owncloud on Centos with nginx and mysql

In this post I am going to show you how to install the free owncloud server.
I will be using Centos , Nginx , mysql and PHP-FPM .

I am not a huge fan of Apache, hence why this guide has nginx!
Sadly some our dependencies  will pull in Apache web server under Centos.
Not to worry just don’t enable Apache/httpd.

Lets get stuck into it.

Firstly Disable selinux
Edit the  file “/etc/selinux/config” and ensure the selinux is disabled :


Next your going to need to add in the ngix repo
Create the file “/etc/yum.repos.d/nginx.repo” and enter the following into it :

name=nginx repo

Now its time to install all the packages you will need to run owncloud.

Install :

yum install mysql mysql-server
yum install nginx
yum install php php-gd php-xml-parser php-intl php-mysql php-mbstring php-xml php-fpm php-pear php-devel pcre-devel

Not the above command will pull in httpd! Yuck! Sadly you have no choice on Centos :

# repoquery --requires php
httpd-mmn = 20051115

That’s OK. Just don’t enable the silly thing.

Lastly since you’re using nginx and not apache you need to fix the default php cache directory permissions. Run the following :

# chown -R root:nginx /var/lib/php/

Ensure to start nginx and set it to start on boot :

# service nginx start
# chkconfig nginx on

Since nginx has no way to spawn a php process, unlike apache with mod_php you need to have anoter proces that can handle the php requests. This is where php-fpm comes into play.

You need to configure a few settings first.

The first settings are for the main server settings.
Edit the file “/etc/php-fpm.conf” set the following :

log_level = notice
emergency_restart_threshold = 10
process_control_timeout = 10s

Next you need to fix up the worker config file :
Edit the file” /etc/php-fpm.d/www.conf” and set the following:

user = nginx
group = nginx

You also need to fix the permissions for the php-fpm log directory.
Run the following command :

chown nginx:nginx -R /var/log/php-fpm/

Enable services to start on boot :

# service php-fpm start
# chkconfig php-fpm on

Now its time for Mysql ( You could try MariaDB if your feeling lucky). For now I will stick with Mysql.

First you need to start mysql and while your at it, set it to start on boot :

# service mysqld start
# chkconfig mysqld on

Now run teh first time install wizard :


Set a root password to something secure.
Answer the questions with the following responses :

Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

Since your going to use the tarball install rather then the RPM package your going to need to create your databases and privileges for owncloud.

Log into mysql as the root user :

# mysql -u root -p"

Give it the root password you set during the start up script.

Now run the following SQl to create the database and assign privileges:

mysql> create database owncloud;
mysql> GRANT ALL PRIVILEGES ON owncloud.* TO "mycloud"@"localhost"  IDENTIFIED BY "password";
mysql> flush privileges;
mysql> quit

DO set a better password. DO NOT use the same password as the root account or any other account. This password will be stored in plain text !

Now its time to unroll the owncloud files into the server.
Install the latest OwnCloud distribution (Select Tar or Zip File) from

At the time of this article I used the command :

# wget http://download.owncloud.org/community/owncloud-5.0.3.tar.bz2

Extract the tarball into your web servers www directory ( or where ever you configured it). In my case :

# tar -xvf owncloud-5.0.3.tar.bz2 -C /cloud/www"

I will configure nginx to serve files form this directory later.

You will also need to set the correct permissions :

chown -R nginx:nginx /cloud/www/

You could skip this section and run everything in plain text but that would be stupid. I will be using NameCheep's Comodo PositiveSSL certificate, as I've used them many times

First up create the ssl working directory for nginx

# mkdir /etc/nginx/ssl

Now change into that directory, its time to create the key and csr request.

# cd  /etc/nginx/ssl
# openssl genrsa -des3 -out DOMAIN_NAME.COM.key 2048

Enter a password when prompted by the above command, the password is not important  we will remove it soon. Replace DOMAIN_NAME.COM with your fully qualified server domain name.

Now generate the CSR :

#  openssl req -new -key DOMAIN_NAME.COM.key -out DOMAIN_NAME.COM.csr

Answer the questions and make sure the server common name matches your fully qualified domain name. You don't need to enter the "extra" attributes.
The contents of the .csr file is what I will give to my certificate issuer.

Remove the password from the key with the following commands :

# openssl rsa -in  DOMAIN_NAME.COM.org -out  DOMAIN_NAME.COM.key

Enter the password for the last time, now the .key file will have no password.

Now upload the contents of the .csr file to NameCheep, select server type of "Other". Then wait for the approval email from NameCheep.

Once you have zip file that contains the certificate, root certificate and intermediate certificate. You need to bundle them into a .pem file for nginx. Unzip the bundle anywhere we will copy pem file to the correct location later.
Create the .pem bundle with the following commands :

# cat PositiveSSLCA2.crt >  DOMAIN_NAME.COM.pem
# cat AddTrustExternalCARoot.crt > DOMAIN_NAME.COM.pem

Now copy the DOMAIN_NAME.COM.pem file into /etc/nginx/ssl directory.

Finally its time to configure nginx it self.
The first file your going to set up will be the main server config file. You can find it at "/etc/nginx/nginx.conf"
Open it and replace all the contents with the below :

## Server Config
user				nginx;
worker_processes  		1;

error_log  			/var/log/nginx/error.log warn;
pid        			/var/run/nginx.pid;

events {
worker_connections 	 	1024;
multi_accept                  on;
use 				epoll;

## Server Config END

http {
## Types mapping
include       		/etc/nginx/mime.types;
default_type  		application/octet-stream;

## Types mapping END

## Main Server log settings
log_format  main  		'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log  			/var/log/nginx/access.log  main;
## Main Server log settings END

## MISC server settings
sendfile        		on;
server_names_hash_bucket_size 64;

## MISC server settings END

## GZIP Settings
gzip  			on;
gzip_static       		on;
gzip_vary         		on;
## GZIP Settings END

## Security Settings
# Turn off srv version
server_tokens 		off;
# Set client requst body buffer
client_body_buffer_size  	1K;
# set client header buffer
client_header_buffer_size 	1k;
# Max size of client body request
client_max_body_size 		1k;
# Max large size of header/buffer to read from client
large_client_header_buffers 	2 1k;
# Read timeout for client body
client_body_timeout   	10;
# Timeout to read client header
client_header_timeout 	10;
# timeout for keepalive andheader keep alive
keepalive_timeout     	5 5;
# Timeout for client responce
send_timeout          	10;
## Security Settings END

## Include Server Blocks
include /etc/nginx/conf.d/*.conf;
## Include Server Blocks END

The next file defines the server blocks and there settings.
Create a file "/etc/nginx/conf.d/" Give it a name like DOMAIN_NAME.COM.conf. The following was mostly taken from the owncloud install guide . With a few modifications for my needs.

server {
  listen               [::]80;
  server_name          DOMAIN_NAME.COM;
  rewrite              ^ https://$server_name$request_uri? permanent;

server {
  listen       	       [::]:443;
  server_name 	       DOMAIN_NAME.COM;
  access_log 	       /var/log/nginx/access.log main;
  error_log	       /var/log/nginx/error.log warn;
  root 		       /cloud/www/owncloud;
  ssl 		       on;
  ssl_certificate      /etc/nginx/ssl/DOMAIN_NAME.COM.pem;
  ssl_certificate_key  /etc/nginx/ssl/DOMAIN_NAME.COM.key;
  client_max_body_size 10G;
  fastcgi_buffers 64   4K;
  rewrite              ^/caldav((/|$).*)$ /remote.php/caldav$1 last;
  rewrite              ^/carddav((/|$).*)$ /remote.php/carddav$1 last;
  rewrite              ^/webdav((/|$).*)$ /remote.php/webdav$1 last;
  index                index.php;
  error_page 403 =     /core/templates/403.php;
  error_page 404 =     /core/templates/404.php;

  location ~           ^/(data|config|\.ht|db_structure\.xml|README) {
  deny                 all;

location               / {
  rewrite              ^/.well-known/host-meta /public.php?service=host-meta last;
  rewrite              ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
  rewrite              ^/.well-known/carddav /remote.php/carddav/ redirect;
  rewrite              ^/.well-known/caldav /remote.php/caldav/ redirect;
  rewrite              ^(/core/doc/[^\/]+/)$ $1/index.html;
  try_files            $uri $uri/ index.php;

location = 	       /favicon.ico {
  return 	       204;
  access_log           off;
  log_not_found        off;
location ~             ^(.+?\.php)(/.*)?$ {
  try_files            $1 = 404;  
  include              fastcgi_params;
  fastcgi_param        SCRIPT_FILENAME /cloud/www/owncloud$fastcgi_script_name;
  fastcgi_param        HTTPS on;

location ~* 	       ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
  expires              30d;
  access_log           off;

Ensure you change all the "DOMAIN_NAME.COM" to your real servers fully qualified domain name.

Restart nginx after changing the above to config files.

To be able to upload any files bigger then 1MB you need to edit the php.ini file.

Open the file "/etc/php.ini" and set the following :

upload_max_filesize = 8G
post_max_size = 10G

This will allow you to upload an 8GB file, Set the vales to something that makes sense to you.

So very close now. Browse to your servers DNS name.
Enter a username and password for the owncloud admin account.
Try make this different too.
Next select the "advance install" drop down item.
Select "mysql" and enter the DB user,pass and DB name.
The above details are what you set up in step 4.

After that, create some users and have fun!.

There are obviously more things that can/could be done. Server Harding, mysql tuning better data structure placement etc but I will leave that up to you.
The above guide will get you a functional owncloud install with Nginx m Mysql and php-fpm.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: