![]() ![]() If not, just edit your hosts file for now. I assume you already have you own domain name and have it pointed at your webserver. My DNS provider of choice is because they provide excellent service for a fair price. You will need to use your own domain name and pay a DNS provider to tell the rest of the world about it. We’ll first do the snakeoil, later on the commercial. In Apache your have two choices for SSL: either you use a self-signed certificate (appropriately named a snakeoil certificate in Apache) or you pay a certificate vendor a fee for a commercial certificate. Alternatively sign up for ownCloud’s newsletters and I think you’ll be notified soon enough if a security issue with image generation occurs. If you’re paranoid about it – or just don’t care about image previews – then disable it. This is really a choice between functionality and marginally more security. ![]() We did that in the setup so we’re covered! Place data directory outside of the web root If you have genius suggestions feel free to mention them in the comments :) Setting up SELinux in Debian is still a bit wonky. Reload Apache to have open_basedir take effect: Open_basedir /var/www/owncloud/:/var/ownclouddata/:/var/log/owncloud.log:/tmp/:/dev/urandom Open /etc/php5/apache2/php.ini and find the line that reads Since ownCloud has no business being anywhere else on our system but in its own directories, /tmp/ and /dev/urandom let’s tell PHP about this. By default PHP in Debian 8 has no configuration for open_basedir so /dev/urandom may be accessed by PHP to acquire entropy. If it’s not configured PHP can access any directory allowed by the filesystem. Open_basedir is a php.ini directive which specifies which paths PHP is allowed to access through script. Give PHP read access to /dev/urandom (also: configure open_basedir) OwnCloud suggest whitelisting ‘localhost’ as well, but 127.0.0.1 is automatically whitelisted and our server has no gui so I think you will survive the one time you need to type localhost’s IP address. 192.168.1.3 is ownCloud’s local ip address. Make the script executable: # chmod +x permissions.shįrom the ownCloud site: in /var/Enter all names and addresses by which you want to be able to access ownCloud. ocpath and datapath contain the correct values for our lab setup. htuser, htgroup and rootuser are correct if you’re installing on Debian with Apache, which we are. Paste this in a file called permissions.sh:įind $/.htaccessĮdit ocpath and datapath to your own variables. Their page also lists all suggested permissions per directory or file so you can set the permissions for modified installations. OwnCloud provides a script to easily set the proper file permissions on ownCloud installations. Make the Strict Transport Security warning go away. ![]() Error: Your data directory and your files are probably accessible from the internet.Place data directory outside of the web root.Give PHP read access to /dev/urandom (also: configure open_basedir).Everything combined should result in a server with a good baseline security. We’ll be going over their suggestions and add one extra while we’re at it. OwnCloud lists a number of security options on their site. Actie active directory ad AI aliens backup biotech clamav complete connect culture debian detective Dovecot fail2ban fantasy humor klassieke scifi kunstmatige intelligentie maatschappijkritiek mail military scifi mysql openvpn owncloud pfsense politiek Postfix posthumanisme robots Roundcube Scifi server space opera Spamassassin stretch technothriller Thunderbird transhumanisme twitter ubuntu virtualbox vpn wheezy windows Categories
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |