4. Apache web servers using Red Hat Storage Server (Deploying OwnCloud)
Note: Before we get started with the Apache configuration, you may have noticed that the Apache servers are the only servers with multiple IP addresses. I’d just like to clarify that this is for the sole purpose of network separation from the Storage network where the Red Hat Storage Servers reside. This is just one method of maintaining separation from a Storage network. Feel free to use your own methods should you wish to.
Setting up your Apache web servers is very very similar to normal every day LAMP stacks. The key difference here is the order in which things are done to allow us to integrate it with Red Hat Storage.
We will be mounting our Red Hat Storage volume as /var/www which will ensure that all the content we store in that location will be replcated to all other servers. As Apache sets up directories during the package installation we’ll be mounting the replicated volume first which means we can save a few steps correcting file permissions and what not.
Add Extra repositories
In order to install OwnCloud, you will need to add an additional yum repository. You can do this with the following.
cd /etc/yum.repos.d/ wget http://download.opensuse.org/repositories/isv:ownCloud:community/RedHat_RHEL-6/isv:ownCloud:community.repo
Install Red Hat Storage Client
We also need to install packages required to mount a Red Hat Storage volume. To do this, run the following.
Note: You will need your systems subscribed to the “Red Hat Storage Native Client” software channel.
yum install -y glusterfs-fuse
Mount Red Hat Storage volume
As we don’t have the httpd package installed yet, we will need to create /var/www before mounting.
Mount the shared volume with the following.
mkdir /var/www echo "rhs01.example.com:/WWW /var/www glusterfs defaults,_netdev 0 0" >> /etc/fstab mount -a
Install required packages
Lets install the commonly used packages for web servers, including those to run websites with SSL. We will also be installing the required packages for OwnCloud in this step.
yum install -y httpd php php-mysql mod_ssl gd php-mbstring php-domxml-php4-php5 owncloud
The recommended use of SELinux is Enforcing by default, to maintain this standard we will need to use one of the SELinux boolean options to allow us to use Red Hat Storage as the backing location for our Apache web data. As Red Hat Storage taps into the FUSE filesystem, we will enable the use of FUSEFS with Apache.
To do this, run the following on all web servers.
setsebool -P httpd_use_fusefs on
As we will be using OwnCloud with SSL (Always recommended), we will need a certificate to use with Apache.
If you already have acquired a trusted SSL certificate feel free to use it here, or alternatively, you can generate a self signed certificate using this article.
Once you have your certificate, copy the crt and key files to /etc/httpd/ on each web server. My certificate file name is “owncloud.example.com.crt” and the private key file is “owncloud.example.com.key”.
We will be creating a virtual host called “owncloud.example.com” and we do this by creating a new virtual host within Apache.
The easiest method to do this is to create a new virtual host config file, you do this by creating the file /etc/httpd/conf.d/owncloud.example.com.conf.
Ensure your owncloud.example.com.conf file looks as follows.
<VirtualHost *:80> ServerName owncloud.example.com Redirect permanent / https://owncloud.example.com </VirtualHost> <VirtualHost 10.0.1.11:443> SSLEngine on SSLCertificateFile /etc/httpd/owncloud.example.com.crt SSLCertificateKeyFile /etc/httpd/owncloud.example.com.key ServerAdmin email@example.com DocumentRoot /var/www/html/owncloud ServerName owncloud.example.com </VirtualHost>
Note: We will be using the virtual IP 10.0.1.10 for owncloud.example.com, however you will notice the below shows the virtual host IP of 10.0.1.11. Your Apache configuration should use the local IP address you will use on each web server. So as I am only intending on using a single SSL website on this platform, I am using the IP address of the host server. Please keep this in mind when you create your virtual host configuration file on each web server.
Don’t forget to ensure it starts on reboot. For now, we will leave apache stopped until we deploy our OwnCloud content
chkconfig httpd on
If you leave iptables filtering on your systems, don’t forget to open ports 80 and 443. Just like with our MariaDB setup, we will also need to add a reply rule for our traffic to use the VIP with our Load Balancers. To do this, run the following
iptables -I INPUT -p tcp --dport 80 -j ACCEPT iptables -I INPUT -p tcp --dport 443 -j ACCEPT iptables -t nat -A PREROUTING -p tcp -d 10.0.1.10 --dport 80 -j REDIRECT iptables -t nat -A PREROUTING -p tcp -d 10.0.1.10 --dport 443 -j REDIRECT service iptables save
Lastly, its time to bring the web servers online. Start the httpd process on all web servers.
service httpd start
Once you’ve started Apache, jump back to your master load balancer. You should now see that all of your servers are online and reporting they are available.
You may notice one key difference with the web server setup compared to the mariadb setup. You can see (highlighted below), that “owncloud.example.com” has persistence set up on the load balancer. This is done on purpose as the OwnCloud application is session aware. If we do not maintain persistence here, the user will lose their session and have to re-log back in every time they refresh the page. To resolve this, we have set the server to maintain an existing session on the same real back end server for a period of time.
[root@lb01 ~]# ipvsadm -l IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP galera.example.com:mysql rr -> galera01.example.com:mysql Route 100 0 0 -> galera02.example.com:mysql Route 100 0 0 -> galera03.example.com:mysql Route 100 0 0 TCP owncloud.example.com:http rr persistent 30 -> web01.example.com:http Route 100 0 0 -> web02.example.com:http Route 100 0 0 -> web03.example.com:http Route 100 0 0 TCP owncloud.example.com:https rr persistent 30 -> web01.example.com:https Route 100 0 0 -> web02.example.com:https Route 100 0 0 -> web03.example.com:https Route 100 0 0 [root@lb01 ~]#
Now that we have our highly available, load balanced web infrastructure in place, its time to drop on the OwnCloud application into the mix.
Create MariaDB database and user
Use the following commands to create a database for OwnCloud and set up a non-root user account for database access. Don’t forget to change the password to something more secure.
mysql -u root -p -e "create database db_owncloud;" mysql -u root -p -e "GRANT ALL PRIVILEGES ON db_owncloud.* TO 'user_owncloud'@'%' IDENTIFIED BY 'password' WITH GRANT OPTION;"
The default OwnCloud location for data is /var/www/html/owncloud/data. Personally, I don’t like storing personal files in web assessible locations, even if an application has been “locked down” to prevent it. It is for this reason I have placed my OwnCloud data folder one level above what Apache is set up to share.
To follow my directory structure, do the following
mkdir -p /var/www/owncloud/data chown -R apache:apache /var/www/owncloud/data
Once you have all the above set up and working, you should now be able to browse to https://owncloud.example.com and start the web based installer.
I have used the below details for this example.
You will now be in a possible to start using OwnCloud, creating users and connecting to the service from Windows, Linux, Mac and mobile devices as well. One great new feature of Gnome3 for the Linux users as well, is the built-in support for OwnCloud via Online Accounts. You can have your OwnCloud account appear in your file manager as just another storage resource.