Installing ownCloud 9 on CentOS 7
-
I've got 1 vCPU and 2GB of RAM right now. Will increase if needed but rather doubt it. The database is external so uses no local resources. 200GB on /data which is XFS on LVM separate from the main install. PHP 7 with the memcache. Nothing fancy other than those minor changes.
-
@scottalanmiller said:
I've got 1 vCPU and 2GB of RAM right now. Will increase if needed but rather doubt it. The database is external so uses no local resources. 200GB on /data which is XFS on LVM separate from the main install. PHP 7 with the memcache. Nothing fancy other than those minor changes.
I need to look at how to setup the partitioning manually during install because I don't want to go back to the Hypervisor later to add the drive. But I guess it is really jsut as easy to install, boot, shut down, and then add it.. then boot up, yum update, then add the drive
-
@JaredBusch said:
@scottalanmiller said:
I've got 1 vCPU and 2GB of RAM right now. Will increase if needed but rather doubt it. The database is external so uses no local resources. 200GB on /data which is XFS on LVM separate from the main install. PHP 7 with the memcache. Nothing fancy other than those minor changes.
I need to look at how to setup the partitioning manually during install because I don't want to go back to the Hypervisor later to add the drive. But I guess it is really jsut as easy to install, boot, shut down, and then add it.. then boot up, yum update, then add the drive
I add the drive at VM creation time (clone template, add drive, spin up.) The second drive is /dev/vdb for me, not a partition. I like this because I can control is separately from the hypervisor (all the data is on the one) and also because the base template is always identical - I know how big the root volume is going to be across the estate. Adding the second drive I use the commands from the other post that I did and it mounts it in seconds, so the extra step is trivial as long as you want a similar format. And choosing a different filesystem or naming convention or mount point is trivial.
-
@scottalanmiller said:
@JaredBusch said:
@scottalanmiller said:
I've got 1 vCPU and 2GB of RAM right now. Will increase if needed but rather doubt it. The database is external so uses no local resources. 200GB on /data which is XFS on LVM separate from the main install. PHP 7 with the memcache. Nothing fancy other than those minor changes.
I need to look at how to setup the partitioning manually during install because I don't want to go back to the Hypervisor later to add the drive. But I guess it is really jsut as easy to install, boot, shut down, and then add it.. then boot up, yum update, then add the drive
I add the drive at VM creation time (clone template, add drive, spin up.) The second drive is /dev/vdb for me, not a partition. I like this because I can control is separately from the hypervisor (all the data is on the one) and also because the base template is always identical - I know how big the root volume is going to be across the estate. Adding the second drive I use the commands from the other post that I did and it mounts it in seconds, so the extra step is trivial as long as you want a similar format. And choosing a different filesystem or naming convention or mount point is trivial.
I understand that, but I am not generally replicating. I am setting something up on a new site for a different client. There is nothing to replicate from. So it is a matter of setting up the process to handle it each time.
-
Any good ML documentation on best practices for securing your OwnCloud server?
-
@wirestyle22 said:
Any good ML documentation on best practices for securing your OwnCloud server?
- Use
fail2ban
- Good password security on any account with admin access
- Always keep things updated (php, apache, etc.)
- Disallow
http
- maintain a valid SSL certificate
- Do not allow any port except 443 to hit the server from the public internet.
- Use
-
@JaredBusch said:
@wirestyle22 said:
Any good ML documentation on best practices for securing your OwnCloud server?
- Use
fail2ban
- Good password security on any account with admin access
- Always keep things updated (php, apache, etc.)
- Disallow
http
- maintain a valid SSL certificate
- Do not allow any port except 443 to hit the server from the public internet.
Thanks Jared!
- Use
-
@wirestyle22 you can look at my 8.2 thread where I actually go over everything in detail. I do need to clean it up though and redo it for PHP 7 and ownCloud 9
-
@JaredBusch said:
@wirestyle22 you can look at my 8.2 thread where I actually go over everything in detail. I do need to clean it up though and redo it for PHP 7 and ownCloud 9
I read it. I took note of your comment on some of the documentation not being great so I figured I'd ask if there were any updates etc. Appreciate the help. Great info in your posts too.
-
@wirestyle22 said:
@JaredBusch said:
@wirestyle22 you can look at my 8.2 thread where I actually go over everything in detail. I do need to clean it up though and redo it for PHP 7 and ownCloud 9
I read it. I took note of your comment on some of the documentation not being great so I figured I'd ask if there were any updates etc. Appreciate the help. Great info in your posts too.
it is all good and all the issues have been worked out. but you do have to go top to bottom of the post to get there
oh and one thing i neglected above
- do not disable SELinux
-
@JaredBusch said:
@wirestyle22 said:
@JaredBusch said:
@wirestyle22 you can look at my 8.2 thread where I actually go over everything in detail. I do need to clean it up though and redo it for PHP 7 and ownCloud 9
I read it. I took note of your comment on some of the documentation not being great so I figured I'd ask if there were any updates etc. Appreciate the help. Great info in your posts too.
it is all good and all the issues have been worked out. but you do have to go top to bottom of the post to get there
oh and one thing i neglected above
- do not disable SELinux
I'm currently running a test server just to show my boss what it's like but I will make a note of that. A lot of the guides tell you do that so I'm glad you said something. Appreciate it!
-
@JaredBusch said:
@wirestyle22 said:
@JaredBusch said:
@wirestyle22 you can look at my 8.2 thread where I actually go over everything in detail. I do need to clean it up though and redo it for PHP 7 and ownCloud 9
I read it. I took note of your comment on some of the documentation not being great so I figured I'd ask if there were any updates etc. Appreciate the help. Great info in your posts too.
it is all good and all the issues have been worked out. but you do have to go top to bottom of the post to get there
oh and one thing i neglected above
- do not disable SELinux
Oh and I'm running this on a Vultr VM. I assume I'll migrate a month before it goes live so I don't have to deal with bandwidth limitations?
-
@wirestyle22 said:
@JaredBusch said:
@wirestyle22 said:
@JaredBusch said:
@wirestyle22 you can look at my 8.2 thread where I actually go over everything in detail. I do need to clean it up though and redo it for PHP 7 and ownCloud 9
I read it. I took note of your comment on some of the documentation not being great so I figured I'd ask if there were any updates etc. Appreciate the help. Great info in your posts too.
it is all good and all the issues have been worked out. but you do have to go top to bottom of the post to get there
oh and one thing i neglected above
- do not disable SELinux
I'm currently running a test server just to show my boss what it's like but I will make a note of that. A lot of the guides tell you do that so I'm glad you said something. Appreciate it!
For a demo, that is fine. But just know that there is no reason it must be disabled for production. There are only a few pieces that have to be modified to make it work right.
-
With this server being encrypted are files that are being shared with a password considered secure encrypted files? In the same vein as O365 etc? Is this a viable alternative to using encrypted e-mail?
-
@wirestyle22 said:
With this server being encrypted are files that are being shared with a password considered secure encrypted files? In the same vein as O365 etc? Is this a viable alternative to using encrypted e-mail?
Whether or not they are considered secure sorely depends on the entity doing the considering.
If you ask me, then the answer to all of that is yes it is.
-
@JaredBusch said:
@wirestyle22 said:
With this server being encrypted are files that are being shared with a password considered secure encrypted files? In the same vein as O365 etc? Is this a viable alternative to using encrypted e-mail?
Whether or not they are considered secure sorely depends on the entity doing the considering.
If you ask me, then the answer to all of that is yes it is.
I love you so much right now. You have no idea. Thanks!
-
@wirestyle22 said:
@JaredBusch said:
@wirestyle22 said:
With this server being encrypted are files that are being shared with a password considered secure encrypted files? In the same vein as O365 etc? Is this a viable alternative to using encrypted e-mail?
Whether or not they are considered secure sorely depends on the entity doing the considering.
If you ask me, then the answer to all of that is yes it is.
I love you so much right now. You have no idea. Thanks!
If your file system is encrypted, then the data is encrypted at rest.
You are using SSL only, so the data in transit is encrypted.
There are no other pieces involved that you have control over to be encrypted. -
@JaredBusch said:
@wirestyle22 said:
@JaredBusch said:
@wirestyle22 said:
With this server being encrypted are files that are being shared with a password considered secure encrypted files? In the same vein as O365 etc? Is this a viable alternative to using encrypted e-mail?
Whether or not they are considered secure sorely depends on the entity doing the considering.
If you ask me, then the answer to all of that is yes it is.
I love you so much right now. You have no idea. Thanks!
If your file system is encrypted, then the data is encrypted at rest.
You are using SSL only, so the data in transit is encrypted.
There are no other pieces involved that you have control over to be encrypted.Appreciate all of the info and your help!
-
You can also encrypt the block device under the filesystem, which could be encrypted SAN or encrypted SAS drives or what have you.
-
Do you have to use a Sync folder to Sync with the oC server using the oC client? The reason I ask(which may be the wrong thought process) is I don't want any of the files in my oC server to be saved locally permanently. I'd want the file to be downloaded to access and then once the changes are made and it sync's with the server I'd like it to be deleted. Is this possible? Am I thinking about this incorrectly?