If you want to use you own ownCloud installation, you can find several documentation on the Internet on how to set up this server, e.g. the official ownCloud documentation, or installation guides such as this or that or here. But none of these page alone provided enough information for installing a secure server completely from the beginning.
So here comes my step-by-step guide which surely won’t be completely, too. 
However, hopefully it will help other people while searching for their way to install ownCloud. Additionally I am showing how to upgrade an ownCloud server.
I am assuming that there is a fresh Ubuntu server installation in place (with a few other programs such as shown here), which has already static IP addresses and is accessible form the Internet. I am also assuming that there is a correct DNS name configured and that the SSL certificate for this DNS name is present.
(And note: Though I am trying to be really accurate about all commands, I am not showing every single key-stroke. If you have any problems on any step: 1) Google is your friend or 2) write a comment below this site.)
I am using the following components in this guide:
- Ubuntu Server 14.04.2 LTS
- ownCloud 8.0.4 (later updated to 8.1.0)
Basic Installation
The first step is to install all of the necessary components on the Ubuntu server. This can be done by adding the repository with the following steps. In my case, 64 packages were installed. (Note that I am additionally installing the php5-mysql package. I do not fully know why, but several other guides did so. ;)) During the process, the user must type in the SQL root password. Choose a strong one and keep it in mind!
sudo sh -c "echo 'deb http://download.opensuse.org/repositories/isv:/ownCloud:/community/xUbuntu_14.04/ /' >> /etc/apt/sources.list.d/owncloud.list" wget http://download.opensuse.org/repositories/isv:ownCloud:community/xUbuntu_14.04/Release.key sudo apt-key add - < Release.key sudo apt-get update sudo apt-get install owncloud php5-mysql
The apache server throws the following error: “Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message”. This can be corrected by editing the apache configuration:
sudo nano /etc/apache2/apache2.conf
in which the server name must be added on a new line:
ServerName NAME-OF-THE-SERVER
SQL
The SQL database must be configured in the following way. Choose an own password for the ownCloud database user:
mysql -u root -p CREATE USER 'ownclouduser'@'localhost' IDENTIFIED BY 'PASSWORD'; CREATE DATABASE ownclouddb; GRANT ALL ON ownclouddb.* TO 'ownclouduser'@'localhost'; FLUSH PRIVILEGES; exit
Virtual Host and HTTPS
The following steps enable SSL and create the appropriate virtual hosts for ownCloud.
At first, enable SSL and the headers module (later on used for HSTS):
sudo a2enmod ssl sudo a2enmod headers
Then, add the virtual host (such as shown here with a static redirect to https). Note that I assume that there is a trusted SSL certificate already in place inside the /etc/ssl/certs/… folders. So, create a new configuration file for apache:
sudo nano /etc/apache2/sites-available/owncloud.conf
and add the following blocks in which “SUBDOMAIN.DOMAIN.TLD” must be set to your ownCloud DNS name:
<VirtualHost *:80>
ServerName SUBDOMAIN.DOMAIN.TLD
Redirect permanent / https://SUBDOMAIN.DOMAIN.TLD/
</VirtualHost>
<VirtualHost *:443>
ServerName SUBDOMAIN.DOMAIN.TLD
ServerAdmin webmaster@DOMAIN.TLD
DocumentRoot "/var/www/owncloud"
<Directory /var/www/owncloud>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
# add any possibly required additional directives here
# e.g. the Satisfy directive (see below for details):
Satisfy Any
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/cloud.crt
SSLCertificateKeyFile /etc/ssl/private/cloud.key
SSLCertificateChainFile /etc/ssl/certs/StartSSLconcatenated.crt
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
ErrorLog /var/log/apache2/SUBDOMAIN.DOMAIN.TLD-error_log
CustomLog /var/log/apache2/SUBDOMAIN.DOMAIN.TLD-access_log common
</VirtualHost>Finally, enable the new virtual host and reload the apache config:
sudo a2ensite owncloud.conf sudo service apache2 reload
Additional, change the SSL cipher suite in order to use only secure protocols (e.g., graded with an A or A+ by SSL Labs). Open the ssl.conf file:
sudo nano /etc/apache2/mods-available/ssl.conf
and change the following two lines (according to here):
SSLCipherSuite HIGH:!kRSA:!kDHr:!kDHd:!kSRP:!aNULL:!3DES:!MD5 SSLProtocol all -SSLv3
and restart the server:
sudo service apache2 restart
Final Steps
Now, point your browser to the ownCloud installation:
https://SUBDOMAIN.DOMAIN.TLD
and finalize the installation. This means that at least the MySQL login (configured a few steps before) is needed in the appropriate fields:
ownclouduser PASSWORD ownclouddb localhost
After these steps, the trusted domains must be set (if not set correctly already). Open the config.php:
sudo nano /var/www/owncloud/config/config.php
and verify the “trusted_domains” section:
array (
0 => 'IP-ADDRESS-OF-THE-SERVER',
1 => 'SUBDOMAIN.DOMAIN.TLD',
),
And the cron job for ownCloud should be used (see here). Create a new crontab with the www-data user:
crontab -u www-data -e
which has the following job:
*/15 * * * * php -f /var/www/owncloud/cron.php
And in the admin section of the GUI webpage, set the Cron button to “Cron” (instead of Webcron or AJAX).
Filesize
Optional, change the maximum file size on your installation. “In order for the maximum upload size to be configurable, the .htaccess in the ownCloud folder needs to be made writable by the server”, read here. So, change the ownership of the htaccess file:
sudo chown www-data:www-data /var/www/owncloud/.htaccess
and set the “maximum upload size” in the admin GUI, e.g., to 512M or greater (16G or whatever). Even though that should fit, open the htaccess file and verify that the following three lines are present (I added the third line manually):
sudo nano /var/www/owncloud/.htaccess php_value upload_max_filesize 4G php_value post_max_size 4G php_value memory_limit 4G
(I am not quite sure if a restart of apache is necessary here. However, I did it:)
sudo service apache2 restart
Update
I am always a bit afraid when updating web services via scripts or the like. But it is a must. So here we go. I updated my ownCloud installation from version 8.0.4 to 8.1.0. This is the documentation from ownCloud for that case. In theory, it is really simple:
sudo apt-get update sudo apt-get dist-upgrade cd /var/www/owncloud sudo -u www-data php occ upgrade
Indeed, in my case (almost) everything succeeded. One thing I noticed was that the “contacts” app was disabled. And I was not able to update it through the GUI. Hm. However, after enabling it, the ownCloud server went into maintenance mode, but I was able to click the “Start Update” button in the GUI, which successfully updated the contacts app. Uff.
Furthermore (possibly due to the 8.1.0 update and not in general!), inside the admin section, the following warning appeared: “No memory cache has been configured.” In order to get a recent php5-apcu package (since the shipped package with Ubuntu 14.04 is outdated), the following steps are required:
wget http://mirrors.kernel.org/ubuntu/pool/universe/p/php-apcu/php5-apcu_4.0.6-1_amd64.deb sudo dpkg -i php5-apcu_4.0.6-1_amd64.deb
To enable this module, the ownCloud config.php file must be edited:
sudo nano /var/www/owncloud/config/config.php
with the following new line inside the “CONFIG array”:
'memcache.local' => '\OC\Memcache\APCu',
But that was not enough. Another fatal error appeared: “Missing memcache class \OC\Memcache\APCu for local cache”. This could be solved with this two Google findings: Open the php.ini file inside the cli section:
sudo nano /etc/php5/cli/php.ini
and add the following line:
apc.enable_cli=1
Now it’s working. This was one more good example on how Google can save your life.
DONE!!!
For any more hints or corrections, please write a comment.