Running ownCloud on DirectAdmin server with Nginx and PHP-FPM

If you’re like me, you want the ease of use of a commonly known Control Panel for your own server. We all know how to configure Postfix, Dovecot, MySQL, nginx etc., but when it comes to the day-to-day operating of a server on which you might give out accounts to family members and friends, you just want to click a button to create room for a website and e-mail accounts, give them their username and password and get on with the more fun stuff.

So you have chosen DirectAdmin as your Control Panel, and because you are like me, you have quickly replaced Apache with nginx (if only because it’s what the cool kids use these days) and mod_php with PHP-FPM.

Now you want to do something actually useful with your server, so why not host your very own file storage cloud? In comes ownCloud. ownCloud has been the de-facto “Be your own Dropbox” software for a number of years now and keeps growing in popularity. Unfortunately, getting it to run well on nginx and PHP-FPM can be somewhat of a challenge, and using DirectAdmin can make it even more difficult because of the way configuration files are generated.

So enough with the smalltalk, here are the nitty-gritty details on what steps you need to take to get ownCloud running succesfully on your DirectAdmin nginx server. This guide requires you to have root access to your DirectAdmin server. Well, if you have a well-willing webhost, you might ask them to apply the nginx and php-fpm customizations. But I’m guessing there aren’t that many DirectAdmin webhosts that use nginx and PHP-FPM (yet!).

Subdirectory or subdomain?

First, you’ll need to decide if you’re going to run ownCloud from a subdomain or a subdirectory. In this guide I’ll assume you’ve chosen to run ownCloud on a subdomain, called “owncloud.yourdomain.com”. Ofcourse you’re free to choose to run ownCloud in a subdirectory, but you’ll have to modify the steps in this guide accordingly. If you can, create the subdomain as a new domain in your DirectAdmin account. This helps when you’re going to protect your ownCloud installation with an SSL certificate if you’re not in possession of a wildcard SSL certificate for your domain.

Apply custom httpd settings

In DirectAdmin, go to “Custom HTTPD Configurations” and click on the account you’re planning to use for ownCloud. Add these settings. These settings were taken from the ownCloud documentation for nginx. To get rid of the The "Strict-Transport-Security" header is not configured warning, uncomment the # add_header Strict-Transport-Security line, but pay heed to the warning.

# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this topic first.
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;

# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header
gzip off;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

rewrite ^/.well-known/carddav /remote.php/carddav/ permanent;
rewrite ^/.well-known/caldav /remote.php/caldav/ permanent;

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}

location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
    deny all;
}

location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
}

rewrite ^/remote/(.*) /remote.php last;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

location ~ \.php(?:$|/) {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
    fastcgi_pass unix:/usr/local/php|PHP1_RELEASE|/sockets/|USER|.sock;

    fastcgi_intercept_errors on;
}

# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
    add_header Cache-Control "public, max-age=7200";
    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this topic first.
    # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    # Optional: Don't log access to assets
    access_log off;
}

# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
    access_log off;
}

Customize the PHP-FPM template

In order to get rid of the The test with getenv("PATH") only returns an empty response warning, copy the file /usr/local/directadmin/data/templates/php-fpm.conf to /usr/local/directadmin/data/templates/custom/php-fpm.conf and add the following line:

env[PATH] = /usr/local/bin:/usr/bin:/bin

To get rid of the /dev/urandom is not readable by PHP warning, add /dev/urandom to the OPEN_BASEDIR_PATH variable:

|?OPEN_BASEDIR_PATH=`HOME`/:/tmp/:/var/tmp/:/usr/local/php`PHP_VER`/lib/:/usr/local/php54/lib/:/usr/local/php55/lib/:/usr/local/lib/php/:/dev/urandom|

After doing this, we need to regenerate the config files using ./build rewrite_confs, but we’ll save that for later.

Enable WebDAV HTTP request methods

To enable WebDAV functionality, we must copy /etc/nginx/webapps.conf to /usr/local/directadmin/custombuild/custom/nginx/conf:

mkdir -p /usr/local/directadmin/custombuild/custom/nginx/conf
cp /etc/nginx/webapps.conf /usr/local/directadmin/custombuild/custom/nginx/conf

Now change the following line in the file /usr/local/directadmin/custombuild/custom/nginx/conf/webapps.conf:

if ($request_method !~ ^(GET|HEAD|POST)$ ) {

To:

if ($request_method !~ ^(GET|HEAD|POST|PROPFIND|PROPPATCH|MKCOL|COPY|MOVE|LOCK|UNLOCK)$ ) {

Rewrite the configuration files

After making the above changes, go to /usr/local/directadmin/custombuild and execute the following command:

./build rewrite_confs

Beware: sometimes after the above command, nginx has failed to start up. If that is the case, simply run service nginx restart manually. Once this is done, you should have a fully operational ownCloud installation.