khanh.pndc/nextcloud-docs
1
0
Fork 0
mirror of https://github.com/nextcloud/documentation.git synced 2026-01-03 10:20:02 +07:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into stable5

Browse Source
This commit is contained in:
Daniel Molkentin
2013-07-05 14:51:04 +02:00
parent cadc872d90 c16cfe5b98
commit d9e41f8908
8 changed files with 225 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
admin_manual/configuration/configuration_database.rst
View File

@@ -16,7 +16,8 @@ Parameters
----------
MySQL/MariaDB Database
~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
If you decide to use a MySQL or MariaDB database make sure that you have installed and
enabled the MySQL extension in PHP and that the **mysql.default_socket**
points to the correct socket (if the database runs on same server as ownCloud).
@@ -49,7 +50,7 @@ Now you need to create a database user and the database itself by using the
MySQL command line interface. The database tables will be created by ownCloud
when you login for the first time.
To start the get into the MySQL command line mode use::
To start the MySQL command line mode use::
mysql -uroot -p
@@ -111,6 +112,7 @@ In the ownCloud counfiguration in :file:`config/config.php` you need to set at l
PostgreSQL Database
~~~~~~~~~~~~~~~~~~~
If you decide to use a PostgreSQL database make sure that you have installed
and enabled the PostgreSQL extension in PHP. The PHP configuration in :file:`/etc/php5/conf.d/pgsql.ini` could look
like this:
@@ -133,7 +135,7 @@ Now you need to create a database user and the database itself by using the
PostgreSQL command line interface. The database tables will be created by
ownCloud when you login for the first time.
To start the get into the postgres command line mode use::
To start the postgres command line mode use::
psql -hlocalhost -Upostgres
@@ -166,6 +168,74 @@ ownCloud a password is very often not required to access the database.
"dbhost" => "localhost",
"dbtableprefix" => "",
Oracle Database
~~~~~~~~~~~~~~~
If you are deploying to an Oracle database make sure that you have installed
and enabled the `Oracle extension <http://php.net/manual/en/book.oci8.php>`_ in PHP. The PHP configuration in :file:`/etc/php5/conf.d/oci8.ini` could look like this:
.. code-block:: ini
# configuration for PHP Oracle extension
extension=oci8.so
Make sure that the Oracle environment has been set up for the process trying to use the Oracle extension. For a local Oracle XE installation this can be done by exporting the following environment variables (eg. in :file:`/etc/apache2/envvars` for Apache)
.. code-block:: bash
export ORACLE_HOME=/u01/app/oracle/product/11.2.0/xe
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib
Installing and configuring Oracle support for PHP is way out of scope for this document. The official Oracle documentation called `The Underground PHP and Oracle Manual <http://www.oracle.com/technetwork/topics/php/underground-php-oracle-manual-098250.html>`_ should help you through the process.
Creating a database user for ownCloud can be done by using the sqlplus command line
interface or the Oracle Application Express web interface. The database tables will be created by ownCloud when you login for the first time.
To start the Oracle command line mode with a DBA account use::
sqlplus system AS SYSDBA
After entering the password a **SQL>** prompt will appear. Now enter the following lines and confirm them with the enter key:
.. code-block:: sql
CREATE USER owncloud IDENTIFIED BY password;
ALTER USER owncloud DEFAULT TABLESPACE users
TEMPORARY TABLESPACE temp
QUOTA unlimited ON users;
GRANT create session
, create table
, create procedure
, create sequence
, create trigger
, create view
, create synonym
, alter session
TO owncloud;
.. note:: In Oracle creating a user is the same as creating a database in other RDBMs, so no ``CREATE DATABASE`` statement is necessary.
You can quit the prompt by entering::
exit
In the ownCloud configuration you need to set the hostname on which the
database is running and a valid username and password to
access it. If the database has been installed on the same server as
ownCloud to config file could look like this:
.. code-block:: php
<?php
"dbtype" => "oci",
"dbname" => "XE",
"dbuser" => "owncloud",
"dbpassword" => "password",
"dbhost" => "localhost",
.. note:: This example assumes you are running an Oracle Express Edition on ``localhost``. The ``dbname`` is the name of the Oracle instance. For Oracle Express Edition it is always ``XE``.
Trouble Shooting
----------------
@@ -225,6 +295,24 @@ command line interface:
(1 row)
postgres=# \q
**Oracle**::
sqlplus username
::
SQL> select * from v$version;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Production
PL/SQL Release 11.2.0.2.0 - Production
CORE 11.2.0.2.0 Production
TNS for Linux: Version 11.2.0.2.0 - Production
NLSRTL Version 11.2.0.2.0 - Production
SQL> exit
Useful SQL commands
~~~~~~~~~~~~~~~~~~~
@@ -232,22 +320,26 @@ Useful SQL commands
SQLite : No database user is required.
MySQL : SELECT User,Host FROM mysql.user;
PostgreSQL: SELECT * from pg_user;
PostgreSQL: SELECT * FROM pg_user;
Oracle : SELECT * FROM all_users;
**Show available Databases**::
SQLite : .databases (normally one database per file!)
MySQL : SHOW DATABASES;
PostgreSQL: \l
Oracle : SELECT name FROM v$database; (requires DBA privileges)
**Show ownCloud Tables in Database**::
SQLite : .tables
MySQL : USE owncloud; SHOW TABLES;
PostgreSQL: \c owncloud; \d
Oracle : SELECT table_name FROM user_tables;
**Quit Database**::
SQLite : .quit
MySQL : quit
PostgreSQL: \q
Oracle : quit

57
admin_manual/configuration/configuration_encryption.rst Normal file
View File

@@ -0,0 +1,57 @@
Use Server-Side Encryption
==========================
ownCloud ships a encryption app, which allows to encrypt all files stored in
your ownCloud. Encryption and decryption always happens server-side. This
enables the user to continue to use all the other apps to view and edit his
data.
The app uses the users log-in password as encryption-password. This means that
by default the user will loss access to his files if he loss his log-in
password.
It might be a good idea to make regular backups of all encryption keys. The
encryption keys are sored in following folders:
* data/owncloud_private_key (recovery key, if enabled and public share key)
* data/public-keys (public keys from all users)
* data/<user>/files_encryption (users private key and all other keys necessary to
decrypt the users files)
Enable File Recovery Feature
----------------------------
The admin can offer the user some kind of protection against password
loss. Therefore you have to enable the recovery key in the admin settings and
provide a strong recovery key password. The admin settings also enables you to
change the recovery key password if you wish. But you should make sure to never
loss this password, because that's the only way to recover users files.
Once the recovery key was enabled every user can choose in his personal
settings to enable this feature or not.
Recover User Files
------------------
If the recovery feature was enabled the admin will see a additional input field
at the top of the user management settings. After entering the recovery-key
password the admin can change the users log-in password which will
automatically recover the users file.
If you use a user back-end which doesn't allow you to change the log-in
password directly within ownCloud, e.g. the LDAP back-end, than you can follow
the same procedure to recover users files. The only difference is that
you need to change the log-in password additionally at your back-end. In this
case make sure to use both times the same password.
LDAP and other external user back-ends
--------------------------------------
if you configure a external user back-end you will be able to change the users log-in password
at the back-end. Since the encryption password must be the same as the users log-in password
this will result in a non-functional encryption system. If the recovery feature was enabled,
the administrator will be able to recover the users files directly over the recovery feature.
See the description above. Otherwise the user will be informed that his log-in password and
his encryption password no longer matchs after his next log-in. In this case the user will be
able to adjust his encryption password in the personal settings by providing both, his old and
his new log-in password.

2
admin_manual/configuration/custom_mount_config.rst
View File

@@ -147,7 +147,7 @@ Example
'user'=>'johndoe',
'password'=> 'secret',
'share'=>'/test',
'/Pictures'
'root'=>'/Pictures'
)
);

1
admin_manual/configuration/index.rst
View File

@@ -13,6 +13,7 @@ Configuration
configuration_logging
configuration_mail
configuration_reverseproxy
configuration_encryption
custom_mount_config
custom_user_backend
auth_ldap

26
admin_manual/configuration/xsendfile.rst
View File

@@ -4,7 +4,7 @@ Since ownCloud 5 it is possible to let web servers handle static file serving.
This should generally improve performance (web servers are optimized for this) and in some cases permits controlled file serving (i.e. pause
and resume downloads).
.. note :: This feature can currently only be activated for local files, i.e. files inside the **data/** directory and local mounts. Controlled file serving **does not work for generated zip files**. This is due to how temporary files are created. Also it has **never been tested under lighttpd** but its configuration should be the same as Apache
.. note :: This feature can currently only be activated for local files, i.e. files inside the **data/** directory and local mounts. Controlled file serving **does not work for generated zip files**. This is due to how temporary files are created.
Apache2 (X-Sendfile)
--------------------
@@ -51,6 +51,30 @@ For versions >=0.10 (e.g. Ubuntu 12.10)
* **XSendFilePath (>=0.10)**: a white list of paths that the web server is allowed to serve outside of the specified Directory. At least PHP temporary directory concatenated with *oc-noclean* must be configured. Temporary zip files will be created inside this directory when using mod_xsendfile. Other paths which correspond to local mounts should be configured here aswell. For a more in-dept documentation of this directive refer to mod_xsendfile website linked above
LigHTTPd (X-Sendfile2)
----------------------
LigHTTPd uses similar headers to Apache2, apart from the fact that it does not handle partial downloads in the same way Apache2 does. For this reason, a different method is used for LigHTTPd.
Installation
~~~~~~~~~~~~
X-Sendfile and X-Sendfile2 are supported by default in LigHTTPd and no additional operation should be needed to install it.
Configuration
~~~~~~~~~~~~~
Your server configuration should include the following statements::
fastcgi.server = ( ".php" => ((
...
"allow-x-send-file" => "enable",
"bin-environment" => (
"MOD_X_SENDFILE2_ENABLED" => "1",
),
)))
* **allow-x-send-file**: enables LigHTTPd to use X-Sendfile and X-Sendfile2 headers to serve files
* **bin-environment**: is used to parse MOD_X_SENDFILE2_ENABLED to the ownCloud backend, to make it use the X-Sendfile and X-Sendfile2 headers in it's response
Nginx (X-Accel-Redirect)
------------------------
Nginx supports handling of static files differently from Apache. Documentation can be found in the Nginx Wiki section `Mod X-Sendfile <http://wiki.nginx.org/XSendfile>`_ and section `X-Accell <http://wiki.nginx.org/X-accel>`_. The header used by Nginx is X-Accel-Redirect.

43
user_manual/files/encryption.rst Normal file
View File

@@ -0,0 +1,43 @@
Files Encryption
================
ownCloud ships a encryption app, which allows to encrypt all files stored in
your ownCloud. Once the encryption app was enabled by the admin all your files
will be encrypted automatically. Encryption and decryption always happens
server-side. This enables the user to continue to use all the other apps to
view and edit his data. But this also means that the server administrator could
intercept your data. Server-Side encryption is especially interesting if you
use external storages. This way you can make sure that the storage provider is
not able to read your data.
Please remember. Once the encryption app is enabled you need your log-in
password to decrypt and access your data. By default your data will be lost if
you loss your log-in pasword. If you want to protect yourself against password
loss store your log-in password on a secure place or enable the recovery key
as described below.
Settings
--------
Once the encryption app is enabled you will find some additional settings on
your personal settings page.
Recovery Key
~~~~~~~~~~~~
If the admin enabled the recovery-key you can decide by your own if you
want to use this feature for your account. If you enable "Password recovery"
the admin will be able to read your data with a special password. Which allows
him to recover your files in case of password loss. If the recovery-key is not
enabled than there is no way to restore your files if you loss your log-in
password.
Change Private Key Password
~~~~~~~~~~~~~~~~~~~~~~~~~~~
This option will be only available if your log-in password but not your
encryption password was changed by your admin. This can happen if your ownCloud
provider uses a external user back-end, e.g. LDAP, and changed your log-in
password there. In this case you can set your encryption password to your new
log-in password by providing your old and new log-in password. The encryption
app only works if log-in password and encryption password is identical.

1
user_manual/files/index.rst
View File

@@ -9,3 +9,4 @@ Files & Synchronization
versioncontrol
deletedfiles
sync
encryption

1
user_manual/pim/sync_thunderbird.rst
View File

@@ -18,6 +18,7 @@ As someone who is new to OwnCloud, New to SoGo Connector, and new to Thunderbird
- "**URL:**" is found in your OwnCloud Contacts area, that little Gear symbol
.. image:: ../images/contact_thunderbird-Symbol_Gear.jpg
in the -bottom left- of the Contacts View (same symbol as found in the -top right- in the Calendar view). Then look for a little impeller symbol
.. image:: ../images/contact_thunderbird-Symbol_Impeller.jpg
which will display the URL you need for your installation to work.