Engineering and technology notes

Hardening and Security Guidance — ownCloud 9.1 Server Administration Manual 9.1 documentation

Jovan Stosic February 1, 2020

Enable HTTP Strict Transport Security

While redirecting all traffic to HTTPS is good, it may not completely prevent man-in-the-middle attacks. Thus administrators are encouraged to set the HTTP Strict Transport Security header, which instructs browsers to not allow any connection to the ownCloud instance using HTTP, and it attempts to prevent site visitors from bypassing invalid certificate warnings.

This can be achieved by setting the following settings within the Apache VirtualHost file containing the <VirtualHost *:443> entry:

<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>

Source: Hardening and Security Guidance — ownCloud 9.1 Server Administration Manual 9.1 documentation

File is locked – how to unlock – FAQ – ownCloud Central

Jovan Stosic February 1, 2020

Manually disable locking state:

  • put ownCloud in maintenance mode: edit config/config.php and change this line:
    'maintenance' => true,
  • Empty table oc_file_locks: Use tools such as phpmyadmin or connect directly to your database and run:
    DELETE FROM oc_file_locks WHERE 1
  • disable maintenance mode (undo first step).

Source: File is locked – how to unlock – FAQ – ownCloud Central

Local :: ownCloud Documentation

Jovan Stosic January 31, 2020

In the Folder name field enter the folder name that you want to appear on your ownCloud Files page. In the Configuration field enter the full file path of the directory you want to mount. In the Available for field enter the users or groups who have permission to access the mount; by default all users have access.

In addition to these steps, you have to ensure that Local storage is enabled in your ownCloud installation’s config/config.php file. It should have the following configuration:

'files_external_allow_create_new_local' => 'true',

Source: Local :: ownCloud Documentation

ownCloud client errors after migration: 403 forbidden, 404 not found and 503 service unavailable – Server – ownCloud Central

Jovan Stosic January 31, 2020

That couldn’t be done in this case. The instance went from a server where the data directory was on the same volume to a new server with an attached volume.

The problem was that the directory paths are hardcoded (or can be) in two tables, oc_storages and oc_accounts. In my case the problem was only in oc_accounts. I ran this MySQL command to update the hardcoded paths:

update oc_accounts set home = replace(home, "/var/www/data", "/data/owncloud-data") where home like "/var/www/data%";

Problem resolved.

Thanks!

Source: ownCloud client errors after migration: 403 forbidden, 404 not found and 503 service unavailable – Server – ownCloud Central

Virtualbox shared folder mount from fstab fails; works once bootup is complete

Jovan Stosic January 16, 2020

I ran afoul of this problem too. I mount /var/www using VBox shared folders functionality, so this was quite annoying.

The solution I found was to force the vboxsf module to be loaded early, before the mounting of file systems. Just add vboxsf on a line of its own in /etc/modules.

Another solution is to set noauto in /etc/fstab and manually mount drives in /etc/rc.local, but this wasn’t such a good solution for me because by that time Apache has already started and been unable to find anything in /var/www.

https://askubuntu.com/questions/365346/virtualbox-shared-folder-mount-from-fstab-fails-works-once-bootup-is-complete