2

Right now I have nginx working with 3 services: 1. My webpage on my.example.com/~ignacio, my Rstudio server on my.example.com/rstudio, and my Shiny sever on my.example.com/shiny.

This is my config file right now:

# Redirect all traffic from port 80 to SSL port
server {
    listen 80;
    return 301 https://$host$request_uri;
}
# Set reverse proxy to port 443
server {
    listen 443 ssl;
   server_name my.example.com;
   ssl_certificate /etc/letsencrypt/live/my.example.com/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/my.example.com/privkey.pem;
   ssl_protocols TLSv1.2;
   ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY13$
   ssl_prefer_server_ciphers on;

    index index.php index.html index.htm;

    # PHP in home directory
    location ~ ^/~(.+?)(/.*\.php)(.*)$ {
      alias /home/$1/public_html;

      try_files $2 =404;
      fastcgi_split_path_info ^(.+\.php)(.*)$;
      fastcgi_pass unix:/var/run/php5-fpm.sock;
      fastcgi_index index.php;
      fastcgi_intercept_errors on;
      include fastcgi_params;

      fastcgi_param SCRIPT_NAME /~$1$fastcgi_script_name;
    }

    # Home directories
    location ~ ^/~(.+?)(/.*)?$ {
      alias /home/$1/public_html$2;
    }


    location /shiny/ {
        rewrite ^/shiny/(.*)$ /$1 break;
        proxy_pass http://127.0.0.1:3838;
        proxy_redirect http://127.0.0.1:3838/ https://$host/shiny/;
        auth_basic "Username and Password are required";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }

    location /rstudio/ {
        proxy_pass http://127.0.0.1:8787/;
    }

}

Now I'm trying to install owncloud following this tutorial. I have to change my nginx config file to add owncloud on my.example.com/owncloud, but i'm not sure exactly how (and I would really rather not break what I have working now)

What should I have in my config file to have everything working?

This is what I have right now after trying to add owncloud:

    upstream php-handler {
      server unix:/run/php/php7.0-fpm.sock;
    }

    # Redirect all traffic from port 80 to SSL port
    server {
        listen 80;
        return 301 https://$host$request_uri;
    }
    # Set reverse proxy to port 443
    server {
        listen 443 ssl;
       server_name my.example.com;
       ssl_certificate /etc/letsencrypt/live/my.example.com/fullchain.pem;
       ssl_certificate_key /etc/letsencrypt/live/my.example.com/privkey.pem;
       ssl_protocols TLSv1.2;
       ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
       ssl_prefer_server_ciphers on;
       # Add headers to serve security related headers
       add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
       add_header X-Content-Type-Options nosniff;
       add_header X-Frame-Options "SAMEORIGIN";
       add_header X-XSS-Protection "1; mode=block";
       add_header X-Robots-Tag none;
       add_header X-Download-Options noopen;
       add_header X-Permitted-Cross-Domain-Policies none;

        # Path to the root of your installation
        root /var/www/owncloud/;
        # set max upload size
        client_max_body_size 10G;
        fastcgi_buffers 64 4K;

        # Disable gzip to avoid the removal of the ETag header
        gzip off;
        index index.php index.html index.htm;
        error_page 403 /core/templates/403.php;
        error_page 404 /core/templates/404.php;
        rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
        rewrite ^/.well-known/caldav /remote.php/dav/ permanent;

        # PHP in home directory
        location ~ ^/~(.+?)(/.*\.php)(.*)$ {
          alias /home/$1/public_html;
          try_files $2 =404;
          fastcgi_split_path_info ^(.+\.php)(.*)$;
          fastcgi_pass unix:/run/php/php7.0-fpm.sock;
          fastcgi_index index.php;
          fastcgi_intercept_errors on;
          include fastcgi_params;
          fastcgi_param SCRIPT_NAME /~$1$fastcgi_script_name;
        }

        # Home directories
        location ~ ^/~(.+?)(/.*)?$ {
          alias /home/$1/public_html$2;
        }

        location /shiny/ {
            rewrite ^/shiny/(.*)$ /$1 break;
            proxy_pass http://127.0.0.1:3838;
            proxy_redirect http://127.0.0.1:3838/ https://$host/;
            auth_basic "Username and Password are required";
            auth_basic_user_file /etc/nginx/.htpasswd;
        }

        location /rstudio/ {
            proxy_pass http://127.0.0.1:8787/;
        }

        location /owncloud/ {
            alias /var/www/owncloud/;
            try_files $2 =404;
            fastcgi_split_path_info ^(.+\.php)(.*)$;
            fastcgi_pass unix:/run/php/php7.0-fpm.sock;
            fastcgi_index index.php;
            fastcgi_intercept_errors on;
            include fastcgi_params;
            fastcgi_param SCRIPT_NAME /~$1$fastcgi_script_name;
        }
    }

Shiny, Rstudio, and /~ignacio are working. If i got to my.example.com the browser downloads a file, and /owncloud can’t be reached.

I also have a version that has Shiny, Rstudio and owncloud working, but /~ignacio does not work :(

    upstream php-handler {
      server unix:/run/php/php7.0-fpm.sock;
    }

    # Redirect all traffic from port 80 to SSL port
    server {
        listen 80;
        return 301 https://$host$request_uri;
    }
    # Set reverse proxy to port 443
    server {
        listen 443 ssl;
       server_name my.example.com;
       ssl_certificate /etc/letsencrypt/live/my.example.com/fullchain.pem;
       ssl_certificate_key /etc/letsencrypt/live/my.example.com/privkey.pem;
       ssl_protocols TLSv1.2;
       ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
       ssl_prefer_server_ciphers on;
       # Add headers to serve security related headers
       add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
       add_header X-Content-Type-Options nosniff;
       add_header X-Frame-Options "SAMEORIGIN";
       add_header X-XSS-Protection "1; mode=block";
       add_header X-Robots-Tag none;
       add_header X-Download-Options noopen;
       add_header X-Permitted-Cross-Domain-Policies none;

        # Path to the root of your installation
        root /var/www/;
        # set max upload size
        client_max_body_size 10G;
        fastcgi_buffers 64 4K;

        # ownCloud blacklist
        location ~ ^/owncloud/(?:\.htaccess|data|config|db_structure\.xml|README) {
            deny all;
            error_page 403 = /owncloud/core/templates/403.php;
        }

        location / {
            index index.php index.html;
        }

        location /owncloud/ {           
            error_page 403 = /owncloud/core/templates/403.php;
            error_page 404 = /owncloud/core/templates/404.php;

            rewrite ^/owncloud/caldav(.*)$ /remote.php/caldav$1 redirect;
            rewrite ^/owncloud/carddav(.*)$ /remote.php/carddav$1 redirect;
            rewrite ^/owncloud/webdav(.*)$ /remote.php/webdav$1 redirect;

            rewrite ^(/owncloud/core/doc[^\/]+/)$ $1/index.html;

            # The following rules are only needed with webfinger
            rewrite ^/owncloud/.well-known/host-meta /public.php?service=host-meta last;
            rewrite ^/owncloud/.well-known/host-meta.json /public.php?service=host-meta-json last;
            rewrite ^/owncloud/.well-known/carddav /remote.php/carddav/ redirect;
            rewrite ^/owncloud/.well-known/caldav /remote.php/caldav/ redirect;

            try_files $uri $uri/ index.php;
        }

        location ~ \.php(?:$|/) {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param HTTPS on;
            fastcgi_pass php-handler;
        }

        # Optional: set long EXPIRES header on static assets
        location ~* ^/owncloud(/.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf))$ {
            expires 30d;
            access_log off;  # Optional: Don't log access to assets
        }

        # Disable gzip to avoid the removal of the ETag header
        gzip off;
        index index.php index.html index.htm;
        error_page 403 /core/templates/403.php;
        error_page 404 /core/templates/404.php;
        rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
        rewrite ^/.well-known/caldav /remote.php/dav/ permanent;

        # PHP in home directory
        location ~ ^/~(.+?)(/.*\.php)(.*)$ {
          alias /home/$1/public_html;
          try_files $2 =404;
          fastcgi_split_path_info ^(.+\.php)(.*)$;
          fastcgi_pass unix:/run/php/php7.0-fpm.sock;
          fastcgi_index index.php;
          fastcgi_intercept_errors on;
          include fastcgi_params;
          fastcgi_param SCRIPT_NAME /~$1$fastcgi_script_name;
        }

        # Home directories
        location ~ ^/~(.+?)(/.*)?$ {
          alias /home/$1/public_html$2;
        }

        location /shiny/ {
            rewrite ^/shiny/(.*)$ /$1 break;
            proxy_pass http://127.0.0.1:3838;
            proxy_redirect http://127.0.0.1:3838/ https://$host/;
            auth_basic "Username and Password are required";
            auth_basic_user_file /etc/nginx/.htpasswd;
        }

        location /rstudio/ {
            proxy_pass http://127.0.0.1:8787/;
        }


    }
Ignacio
  • 71
  • 4
  • Make a backup and start trying. Most people love to help you, but most people also want to see that you put in some effort yourself. – Daniel Apr 06 '16 at 05:01
  • @Daniel i updated my question with my latest attempt. Thanks for the help – Ignacio Apr 06 '16 at 22:41
  • You appear to have added a root outside a location, and a bunch of security stuff around headers. You should simply have added a new location block and not messed with anything else. Roll it back, add the minimum required, get it working, then build on it. – Tim Apr 10 '16 at 07:55
  • @Tim if I move `root /var/www/owncloud/;` inside the owncloud location, owncloud stops working but my home directory public_html php works :_( – Ignacio Apr 10 '16 at 12:34
  • 3
    Roll back to the working version before Owncloud. Add a location block for Owncloud and don't change anything outside it for now. If you follow the guides on the owncloud website you can add this as a subdomain using their Nginx configuration, which means you don't need to think. You haven't provided enough information to diagnose problems - we'd need more precise description of problem, logs, etc. If you can't work it out or describe it fully you may need to hire someone to work it out for you. – Tim Apr 10 '16 at 20:01
  • You'd likely have a much easier time running owncloud on its own subdomain rather than using example.com/owncloud – BE77Y Apr 15 '16 at 14:11

2 Answers2

0

I would suggest you install Owncloud to run with Apache. This is because Owncloud runs a lot of PHP and Apache is really good at this. Run it using prefork.

Use your Nginx in the front and proxy to Apache.

If you will use SSL, let Nginx handle the SSL and let it serve all the static files. Then forward the rest of the traffic to Apache.

jarvis
  • 1,956
  • 4
  • 17
  • 31
0

Also consider that owncloud suggests using apache server. I used to have it at nginx but now i switched to apache.
If you are able to do that, here is an official and detailed manual that you can follow:
https://doc.owncloud.org/server/9.0/admin_manual/installation/source_installation.html?highlight=apache#prerequisites-label

ksdimkas
  • 1