server.domain" {
url.redirect = (".*" => "https://My.ZFSGuru.Server.Domain$0")
}

Then just restart lighthttpd with:
service lighttpd restart

And now browse to the settings. You should have a nice happy https server, and if you are used to using http it'll redirect you properly to https. Easy!
CiPHER
Developer

1199 posts

Posted on 24 September 2015 @ 00:00edited 00:02 16s
Not that easy to be honest. But all things are relative. :)

Having Lighttpd - the webserver for the ZFSguru interface - exposed to the internet is definitely not recommended. A separate webserver like Apache or NGinx is the bare minimum to protect your ZFS NAS server.
Last Page

Valid XHTML 1.1