Manual Installation on Linux

Install the Required Packages

When Are Stable Channel Packages Updated?

Packages in the supported distributions’ stable channels are not immediately updated following a release. This is because we need to make sure that the release is sufficiently stable, as many people use automatic updates. By waiting a number of business days after a tarball has been released, we are able to make this assessment, based on a number of criteria which include the submitted bug reports from systems administrators.

On Ubuntu 18.04 LTS Server

On a machine running a pristine Ubuntu 18.04 LTS server, install the required and recommended modules for a typical ownCloud installation, using Apache and MariaDB, by issuing the following commands in a terminal:

sudo apt-get install -y apache2 mariadb-server libapache2-mod-php7.2 \
    openssl php-imagick php7.2-common php7.2-curl php7.2-gd \
    php7.2-imap php7.2-intl php7.2-json php7.2-ldap php7.2-mbstring \
    php7.2-mysql php7.2-pgsql php-smbclient php-ssh2 \
    php7.2-sqlite3 php7.2-xml php7.2-zip

If the add-apt-repository command is not available install software-properties-common using the following two commands:

sudo add-apt-repository ppa:ondrej/php
sudo apt-get update

Please note:

  • php7.2-common provides: ftp, Phar, posix, iconv, ctype

  • The Hash extension is available from PHP 5.1.2 by default

  • php7.2-xml provides DOM, SimpleXML, XML, & XMLWriter

  • php7.2-zip provides zlib

Installing smbclient

To install smbclient, you can use the following script. It first installs PEAR, which at the time of writing only installs version 1.9.4. However, smbclient requires version 1.9.5. So the final two commands upgrade PEAR to version 1.9.5 and then install smbclient using Pecl.

#!/usr/bin/expect
spawn wget -O /tmp/go-pear.phar http://pear.php.net/go-pear.phar
expect eof

spawn php /tmp/go-pear.phar

expect "1-11, 'all' or Enter to continue:"
send "\r"
expect eof

spawn rm /tmp/go-pear.phar

pear install PEAR-1.9.5
pecl install smbclient

Installing ssh2

To install ssh2, which provides sftp, you can use the following command:

sudo spawn pecl install ssh2

Running Additional Apps?

If you are planning on running additional apps, keep in mind that you might require additional packages. See the prerequisites list for details.

During the installation of the MySQL/MariaDB server, you will be prompted to create a root password. Be sure to remember your password as you will need it during ownCloud database setup.

Additional Extensions

sudo apt-get install -y php-apcu php-redis redis-server php7.2-ldap

RHEL (RedHat Enterprise Linux) 7.2

Required Extensions

# Enable the RHEL Server 7 repository
sudo subscription-manager repos --enable rhel-server-rhscl-7-eus-rpms

# Install the required packages
sudo yum install httpd mariadb-server php72 php72-php \
    php72-php-gd php72-php-mbstring php72-php-mysqlnd

Optional Extensions

sudo yum install -y epel-release http://rpms.remirepo.net/enterprise/remi-release-7.rpm yum-utils \
  && sudo yum-config-manager --enable remi-php72 \
  && sudo yum update -y \
  && sudo yum install -y php72-pecl-apcu \
    redis php72-php-pecl-redis php72-php-ldap \
    mariadb-server mariadb

CentOS 7

sudo yum install -y -q epel-release http://rpms.remirepo.net/enterprise/remi-release-7.rpm yum-utils \
  && sudo yum-config-manager --enable remi-php72 \
  && sudo yum update -y -q \
  && sudo yum install -y -q \
    httpd mariadb-server php72 php72-php php72-php-gd \
    php72-php-mbstring php72-php-mysqlnd php72-php-cli \
    php72-pecl-apcu redis php72-php-pecl-redis php72-php-common \
    php72-php-ldap mariadb-server mariadb \
  && sudo scl enable php72 bash

SLES (SUSE Linux Enterprise Server) 12

Required Extensions

sudo zypper install -y apache2 apache2-mod_php7 php7-gd php7-openssl \
    php7-json php7-curl php7-intl php7-sodium php7-zip php7-zlib

Optional Extensions

sudo zypper install -y php7-ldap
APCu

We are not aware of any officially supported APCu package for SLES 12. However, if you want or need to install it, then we suggest the following steps:

wget http://download.opensuse.org/repositories/server:/php:/extensions/SLE_12_SP1/ server:php:extensions.repo -O /etc/zypp/repos.d/memcached.repo
zypper refresh
zypper install php5-APCu
Redis

The latest versions of Redis servers have shown to be incompatible with SLES 12. Therefore it is currently recommended to download and install version 2.2.7 or a previous release from: https://pecl.php.net/package/redis. Keep in mind that version 2.2.5 is the minimum version which ownCloud supports.

If you want or need to install it, we suggest the following steps:

zypper refresh
zypper install -y php7-redis

Install ownCloud

Now download the archive of the latest ownCloud version:

  • Go to the ownCloud Download Page.

  • Go to Download ownCloud Server > Download > Archive file for server owners and download either the tar.bz2 or .zip archive.

  • This downloads a file named owncloud-x.y.z.tar.bz2 or owncloud-x.y.z.zip (where x.y.z is the version number).

  • Download its corresponding checksum file, e.g. owncloud-x.y.z.tar.bz2.md5, or owncloud-x.y.z.tar.bz2.sha256.

  • Verify the MD5 or SHA256 sum:

    md5sum -c owncloud-x.y.z.tar.bz2.md5 < owncloud-x.y.z.tar.bz2
    sha256sum -c owncloud-x.y.z.tar.bz2.sha256 < owncloud-x.y.z.tar.bz2
    md5sum  -c owncloud-x.y.z.zip.md5 < owncloud-x.y.z.zip
    sha256sum  -c owncloud-x.y.z.zip.sha256 < owncloud-x.y.z.zip
  • You may also verify the PGP signature:

    wget https://download.owncloud.org/community/owncloud-x.y.z.tar.bz2.asc
    wget https://owncloud.org/owncloud.asc
    gpg --import owncloud.asc
    gpg --verify owncloud-x.y.z.tar.bz2.asc owncloud-x.y.z.tar.bz2
  • Now you can extract the archive contents. Run the appropriate unpacking command for your archive type:

    tar -xjf owncloud-x.y.z.tar.bz2
    unzip owncloud-x.y.z.zip
  • This unpacks to a single owncloud directory. Copy the ownCloud directory to its final destination. When you are running the Apache HTTP server, you may safely install ownCloud in your Apache document root:

    cp -r owncloud /path/to/webserver/document-root

    where /path/to/webserver/document-root is replaced by the document root of your Web server:

    cp -r owncloud /var/www

On other HTTP servers, it is recommended to install ownCloud outside of the document root.

Configure the Web Server

Configure Apache

On Debian, Ubuntu, and their derivatives, Apache installs with a useful configuration, so all you have to do is create an /etc/apache2/sites-available/owncloud.conf file with these lines in it, replacing the Directory and other file paths with your own file paths:

Alias /owncloud "/var/www/owncloud/"

<Directory /var/www/owncloud/>
  Options +FollowSymlinks
  AllowOverride All

 <IfModule mod_dav.c>
  Dav off
 </IfModule>

 SetEnv HOME /var/www/owncloud
 SetEnv HTTP_HOME /var/www/owncloud

</Directory>

Then create a symlink to /etc/apache2/sites-enabled:

ln -s /etc/apache2/sites-available/owncloud.conf /etc/apache2/sites-enabled/owncloud.conf

Additional Apache Configurations

  • For ownCloud to work correctly, we need the module mod_rewrite. Enable it by running: a2enmod rewrite. Additionally recommended modules are mod_headers, mod_env, mod_dir, mod_mime, and mod_unique_id. To enable them, run the following commands:

    a2enmod headers
    a2enmod env
    a2enmod dir
    a2enmod mime
    a2enmod unique_id
If you want to use the OAuth2 app, then mod_headers must be installed and enabled.
  • You must disable any server-configured authentication for ownCloud, as it uses Basic authentication internally for DAV services. If you have turned on authentication on a parent folder (via, e.g., an AuthType Basic directive), you can disable the authentication specifically for the ownCloud entry. Following the above example configuration file, add the following line in the <Directory section

    Satisfy Any
  • When using SSL, take special note of the ServerName. You should specify one in the server configuration, as well as in the CommonName field of the certificate. If you want your ownCloud to be reachable via the internet, then set both of these to the domain you want to reach your ownCloud server.

  • Now restart Apache

    service apache2 restart
  • If you’re running ownCloud in a sub-directory and want to use CalDAV or CardDAV clients make sure you have configured the correct service-discovery-label URLs.

Apache Mod_Unique_Id Configuration

Provides a magic token for each request which is guaranteed to be unique across "all" requests under very specific conditions.

If you enable the module, there is nothing else that you have to do, as ownCloud automatically includes the UNIQUE_ID environment variable, which the module makes available, in ownCloud’s log file.

To confirm that it’s working though, check that the UNIQUE_ID environment variable is being set, by running phpinfo() (as in the screenshot below).

phpinfo() showing that Apache is sending the UNIQUE_ID value from mod_unique_id

Next, compare the value set for UNIQUE_ID in the output of phpinfo() with the value in ownCloud’s log file, to ensure that they’re the same. In the example below, you can see an example log entry, where ownCloud is logging the unique id provided by Apache, as the value for the first key reqId in the record.

{
	"reqId": "XDyankIou@F-GwxW82dx7QAAAAo",
	"level": 3,
	"time": "2019-01-14T14:20:14+00:00",
	"remoteAddr": "127.0.0.1",
	"user": "--",
	"app": "PHP",
	"method": "GET",
	"url": "\/index.php\/apps\/files\/?dir=\/Documents&fileid=26",
	"message": "..."
}

Enable SSL

You can use ownCloud over plain HTTP, but we strongly encourage you to use SSL/TLS to encrypt all of your server traffic, and to protect user’s logins and data in transit.

Apache installed under Ubuntu comes already set-up with a simple self-signed certificate. All you have to do is to enable the ssl module and the default site. Open a terminal and run:

a2enmod ssl
a2ensite default-ssl
service apache2 reload
Self-signed certificates have their drawbacks - especially when you plan to make your ownCloud server publicly accessible. You might want to consider getting a certificate signed by a commercial signing authority. Check with your domain name registrar or hosting service for good deals on commercial certificates.

Multi-Processing Module (MPM)

Apache prefork has to be used. Don’t use a threaded MPM like event or worker with mod_php, because PHP is currently not thread safe.

Configure NGINX

NGINX Unique_Id Configuration

NGINX supports functionality similar to Apache’s mod_unique_id, called Application Tracing. To enable it, please add the following code to the server block of your ownCloud NGINX configuration.

fastcgi_param UNIQUE_ID $request_id;
For more details, please refer to Application Tracing with NGINX and NGINX Plus.

Run the Installation Wizard

After restarting Apache, you must complete your installation by running either the Graphical Installation Wizard or on the command line with the occ command. To enable this, temporarily change the ownership on your ownCloud directories to your HTTP user

Refer to the Set Strong Directory Permissions section to learn how to find your HTTP user):
chown -R www-data:www-data /var/www/owncloud/
Admins of SELinux-enabled distributions may need to write new SELinux rules to complete their ownCloud installation; see the SELinux guide for a suggested configuration.

To use occ refer to the command-line installation details. To use the graphical Installation Wizard refer to the installation_wizard.

Please know that ownCloud’s data directory must be exclusive to ownCloud and not be modified manually by any other process or user.

Set Strong Directory Permissions

After completing the installation, you must immediately set the directory permissions in your ownCloud installation as strictly as possible for stronger security. After you do so, your ownCloud server will be ready to use.

Managing Trusted Domains

All URLs used to access your ownCloud server must be whitelisted in your config.php file, under the trusted_domains setting. Users are allowed to log into ownCloud only when they point their browsers to a URL that is listed in the trusted_domains setting.

This setting is important when changing or moving to a new domain name. You may use IP addresses and domain names.

A typical configuration looks like this:

'trusted_domains' => [
   0 => 'localhost',
   1 => 'server1.example.com',
   2 => '192.168.1.50',
],

The loopback address, 127.0.0.1, is automatically whitelisted, so as long as you have access to the physical server you can always log in. In the event that a load-balancer is in place, there will be no issues as long as it sends the correct X-Forwarded-Host header.

For further information on improving the quality of your ownCloud installation, please see the configuration notes and tips guide.
Admins of SELinux-enabled distributions such as CentOS, Fedora, and Red Hat Enterprise Linux may need to set new rules to enable installing ownCloud. See SELinux for a suggested configuration.

Prerequisites

The ownCloud tar archive contains all of the required third-party PHP libraries. As a result, no extra ones are, strictly, necessary. However, ownCloud does require that PHP has a set of extensions installed, enabled, and configured.

This section lists both the required and optional PHP extensions. If you need further information about a particular extension, please consult the relevant section of the extensions section of the PHP manual.

If you are using a Linux distribution, it should have packages for all the required extensions. You can check the presence of a module by typing php -m | grep -i <module_name>. If you get a result, the module is present.

Required

PHP Version

PHP (5.6+, 7.0, 7.1, & 7.2)

ownCloud recommends the use of PHP 7.2 in new installations. Sites using a version earlier than PHP 7.2 are strongly encouraged to migrate to PHP 7.2.

PHP Extensions

Name Description

Ctype

For character type checking

cURL

Used for aspects of HTTP user authentication

DOM

For operating on XML documents through the DOM API

GD

For creating and manipulating image files in a variety of different image formats, including GIF, PNG, JPEG, WBMP, and XPM.

HASH Message Digest Framework

For working with message digests (hash).

iconv

For working with the iconv character set conversion facility.

intl

Increases language translation performance and fixes sorting of non-ASCII characters

JSON

For working with the JSON data-interchange format.

libxml

This is required for the DOM, libxml, SimpleXML, and XMLWriter extensions to work. It requires that libxml2, version 2.7.0 or higher, is installed.

Multibyte String

For working with multibyte character encoding schemes.

OpenSSL

For symmetric and asymmetric encryption and decryption, PBKDF2, PKCS7, PKCS12, X509 and other crypto operations.

PDO

This is required for the pdo_msql function to work.

Phar

For working with PHP Archives (.phar files).

POSIX

For working with UNIX POSIX functionality.

SimpleXML

For working with XML files as objects.

XMLWriter

For generating streams or files of XML data.

Zip

For reading and writing ZIP compressed archives and the files inside them.

Zlib

For reading and writing gzip (.gz) compressed files.

The Phar, OpenSSL, and cUrl extensions are mandatory if you want to use Make to setup your ownCloud environment, prior to running either the web installation wizard, or the command line installer.

Database Extensions

Name Description

pdo_mysql

For working with MySQL & MariaDB.

pgsql

For working with PostgreSQL. It requires PostgreSQL 9.0 or above.

sqlite

For working with SQLite. It requires SQLite 3 or above. This is, usually, not recommended for performance reasons.

Required For Specific Apps

Name Description

ftp

For working with FTP storage

sftp

For working with SFTP storage

imap

For IMAP integration

ldap

For LDAP integration

smbclient

For SMB/CIFS integration

SMB/Windows Network Drive mounts require the PHP module smbclient version 0.8.0+. See SMB/CIFS.

Optional

Extension Reason

Bzip2

Required for extraction of applications

Fileinfo

Highly recommended, as it enhances file analysis performance

Mcrypt

Increases file encryption performance

OpenSSL

Required for accessing HTTPS resources

imagick

Required for creating and modifying images and preview thumbnails

For Specific Apps

Extension Reason

Exif

For image rotation in the pictures app

GMP

For working with arbitrary-length integers

For Server Performance

For enhanced server performance consider installing one of the following cache extensions:

See Caching Configuration to learn how to select and configure Memcache.

For Preview Generation

For Command Line Processing

Extension Reason

PCNTL

Enables command interruption by pressing ctrl-c

You don’t need the WebDAV module for your Web server (i.e., Apache’s mod_webdav), as ownCloud has a built-in WebDAV server of its own, SabreDAV. If mod_webdav is enabled you must disable it for ownCloud. See the Apache Web Server configuration for an example configuration.

For MySQL/MariaDB

The InnoDB storage engine is required, and MyISAM is not supported, see MySQL / MariaDB storage engine for more information.