Some time ago I get an opportunity to familiarize with ownCloud, you can find out more about my first impressions with ownCloud server here.
Today I decided to create a simple tutorial were I have noted have one (perhaps you) can install his/her own file sharing server - ownCloud. I'm going to use Linode VPS, Ubuntu 14.04 and Apache
Actually, I tried to set ownCloud on Ngnix, but there was some problems with it, so i sticked with Apache
- At first I bought a new VPS from Linode.
- Quickly deployed a new Ubuntu 14.04 server
- And rest was handled using SSH (Putty)
sudo sh -c "echo 'deb http://download.opensuse.org/repositories/isv:/ownCloud:/community/xUbuntu_14.04/ /' >> /etc/apt/sources.list.d/owncloud.list" sudo apt-get update sudo apt-get install owncloud
And voilà - a new self hosted ownCloud installation was born. Literally in matter of few minutes (Though I performed a test for a few hour before, by trying to put ownCloud on Ngnix)
Though I prefer Nginx over Apache in this case this is not about Nginx or Apache, this is about solution I could deploy quickly.
Now, as tempting might look just a few rows of code to execute to install an ownCloud server, here is a few more things you should take in consideration:
Remove root from SSH
One of the biggest security holes you could open on your server is to allow directly logging in as root through ssh, because any cracker can attempt to brute force your root password and potentially get access to your system if they can figure out your password.
Create a new admin user on your server (change admin to something better)
The visudo command will open up the /etc/sudoers file. All you need to do to grant sudo privileges to admin is to add a line beneath root’s, so that it looks like this:
# User privilege specification root ALL=(ALL:ALL) ALL admin ALL=(ALL:ALL) ALL
Now exit your SSH connection as root, and re-login as admin
Turn off root login
# Authentication: PermitRootLogin no
Now go ahead and restart ssh.
service ssh restart
Now,you have secured your SSH a little bit.
Secure IP tables
Setting up a good firewall is an essential step to take in securing any modern operating system. Most Linux distributions ship with a few different firewall tools that we can use to configure our firewalls.
Follow this guide on Digital Ocean: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-iptables-on-ubuntu-14-04
Use SSL Certificates (HTTPS)
TLS, or transport layer security, and its predecessor SSL, secure sockets layer, are secure protocols created in order to place normal traffic in a protected, encrypted wrapper.
Follow this guide on Digital Ocean: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04
One thing to mention - you should search for some reputable and trusted SSL vendor. Self created certifictes can do a damage for your company - leaving to think your customers your server or worst you are not trustable.
ownCloud is an enterprise-grade file sync and share solution that is as easy to use as consumer-grade products, but is hosted in your data center, on your servers, using your storage. ownCloud integrates seamlessly into your IT infrastructure, allowing you to deliver file sharing services that conform to your data security and compliance policies. Your employees will love ownCloud’s clean, professional user interfaces; you’ll enjoy peace of mind, knowing that your data is under IT control at all times.
With over 1.3 million users, ownCloud is the preferred file sharing solution for enterprises everywhere.
Visit ownCloud to find out more.