Raspberry Pi ownCloud: Your Personal Cloud Storage

In this project, we are going to make a Raspberry Pi Owncloud server that can act as your very own personal cloud storage.

Raspberry Pi Owncloud

As the protection of your privacy becomes harder and harder, you may be thinking of moving your files to a private cloud storage. If this is the case, then this tutorial is perfect for you.

It is important to remember that since your data will be stored on your local network, you will end up with using more bandwidth if uploading and downloading files from outside your network.

This tutorial will take you through everything you need to know to get Owncloud setup and accessible.

If you’re curious and want to learn more about the Owncloud software, be sure to check out the Owncloud website.

Equipment

I made use of the following equipment for this personal cloud storage setup.

Recommended

Optional

Note: It is highly likely that the USB ports on the Raspberry Pi will be unable to power an external hard drive so you may need to invest in a powered USB hub.

Video

If you’re a visual person and would like to see our video on how to put this tutorial together, then check out the video below.

It will take you through everything you need to know get your Raspberry Pi Owncloud server up and running.

Setting up The Raspberry Pi Owncloud Server

Firstly, you will need to have a Raspberry Pi with Raspbian installed. If you haven’t installed Raspbian, then check out our guide on how to install Raspbian via NOOBS (New Out of the Box Software).

There are quite a few ways you’re able to install Owncloud onto your Raspberry Pi. In this particular tutorial, we’re going to be downloading a web server (Nginx) and Owncloud.

Installing NGINX and PHP

The first thing we need to do is install both NGINX and PHP to our Raspberry Pi. We will need both of these pieces of software to run the Owncloud software.

1. Firstly, in either The Pi’s command line or via SSH, we will need to update the Raspberry Pi and its packages, do this by entering:

sudo apt update
sudo apt upgrade

2. Next, we need to add the www-data user to the www-data group.

sudo usermod -a -G www-data www-data

These instructions have been updated to work with Raspberry Pi OS Bullseye. If you’re on an earlier version, then I highly recommend you upgrade to Raspbian Bullseye before continuing.

You can follow our guide on upgrading from Raspberry Pi OS Buster to Bullseye.

Alternatively, we do have a workaround if you want to stick with an older release of Raspberry Pi OS.

3. Once you are running Raspbian Buster, you can safely continue with this tutorial.

In this step, we will be installing all the packages that we require to run Owncloud. This includes PHP 7.4 and its numerous modules that OwnCloud relies upon.

Run the following command to install everything we need.

sudo apt-get install nginx openssl ssl-cert php7.4-xml php7.4-dev php7.4-curl php7.4-gd php7.4-fpm php7.4-zip php7.4-intl php7.4-mbstring php7.4-cli php7.4-mysql php7.4-common php7.4-cgi php7.4-apcu php7.4-redis redis-server php-pear curl libapr1 libtool libcurl4-openssl-dev

When running this command on older versions of Raspberry Pi OS, you might run into a “package not found” error. You can work around most of these by adding a third-party PHP repository to your operating system.

Setting up NGINX for Owncloud and HTTPS

Our next step is to now set up and configure NGINX for it to work with the Owncloud software. We will also be setting NGINX up so that it can support HTTPS connections as well.
1. Now we need to create an SSL certificate you can do this by running the following command:

sudo openssl req $@ -new -x509 -days 730 -nodes -out /etc/nginx/cert.pem -keyout /etc/nginx/cert.key

Just enter the relevant data for each of the questions it asks you.

2. In addition to the SSL certificate, we also need to generate a custom dhparam file. This file helps ensure that our SSL connections are kept secure. By default, this would use a default one that isn’t nearly as secure.

To generate a 2048 byte long dhparam file, run the following command on your Raspberry Pi. This process will take quite a long time, up to 2 hours.

Adding the dhparam flag to the command will help speed up the process, but arguably is less secure.

sudo openssl dhparam -out /etc/nginx/dh2048.pem 2048

3. Now we need to chmod the three cert files we just generated.

sudo chmod 600 /etc/nginx/cert.pem
sudo chmod 600 /etc/nginx/cert.key
sudo chmod 600 /etc/nginx/dh2048.pem

4. Let’s clear the server config file since we will be copying and pasting our own version in it.

sudo sh -c "echo '' > /etc/nginx/sites-available/default"

5. Now let’s configure the web server configuration so that it runs Owncloud correctly. I use the nano text editor to edit most files.

sudo nano /etc/nginx/sites-available/default

6. Now simply copy and paste the following code into the file.

upstream php-handler {
    server unix:/var/run/php/php7.4-fpm.sock;
}

server {
    listen 80;
    server_name _;

    #Allow letsencrypt through
    location /.well-known/acme-challenge/ {
        root /var/www/owncloud;
    }

    # enforce https
    location / {
        return 301 https://$host$request_uri;
    }
}
  
server {
    listen 443 ssl http2;
    server_name _;
  
    ssl_certificate /etc/nginx/cert.pem;
    ssl_certificate_key /etc/nginx/cert.key;

    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:AES256+EDH';
    ssl_dhparam /etc/nginx/dh2048.pem;
    ssl_prefer_server_ciphers on;
    keepalive_timeout    70;
    ssl_stapling on;
    ssl_stapling_verify on;
  
    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always;
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
  
    root /var/www/owncloud/;
  
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
  
    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
  
    location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
        return 301 $scheme://$host/remote.php/dav;
    }
  
    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 8 4K;
    fastcgi_ignore_headers X-Accel-Buffering;
  
    gzip off;
  
    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;
  
    location / {
        rewrite ^ /index.php$uri;
    }
  
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        return 404;
    }

    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        return 404;
    }
  
    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_read_timeout 180;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off; #Available since NGINX 1.7.11
    }
  
    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri $uri/ =404;
        index index.php;
    }
  
    location ~ \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "max-age=15778463";
        add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        access_log off;
    }

    location ~ \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg|map)$ {
        add_header Cache-Control "public, max-age=7200";
        try_files $uri /index.php$uri$is_args$args;
        access_log off;
    }
}

7. Now save and exit out of the file by pressing CTRL + X, then Y, followed by ENTER.

8. As we have made changes to NGINX’s configuration we need to restart it’s service by running the following command.

sudo systemctl restart nginx

Tweaking PHP for Owncloud

With NGINX now set up, we can now go ahead and prepare PHP to work with our Owncloud installation. As we use php-fpm, there are a few additional things we need to do.

1. Now that is done, there are a few more configurations we will need to update, first open up the PHP config file by entering.

sudo nano /etc/php/7.4/fpm/php.ini

2. In this file, we want to find and update the following lines. (CTRL + W allows you to search)

Find

upload_max_filesize = 2M

Replace With

upload_max_filesize = 2000M

Find

post_max_size = 8M

Replace With

post_max_size = 2000M

3. Once done, save and then exit by pressing CTRL + X, followed by Y, then ENTER.

4. Our next step is to make some changes to the php-fpm pool configuration. The reason for this is that php-fpm can’t access environment variables.

Run the following command to begin modifying the configuration file.

sudo nano /etc/php/7.4/fpm/pool.d/www.conf

5. Within this file, find the following block of code and replace it with what we have below.

You can use CTRL + W to find this block of code faster. Typically its located near the bottom of the file.

Find

;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

Replace With

env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

6. With these changes made, go ahead and save the file by pressing CTRL + X, followed by Y, then ENTER.

Adding Swap Memory

Our next step is to add some swap memory to our system.

Adding swap memory allows the Raspberry Pi to work further beyond its memory by making use of space on the storage device. While a lot slower then RAM it is better then the program crashing

1. To increase the amount of swap memory, we need to modify a file called dphys-swapfile.

To modify this file, make use of the following command:

sudo nano /etc/dphys-swapfile

2. Within this file, find the following line and change it to what we have below.

Find

CONF_SWAPSIZE=100

Replace With

CONF_SWAPSIZE = 512

3. Once done, save and then quit by pressing CTRL + X, followed by Y, then ENTER.

4. For our changes to take effect, we will need to now restart the Raspberry Pi by running the command below.

sudo reboot

Setting up a MySQL Database & User for Owncloud

Before beginning this section, you must have already set up a MySQL server on your Raspberry Pi.

1. To be able to create our database, we will need to make use of the MySQL command-line interface.

We can load up the tool by running the following command.

sudo mysql -u root -p

2. Once logged in, you can begin interacting with your MySQL server.

The database we will be creating is called ownclouddb. We can create this database by running the following command.

CREATE DATABASE ownclouddb;

3. With the database created, let’s now create a user that can interact with it.

We can create a user called ownclouduser by running the command below. Make sure that you replace [PASSWORD] with a secure password and make a note of it for later.

CREATE USER 'ownclouduser'@'localhost' IDENTIFIED BY '[PASSWORD]';

4. Our next step is to give access permissions to our new user.

We can grant these privileges by running the following command.

GRANT ALL PRIVILEGES ON ownclouddb.* TO 'ownclouduser'@'localhost';

5. The final task is to flush the privileges. If we don’t do this, then our changes won’t be utilized by the server.

To flush the privileges, all we need to do is run the following command.

FLUSH PRIVILEGES;

Once the privilege table has been flushed, we can proceed to install and set up the Owncloud software.

Downloading & Extracting Owncloud

Now in this section, we will be installing the actual Owncloud software on to our Raspberry Pi. Installing Owncloud requires a couple of straightforward steps.

1. Once the Pi has restarted, you will need to install Owncloud onto the Raspberry Pi.

Let us change to the directory where we will be running the script from.

cd /var/www/

2. Now that we are in the right directory we can now download the latest version of Owncloud.

To do this we will make use of wget by running the command below.

sudo wget https://download.owncloud.com/server/stable/owncloud-complete-latest.tar.bz2

3. Now extract the archive we downloaded by using the tar command.

sudo tar -xvf owncloud-complete-latest.tar.bz2

4. With everything extracted we need to make sure that the www-data owns the files.

We can recursively modify the permissions of the file by using the chown command.

sudo chown -R www-data:www-data /var/www

5. Now we need to open up the .user.ini file to enforce some of the changes we made earlier in the tutorial

sudo nano /var/www/owncloud/.user.ini

6. In here update the following values, so they are 2000M:

upload_max_filesize=2000M
post_max_size=2000M
memory_limit=2000M

7. Now that is done, we should be able to connect to Owncloud at your PI’s IP address.

Before you set up the admin account, you might want to mount an external drive, so you have lots of disk space for your Raspberry Pi Owncloud server. Just follow the instructions in the next section.

Mounting & Setting up a Drive

Setting up an external drive while should be relatively straightforward but sometimes things don’t work as correctly as they should.

These instructions are for mounting and allowing Owncloud to store files onto an external hard drive.

1. Firstly if you have an NTFS drive we will need to install an NTFS package by entering the following:

sudo apt-get install ntfs-3g

2. Now let’s make a directory we can mount.

sudo mkdir /media/ownclouddrive

3. Now we need to get the GID, UID, and the UUID as we will need to use these soon. Enter the following command for the GID:

id -g www-data

4. Now for the UID enter the following command:

id -u www-data

5. Also if we get the UUID of the hard drive, the Pi will remember this drive even if you plug it into a different USB port.

ls -l /dev/disk/by-uuid
UUID Hard Drive

Copy the light blue letters and numbers of the last entry (Should have something like -> ../../sda1 at the end of it).

6. Now let’s add your drive into the fstab file so that it will boot with the correct permissions.

sudo nano /etc/fstab

7. Now add the following line to the bottom of the file, updating UID, GUID and the UUID with the values we got above. (The following should all be on a single line)

UUID=DC72-0315 /media/ownclouddrive auto nofail,uid=33,gid=33,umask=0027,dmask=0027,noatime 0 0

8. Reboot the Raspberry Pi, and the drives should automatically be mounted. If they are mounted, we’re all good to go.

Note: If you get an error stating the Pi is in emergency mode at boot up then this likely means a problem with the fstab entry. Just edit the fstab file (sudo nano /etc/fstab) and remove the added line or look for a mistake and fix it.

Setting up Owncloud

I will briefly go through the basics of setting up Owncloud Raspberry Pi here. If you want more information, I highly recommend checkout out the manuals on their website. You can find them at the Owncloud manual site here.

1. In your favorite web browser, you need to go to your Raspberry Pi’s IP address.

If you don’t know your Pi’s local IP, you can run the hostname command.

hostname -I

2. Once you go to the IP you’re like to get a certificate error, add this to your exception list as it will be safe to proceed.

On Chrome, you click the Show advanced button (1.).

Then clickProceed to [YOURPISIPADDRESS] (unsafe)” (2.).

Raspberry Pi Owncloud Server Chrome Security Warning

3. When you first open up Owncloud, you will need to do some initial setup steps.

The first thing you need to do is specify a username and password for your Owncloud admin account. (1.)

Next, we need to bring up the storage and database settings. You can do this by clicking the “Storage & database” dropdown (2.).

If you are using a different data folder, you can specify it now by using the Data folder textbox (3.)

We then need to bring up the MySQL database options. You can find these by clicking the MySQL/MariaDB toggle (4.).

Next, we need to fill out three bits of information, the database user, the password for that user, and the database name.

  1. First, you need to specify the “Database user” (A.). If you are following this guide, this should be ownclouduser.
  2. The second option you will need to specify the password you set for the above user. (B.)
  3. Finally, we need to set the database name. (C.) If you have used the ones from this tutorial, you should set this to ownclouddb.

Once you have finished with all the settings, click the Finish setup button (4.).

Owncloud Server Setup Configuration Screen

If you ever need to update and you find the internal updater is not working, this likely means you will need to do it manually.

You can find a detailed process on how to update over at Owncloud’s update manual page.

The next two sections will show you how to improve your Owncloud software even further.

Setting up Memory Caching for Owncloud

In this section, we will be showing you how to configure Owncloud to make use of APCu and Redis. APCu is used as an object memory cache, and Redis is used to deal with transactional file locking.

Using both of these will help improve the performance of Owncloud on your Raspberry Pi.

1. To be able to enable these, we ill need to make a change to the Owncloud configuration file.

Begin editing this file by running the following command.

sudo nano /var/www/owncloud/config/config.php

2. Within this file, find the following line and add the block of text below it.

Find

'installed' => true,

Add Below

  'memcache.local' => '\OC\Memcache\APCu',
  'memcache.locking' => '\OC\Memcache\Redis',
  'redis' => [
    'host' => 'localhost',
    'port' => 6379,
  ],

3. Once done, save the file by pressing CTRL + X, then Y, followed by ENTER.

Using System Cron with Owncloud

The Owncloud team recommends that you should set it up so that the operating system runs the scripts cron jobs instead of Ajax.

1. To be able to set up a cron job for Owncloud, we will need to make use of the www-data user’s crontab.

Begin modifying the user’s cron by running the following command.

sudo crontab -u www-data -e

If you are asked what editor you should use to modify the crontab, we highly recommend that you use nano.

2. Add the following line to the bottom of this file.

*  *  *  *  * /usr/bin/php /var/www/owncloud/occ system:cron

This line will run Owncloud’s cron job every minute.

3. Once done, save the file by pressing CTRL + X, followed by Y, then ENTER.

You should now have Owncloud set up correctly on your Raspberry Pi.

Port Forwarding & External Access

If you want to have access to your cloud drive outside your local network, then you will need to setup port forwarding and make a few changes to our config files.

You can get your external IP address at what is my IP.

If you have a dynamic IP you may want to set up a dynamic DNS and use that as your address. You can find information on this in my guide to port forwarding.

To do this open up the Owncloud config file by using the following command.

sudo nano /var/www/owncloud/config/config.php

In here add a new item to the trusted domains array (This will be your external IP address). Your new entry should look something like this (x are just placeholders).

1 => 'xxx.xxx.xxx.xxx',

Finally update the URL of the “overwrite.cli.url” line to your IP Address. It should look something like this.

'overwrite.cli.url' => 'https://xxx.xxx.xxx.xxx',

Below is an example of the completed config.txt file.

External IP Change Example

Be sure to check out my guide on port forwarding and use the following port 443 for internal, and I recommended a random port for the external port. Make sure when setting up the external port that it isn’t already reserved for a specific program.

When connecting to the Owncloud server externally, you will need to make sure you use https otherwise you will get an invalid request in your browser.

Setting up port forwarding is super easy to do and allows you to have access to your personal cloud on the go. Also after you have done this, you can still connect via your local IP as well.

I hope this tutorial has helped you make your very own Raspberry Pi OwnCloud. If you have any troubles, want to leave feedback or if I have missed anything feel free to drop us a comment below.

306 Comments

  1. Avatar for Ken
    Ken on

    Thank you for this tutorial, best one I’ve come across during this process.

    I ran into an error as I tried to restart nginx

    ~ $ sudo systemctl restart nginx
    Job for nginx.service failed because the control process exited with error code.
    See "systemctl status nginx.service" and "journalctl -xeu nginx.service" for details.
    
    $ nginx -t
    2023/12/29 09:36:48 [warn] 27619#27619: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
    2023/12/29 09:36:48 [emerg] 27619#27619: cannot load certificate "/etc/nginx/cert.pem": BIO_new_file() failed (SSL: error:8000000D:system library::Permission denied:calling fopen(/etc/nginx/cert.pem, r) error:10080002:BIO routines::system lib)
    nginx: configuration file /etc/nginx/nginx.conf test failed

    Any help is greatly appreciated, thank you!

    1. Avatar for Emmet
      Emmet on
      Editor

      Hi ken,

      Having a quick look over the logs you have provided, NGINX is having issues accessing the certificate you generated for some reason.

      Assuming NGINX is using the “www-data” user can you try taking ownership of the certificate.

      sudo chown www-data: /etc/nginx/cert.pem

      Alternatively, you can also use the command “journalctl -xeu nginx.service” to find out the error NGINX is throwing when the service starts up.

      Please let me know if you continue to run into issues.

      Kind regards,
      Emmet

  2. Avatar for JImmy
    JImmy on

    Bookworm has already not supported php7.4. I hope the tutorial have would updated.

    1. Avatar for Emmet
      Emmet on
      Editor

      Hi Jimmy,

      At this time, Owncloud still only official supports PHP 7.4. We link to a guide within this tutorial that shows you how to add a third-party PHP repository that will give you access to this older version.

      Alternatively I would recommend moving to Nextcloud instead which seems to move to newer versions of PHP as they are released.

      Cheers,
      Emmet

  3. Avatar for Ike
    Ike on

    Is it okay to use a powered external drive with a usb and not use a powered usb hub?

    1. Avatar for Emmet
      Emmet on
      Editor

      Hi Ike,

      As long as you are using a drive that takes its power from a source other than the Raspberry Pi itself then you should be fine.

      The main issue with drives that power itself off the USB connection of the Pi is that it can put a fair bit of power draw on the Raspberry Pi.

      Cheers,
      Emmet

  4. Avatar for Bill Steiner
    Bill Steiner on

    Do all of these instructions apply if my Pi is running Raspberry Pi OS (64-bit) Debian Linux 11 or is there another set of instructions for 64-bit OS?

    1. Avatar for Emmet
      Emmet on
      Editor

      Hi Bill,

      The steps should remain the same.

      Cheers,
      Emmet

Leave a Reply

Your email address will not be published. Required fields are marked *