AlmaLinuxRHEL Based

How To Install OwnCloud on AlmaLinux 10

Install OwnCloud on AlmaLinux 10

Self-hosted cloud storage has become essential for organizations and individuals seeking complete control over their data. OwnCloud stands out as a powerful, open-source file sharing and collaboration platform that offers enterprise-grade features without the privacy concerns of third-party cloud providers. AlmaLinux 10, with its enterprise-level stability and long-term support, provides the perfect foundation for hosting OwnCloud in production environments.

This comprehensive guide walks through every step of installing and configuring OwnCloud on AlmaLinux 10 using Nginx, PHP 8, and MariaDB. From initial system preparation to SSL certificate implementation and security hardening, this tutorial covers everything needed to deploy a fully functional, secure cloud storage server. Whether setting up personal file storage or deploying a solution for team collaboration, this guide provides the detailed instructions required for a successful implementation.

Table of Contents

What is OwnCloud?

OwnCloud is a self-hosted file synchronization and sharing platform that gives users complete control over their data. Unlike commercial cloud storage solutions such as Dropbox or Google Drive, OwnCloud runs on private servers, ensuring data privacy and eliminating subscription costs. The platform supports file sync and share capabilities, calendar integration, contacts management, document collaboration, and extensive customization through its app ecosystem.

Three editions are available: Community Edition (free and open-source), Standard Edition, and Enterprise Edition. The Community Edition provides all core functionality needed for most deployment scenarios. OwnCloud emphasizes security, offering features like file encryption at rest, secure external sharing, and comprehensive access controls. Organizations worldwide trust OwnCloud for managing sensitive data while maintaining compliance with data protection regulations.

While similar to Nextcloud, OwnCloud focuses more heavily on enterprise file collaboration and maintains a more conservative approach to feature development, prioritizing stability and reliability. This makes it particularly suitable for production environments where consistent performance matters most.

Why Choose AlmaLinux 10 for OwnCloud?

AlmaLinux 10 represents a major milestone in community-driven enterprise Linux distributions. As a 1:1 binary compatible fork of Red Hat Enterprise Linux (RHEL), AlmaLinux delivers enterprise-grade stability without licensing costs. The distribution provides long-term support, predictable release cycles, and extensive security updates—all critical factors for hosting production services like OwnCloud.

AlmaLinux 10 introduces significant improvements including frame pointers for better performance analysis, extended x86-64-v2 architecture support, and enhanced security features. The operating system benefits from rigorous testing and a strong community backing, ensuring both reliability and prompt security patches. For system administrators familiar with RHEL or CentOS, AlmaLinux offers a seamless migration path with familiar tools and package management.

The combination of AlmaLinux’s rock-solid foundation with OwnCloud’s mature codebase creates an ideal environment for organizations requiring dependable, self-hosted cloud storage. Both projects prioritize stability over bleeding-edge features, making them perfect companions for business-critical deployments.

Prerequisites and System Requirements

Server Requirements

A minimum hardware configuration of 2 CPU cores and 4GB RAM provides adequate performance for small deployments with 5-10 users. Production environments with 50+ users should provision at least 4 CPU cores and 8GB RAM. Storage requirements vary based on usage, but allocating at least 20GB for the operating system and OwnCloud installation is recommended, with additional storage for user data mounted separately.

Virtual machines work perfectly for OwnCloud deployments. Cloud providers like DigitalOcean, Linode, or AWS EC2 offer suitable instances. Physical servers provide better I/O performance for installations with heavy file access patterns.

Software Requirements

Begin with a fresh AlmaLinux 10 installation with root or sudo administrative access. OwnCloud has specific software dependencies that must be met: PHP 8 (critically important—newer versions are not yet fully supported), MariaDB 10.11 or MySQL 8.0+, and either Nginx or Apache web server. This guide focuses on Nginx for its superior performance and resource efficiency.

PHP extensions required include bz2, ctype, curl, fpm, gd, intl, json, fileinfo, libxml, mbstring, mysqlnd, openssl, posix, session, simplexml, xmlreader, xmlwriter, zip, and zlib. These extensions enable OwnCloud’s core functionality including image thumbnails, database connectivity, file compression, and internationalization support.

Network Requirements

A registered domain name or subdomain pointed to the server IP address improves accessibility and enables SSL certificate installation. While optional for testing, production deployments should always use proper domain names. Firewall configuration must allow inbound traffic on ports 80 (HTTP), 443 (HTTPS), and 22 (SSH for administration).

Static IP addresses prevent connection disruptions and simplify DNS management. Most hosting providers offer static IPs by default, but verify this before beginning installation.

Step 1: Update AlmaLinux 10 System

Keeping the system updated prevents conflicts, ensures security patches are applied, and provides the latest package versions. Start by connecting to the server via SSH and switching to the root user or using sudo for all commands.

Update all installed packages:

sudo dnf update -y

This command refreshes package repositories and upgrades all outdated software. The -y flag automatically confirms update prompts. The process typically takes 2-5 minutes depending on connection speed and the number of updates available.

Check if a reboot is required:

sudo needs-restarting -r

If kernel updates were installed, reboot the system:

sudo reboot

After rebooting, verify the AlmaLinux version:

cat /etc/almalinux-release

Starting with a fully updated system establishes a stable foundation and prevents dependency conflicts during OwnCloud installation.

Step 2: Install Required Dependencies

Several basic utilities are needed for downloading and extracting the OwnCloud package. While many AlmaLinux installations include these tools by default, explicitly installing them ensures availability.

Install wget, tar, and bzip2:

sudo dnf install wget tar bzip2 -y

These utilities serve specific purposes: wget downloads files from URLs, tar handles archive extraction, and bzip2 manages .bz2 compressed files. OwnCloud distributes its software as a tar.bz2 archive, making all three tools necessary.

Verify installation:

wget --version
tar --version

These lightweight packages consume minimal system resources and provide essential functionality for the remaining installation steps.

Step 3: Install and Configure PHP 8

Understanding PHP Version Requirements

OwnCloud requires PHP 7.4 specifically due to compatibility and stability considerations. Newer PHP versions introduce breaking changes that OwnCloud has not yet fully adopted. AlmaLinux 10 ships with PHP 8.3 by default, necessitating the use of third-party repositories to install PHP 7.4.

Adding Remi Repository

The Remi repository provides current versions of PHP and extensions for Enterprise Linux distributions. Install the repository configuration:

sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-10.rpm -y

Update DNF metadata:

sudo dnf update -y

List available PHP modules:

sudo dnf module list php

This displays all PHP versions available from configured repositories.

Installing PHP 7.4

Reset the PHP module to clear any defaults:

sudo dnf module reset php -y

Enable PHP 7.4 from Remi repository:

sudo dnf module enable php:remi-7.4 -y

Install PHP 7.4 with all required extensions:

sudo dnf install php php-cli php-fpm php-mysqlnd php-curl php-gd php-mbstring php-xml php-zip php-intl php-json php-bz2 php-opcache -y

Each extension serves important functions: php-curl enables HTTP requests, php-gd processes images for thumbnails, php-intl provides internationalization support, php-json handles data interchange, php-mbstring manages multibyte character encoding, php-mysqlnd connects to MySQL/MariaDB databases, php-xml parses XML configurations, and php-zip compresses and extracts archives.

Configuring PHP-FPM

Start and enable PHP-FPM to run on boot:

sudo systemctl start php-fpm
sudo systemctl enable php-fpm

Verify PHP version:

php -v

The output should display PHP 7.4.x. PHP-FPM (FastCGI Process Manager) efficiently handles PHP requests, processing multiple concurrent requests with minimal resource consumption.

Check PHP-FPM status:

sudo systemctl status php-fpm

An “active (running)” status indicates successful configuration.

Step 4: Install and Configure Nginx Web Server

Installing Nginx

Nginx provides exceptional performance for serving OwnCloud, handling both static files and PHP processing efficiently. Install Nginx from AlmaLinux repositories:

sudo dnf install nginx -y

Start and enable Nginx:

sudo systemctl start nginx
sudo systemctl enable nginx

Verify Nginx is running:

sudo systemctl status nginx

Test web server accessibility by visiting http://your-server-ip in a browser. The default Nginx welcome page confirms successful installation.

Creating Virtual Host Configuration

Navigate to the Nginx configuration directory:

cd /etc/nginx/conf.d

Create a dedicated configuration file for OwnCloud:

sudo nano owncloud.conf

Add the following configuration, replacing yourdomain.com with your actual domain:

upstream php-handler {
    server unix:/run/php-fpm/www.sock;
}

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    
    root /var/www/html/yourdomain.com;
    index index.php index.html;
    
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;
    
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_types application/atom+xml application/javascript application/json text/css text/plain text/xml;
    
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
    
    location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
    }
    
    location = /.well-known/caldav {
        return 301 $scheme://$host/remote.php/dav;
    }
    
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
    
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }
    
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }
    
    location ~ \.php(?:$|/) {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }
    
    location ~* \.(?:css|js|woff2?|svg|gif|map)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463";
        access_log off;
    }
    
    error_log /var/log/nginx/owncloud_error.log;
    access_log /var/log/nginx/owncloud_access.log;
}

This configuration includes several critical elements. The upstream block defines PHP-FPM’s Unix socket for processing PHP files. The client_max_body_size directive allows file uploads up to 512MB. Gzip compression reduces bandwidth usage and improves page load times.

Security directives block access to sensitive directories like config, data, and lib. The PHP location block properly handles PHP file execution through PHP-FPM. Static file caching improves performance for frequently accessed resources.

Test Nginx configuration syntax:

sudo nginx -t

A successful test shows “syntax is ok” and “test is successful.” Restart Nginx to apply changes:

sudo systemctl restart nginx

Step 5: Install and Configure MariaDB Database

Installing MariaDB Server

OwnCloud supports multiple database backends including MySQL, MariaDB, PostgreSQL, and Oracle. MariaDB offers excellent performance, proven stability, and strong compatibility with OwnCloud. SQLite is available but not recommended for production due to performance limitations.

Install MariaDB 10.11:

sudo dnf install mariadb-server -y

Start and enable MariaDB:

sudo systemctl start mariadb
sudo systemctl enable mariadb

Verify MariaDB status:

sudo systemctl status mariadb

Securing MariaDB Installation

Run the security script to harden the installation:

sudo mysql_secure_installation

Follow the prompts:

  • Enter current root password (press Enter if none set)
  • Set root password (choose a strong password)
  • Remove anonymous users (Y)
  • Disallow root login remotely (Y)
  • Remove test database (Y)
  • Reload privilege tables (Y)

These security measures prevent unauthorized access and eliminate unnecessary test accounts.

Creating OwnCloud Database

Log into MariaDB as root:

sudo mysql -u root -p

Enter the root password when prompted. Create a dedicated database:

CREATE DATABASE owncloud_db;

Create a database user with a strong password:

CREATE USER 'owncloud_user'@'localhost' IDENTIFIED BY 'your_strong_password_here';

Replace your_strong_password_here with a complex password containing uppercase, lowercase, numbers, and special characters. Grant all privileges:

GRANT ALL PRIVILEGES ON owncloud_db.* TO 'owncloud_user'@'localhost';

Flush privileges to ensure changes take effect:

FLUSH PRIVILEGES;

Exit the database shell:

EXIT;

Database credentials will be needed during OwnCloud’s web-based installation. Document these securely: database name (owncloud_db), username (owncloud_user), password, and host (localhost).

Step 6: Download and Extract OwnCloud

Create the document root directory:

sudo mkdir -p /var/www/html/yourdomain.com

Navigate to the parent directory:

cd /var/www/html

Download the latest stable OwnCloud release:

sudo wget https://download.owncloud.com/server/stable/owncloud-complete-latest.tar.bz2

This downloads the complete OwnCloud package including all dependencies. The file size is approximately 50-60MB depending on the version.

Extract the archive directly into the document root:

sudo tar -xjf owncloud-complete-latest.tar.bz2 -C yourdomain.com --strip-components=1

The --strip-components=1 flag removes the top-level directory from the archive, extracting files directly into the target directory. Set proper ownership:

sudo chown -R nginx:nginx /var/www/html/yourdomain.com

If using Apache instead of Nginx, replace nginx:nginx with apache:apache. Configure directory permissions:

sudo chmod -R 755 /var/www/html/yourdomain.com

These permissions allow the web server to read and execute files while preventing unauthorized modifications. The data directory will require write permissions, which OwnCloud handles during installation.

Remove the downloaded archive:

sudo rm owncloud-complete-latest.tar.bz2

Step 7: Configure Firewall Rules

AlmaLinux 10 uses firewalld by default for firewall management. Web access requires opening HTTP and HTTPS ports.

Check firewalld status:

sudo systemctl status firewalld

If inactive, start and enable it:

sudo systemctl start firewalld
sudo systemctl enable firewalld

Add HTTP and HTTPS services permanently:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https

Reload firewall to apply rules:

sudo firewall-cmd --reload

Verify active rules:

sudo firewall-cmd --list-all

The output should show http and https in the services list. These rules allow inbound connections on ports 80 and 443, enabling web browser access to OwnCloud.

For enhanced security, consider restricting SSH access to specific IP addresses or implementing fail2ban to prevent brute force attacks. Production environments should implement network-level security through cloud provider security groups or hardware firewalls.

Step 8: Configure SELinux (Security-Enhanced Linux)

SELinux provides mandatory access control, adding an additional security layer beyond standard permissions. AlmaLinux enables SELinux by default in enforcing mode.

Check SELinux status:

sestatus

Recommended Approach: Configure SELinux

Rather than disabling SELinux, configure it to allow required OwnCloud operations. Set the httpd_unified boolean:

sudo setsebool -P httpd_unified 1

This allows httpd (web server processes) to read and write to all directories labeled as httpd content. Set the correct SELinux context for OwnCloud directories:

sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/yourdomain.com/data(/.*)?"
sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/yourdomain.com/config(/.*)?"
sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/yourdomain.com/apps(/.*)?"
sudo restorecon -Rv /var/www/html/yourdomain.com

These commands grant write permissions to critical directories while maintaining SELinux protection.

Alternative Approach: Disable SELinux (Not Recommended)

For testing environments only, SELinux can be temporarily disabled:

sudo setenforce 0

To permanently disable SELinux, edit the configuration file:

sudo nano /etc/selinux/config

Change SELINUX=enforcing to SELINUX=disabled, then reboot. Production environments should never disable SELinux as it significantly reduces security.

Step 9: Complete Web-Based Installation

Access OwnCloud through a web browser by navigating to http://yourdomain.com or http://your-server-ip. The installation wizard appears automatically on first access.

Install OwnCloud on AlmaLinux 10

Creating Admin Account

Enter the desired administrative username and password in the top section. Avoid common usernames like “admin” or “administrator” for improved security. Create a strong password containing at least 12 characters with mixed case, numbers, and special characters.

The admin account has full system privileges including user management, app installation, and system configuration. Protect these credentials carefully.

Configuring Storage and Database

Click “Storage & Database” to expand the database configuration section. The default SQLite option works for testing but production deployments require MySQL/MariaDB for better performance and concurrent user support.

Select MySQL/MariaDB from the database options. Enter the database credentials created earlier:

  • Database user: owncloud_user
  • Database password: (the password set in Step 5)
  • Database name: owncloud_db
  • Database host: localhost

Leave the database host as “localhost” since MariaDB runs on the same server. External database servers require the appropriate hostname or IP address.

The data folder determines where user files are stored. The default location inside the web root works but storing data outside the web directory improves security. For now, accept the default.

Finishing Setup

Click “Finish Setup” to begin installation. The process takes 1-2 minutes while OwnCloud:

  • Creates database tables
  • Configures initial settings
  • Sets up the admin account
  • Prepares the file system

After completion, the login screen appears. Enter admin credentials to access the OwnCloud dashboard. The interface displays the main file management area, navigation menu, and user settings.

First login may show tips and welcome messages. Explore the interface to familiarize yourself with file operations, sharing options, and settings panels.

Install OwnCloud on AlmaLinux 10

Step 10: Secure OwnCloud with SSL/TLS Certificate

HTTPS encryption is mandatory for production OwnCloud deployments. Unencrypted HTTP transmits passwords, files, and session cookies in plain text, exposing them to interception.

Option 1: Using Let’s Encrypt (Recommended)

Let’s Encrypt provides free, automated SSL certificates trusted by all major browsers. Install Certbot:

sudo dnf install certbot python3-certbot-nginx -y

Obtain and install a certificate:

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Certbot prompts for an email address and agreement to terms of service. Choose whether to redirect HTTP to HTTPS (recommended: select redirect).

Certbot automatically:

  • Validates domain ownership
  • Obtains the SSL certificate
  • Modifies Nginx configuration
  • Configures HTTPS

Test automatic renewal:

sudo certbot renew --dry-run

Let’s Encrypt certificates expire after 90 days. Certbot installs a systemd timer that automatically renews certificates before expiration.

Option 2: Self-Signed Certificate

Self-signed certificates work for testing or internal networks but generate browser warnings. Create a self-signed certificate:

sudo mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/owncloud.key -out /etc/nginx/ssl/owncloud.crt

Answer the prompts with appropriate information. Edit the Nginx configuration to enable SSL:

sudo nano /etc/nginx/conf.d/owncloud.conf

Add an SSL server block:

server {
    listen 443 ssl http2;
    server_name yourdomain.com;
    
    ssl_certificate /etc/nginx/ssl/owncloud.crt;
    ssl_certificate_key /etc/nginx/ssl/owncloud.key;
    
    # ... (rest of configuration from Step 4)
}

Add HTTP to HTTPS redirect:

server {
    listen 80;
    server_name yourdomain.com;
    return 301 https://$server_name$request_uri;
}

Restart Nginx:

sudo systemctl restart nginx

Enforcing HTTPS

Update OwnCloud’s config.php to force HTTPS:

sudo nano /var/www/html/yourdomain.com/config/config.php

Add this line inside the array:

'forcessl' => true,

This redirects all HTTP requests to HTTPS at the application level, ensuring encrypted connections.

Step 11: Post-Installation Configuration and Optimization

Adjusting PHP Settings

Optimize PHP for better OwnCloud performance. Edit php.ini:

sudo nano /etc/php.ini

Modify these directives:

memory_limit = 512M
upload_max_filesize = 512M
post_max_size = 512M
max_execution_time = 300
max_input_time = 300
date.timezone = Asia/Jakarta

Adjust the timezone to match your location. These settings accommodate large file uploads and complex operations.

Restart PHP-FPM:

sudo systemctl restart php-fpm

Configuring OwnCloud Settings

Edit OwnCloud’s configuration file:

sudo nano /var/www/html/yourdomain.com/config/config.php

Add trusted domains:

'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => 'yourdomain.com',
    2 => 'www.yourdomain.com',
    3 => '123.45.67.89',
  ),

Replace the IP address with your server’s actual IP. This prevents host header poisoning attacks.

Setting Up Cron Jobs

Background jobs handle maintenance tasks like file scanning and notification delivery. OwnCloud supports three methods: AJAX (default), Webcron, and Cron. Cron provides the best performance.

Add a crontab entry for the nginx user:

sudo crontab -u nginx -e

Add this line:

*/5 * * * * php -f /var/www/html/yourdomain.com/cron.php

This executes cron.php every 5 minutes. In OwnCloud admin settings (Settings > Admin > Basic settings), select “Cron” as the background jobs method.

Performance Optimization

Enable OPcache by verifying it’s active:

php -i | grep opcache

For additional performance, install Redis for memory caching:

sudo dnf install redis php-redis -y
sudo systemctl start redis
sudo systemctl enable redis

Configure OwnCloud to use Redis by adding to config.php:

'memcache.local' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => [
    'host' => 'localhost',
    'port' => 6379,
],

Redis dramatically improves performance for installations with multiple concurrent users.

Backup Strategy

Implement regular backups to prevent data loss. Critical items to backup:

  • Data directory: /var/www/html/yourdomain.com/data
  • Configuration: /var/www/html/yourdomain.com/config/config.php
  • Database: Use mysqldump for MariaDB backups

Create a simple backup script:

#!/bin/bash
BACKUP_DIR="/backup/owncloud"
DATE=$(date +%Y%m%d)
mysqldump -u root -p owncloud_db > $BACKUP_DIR/db-$DATE.sql
tar -czf $BACKUP_DIR/data-$DATE.tar.gz /var/www/html/yourdomain.com/data

Schedule this script via cron for automatic daily backups.

Step 12: Testing OwnCloud Installation

Basic Functionality Tests

Log into OwnCloud and test core features. Upload files of various types—documents, images, videos—to verify upload functionality. Create folders to organize files and test the drag-and-drop interface.

Test file sharing by creating a share link for a test file. Open the link in an incognito browser window to verify public access works correctly. Test password-protected shares and expiration dates.

Download files to confirm download functionality operates properly. Check that file previews generate correctly for images and documents.

User Management Testing

Navigate to Settings > Admin > Users to create additional user accounts. Add a test user with specific storage quota limits. Log out from the admin account and log in as the test user to verify quota enforcement and permission restrictions.

Confirm that regular users cannot access administrative functions. Test group creation and assignment for managing permissions across multiple users.

Mobile and Desktop Client Testing

OwnCloud provides desktop synchronization clients for Windows, macOS, and Linux. Mobile applications are available for iOS and Android. Download the appropriate client from OwnCloud’s website or app stores.

Configure the desktop client by entering the server URL and user credentials. Select folders for synchronization and verify that files sync bidirectionally between the server and client. Test that changes made on the server appear on the client and vice versa.

Mobile clients enable file access, uploads, and automatic photo backups. Test uploading photos from a mobile device to ensure mobile connectivity works correctly.

Performance Verification

Monitor server resource usage during typical operations. Use htop or top to observe CPU and memory consumption. Normal operations should maintain CPU usage below 30% and memory usage below 70% of available resources.

Check page load times—the interface should load within 2-3 seconds on reasonably fast connections. Slow performance may indicate insufficient resources, misconfiguration, or missing optimization settings.

Review log files for errors or warnings:

sudo tail -f /var/www/html/yourdomain.com/data/owncloud.log

Logs help identify issues before they impact users.

Troubleshooting Common Issues

Permission Errors

Symptoms include “Permission denied” errors when uploading files or “Cannot write to data directory” messages. Verify ownership of OwnCloud directories:

sudo chown -R nginx:nginx /var/www/html/yourdomain.com

Check directory permissions:

sudo chmod -R 755 /var/www/html/yourdomain.com
sudo chmod -R 770 /var/www/html/yourdomain.com/data

If SELinux is enabled, verify correct contexts:

sudo restorecon -Rv /var/www/html/yourdomain.com

Database Connection Errors

“Failed to connect to database” errors indicate database credential problems. Verify credentials in config.php match those created during database setup. Confirm MariaDB is running:

sudo systemctl status mariadb

Test database connectivity:

mysql -u owncloud_user -p owncloud_db

If connection fails, verify user privileges:

SHOW GRANTS FOR 'owncloud_user'@'localhost';

The user needs all privileges on the OwnCloud database.

PHP Version Conflicts

OwnCloud reports “PHP version not supported” if the wrong PHP version is active. Verify PHP 7.4 is installed and active:

php -v

If the wrong version appears, ensure the PHP 7.4 module is enabled:

sudo dnf module list php
sudo dnf module enable php:remi-7.4 -y

Check that all required PHP extensions are present:

php -m

Missing extensions cause various errors. Install any missing packages and restart PHP-FPM.

File Upload Issues

Large file uploads fail when PHP or Nginx limits are too restrictive. Increase limits in php.ini (see Step 11) and verify the Nginx configuration includes:

client_max_body_size 512M;

Restart both services after changes. Check available disk space:

df -h

Insufficient disk space prevents uploads regardless of configuration settings.

SSL/HTTPS Problems

Browser certificate warnings occur with self-signed certificates or expired Let’s Encrypt certificates. Verify certificate validity:

sudo certbot certificates

Renew certificates if expired:

sudo certbot renew

Check that Nginx SSL configuration includes valid certificate paths. Test HTTPS configuration:

sudo nginx -t

Ensure port 443 is open in the firewall and not blocked by network security groups.

Security Best Practices

Implement two-factor authentication through OwnCloud’s app store. Navigate to Settings > Admin > Apps, enable the Two-Factor TOTP app, and require 2FA for admin accounts minimally.

Configure automatic security updates for AlmaLinux:

sudo dnf install dnf-automatic -y
sudo systemctl enable --now dnf-automatic.timer

Edit /etc/dnf/automatic.conf and set apply_updates = yes to automatically install security patches.

Enforce strong password policies through OwnCloud admin settings. Require minimum password lengths, complexity requirements, and regular password changes for sensitive environments.

Restrict administrative access by IP address when possible. Edit Nginx configuration to add IP restrictions to sensitive paths:

location /settings/admin {
    allow 123.45.67.89;
    deny all;
}

Enable OwnCloud’s built-in security features including file encryption at rest and brute force protection. Configure these in admin settings under Security sections.

Implement regular log monitoring. Set up automated alerts for suspicious activities like multiple failed login attempts, unusual file access patterns, or configuration changes.

Keep OwnCloud updated to the latest stable version. Subscribe to OwnCloud’s security mailing list to receive notifications about vulnerabilities and patches. Apply updates promptly after testing in non-production environments.

Implement comprehensive backup procedures covering both data and configuration files. Test restoration procedures regularly to ensure backups are valid and complete. Store backups off-site or in separate cloud storage for disaster recovery.

Configure fail2ban to prevent brute force attacks against OwnCloud’s login interface. Create custom filters matching OwnCloud’s log format and ban IPs after repeated failed attempts.

Use dedicated domains or subdomains for OwnCloud rather than sharing domains with other applications. This isolation limits the impact of potential vulnerabilities in other software.

Harden the database by disabling remote access if the database runs on the same server. Remove unnecessary database users and limit privileges to only what OwnCloud requires.

Review and disable dangerous PHP functions in php.ini:

disable_functions = exec,passthru,shell_exec,system,proc_open,popen

Balance security with functionality—some OwnCloud features may require specific PHP functions.

Congratulations! You have successfully installed OwnCloud. Thanks for using this tutorial for installing OwnCloud open-source software platform for self-hosted on your AlmaLinux OS 10 system. For additional help or useful information, we recommend you check the official OwnCloud website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Back to top button