OwnCloud – More configurations

In a previous documento ya vimos como montar nuestro Dropbox corporativo, in this second OwnCloud document we will see additional configurations that we should make to have more functionalities such as sending links by email, put corporate logos, Filter by an AD Group, Default language in Spanish, Configuration for HTTPS, WebDAV connection and two interesting plugins to be able to log in everything that users do!

Configurando el correo,

Empezaremos por lo más básico, que el sistema de envío de correo pueda funcionar para que los usuarios puedan enviar correos electrónicos a la hora de compartir archivos.

First things, debemos introducir una dirección válida como origen de los correos de OwnCloud, editaremos ‘/var/www/owncloud/lib/public/util.php’ cambiaando ‘$defaultEmailAddress = ‘No*********@do*****.eso‘.

Configuraremos los parámetros de envío de correo en ‘/var/www/owncloud/config/config.php’, donde indicaremos el host de relay por el que sacaremos el correo y el típo de autenticación, example against a Zimbra that has the OwnCloud IP whitelisted, even though we could authenticate ourselves too:

'mail_smtpmode' => 'smtp',
'mail_smtphost' => '192.168.0.201',
'mail_smtpport' => 25,
#  'mail_smtpsecure'   => 'tls',
'mail_smtpauth' => False,
# 'mail_smtpauthtype' => "LOGIN",
'mail_smtpname' => '',
'mail_smtppassword' => '',

If we want to see how to create a relay connector in Exchange, We can go on this guide.

Changing the language,

Once the email has been configured, we will be able to indicate to OwnCloud that all the accounts that enter have a default language, To do this we edit '/var/www/owncloud/lib/l10n.php’ and indicate in '$language = 'es’ ;’ The language.

Changing the logos,

As for changing the logos, We can start with the main logo, which defaults to a size of 166x123px. We'll change the file 'owncloud-logo-medium-white.(png|SVG)’ why we are interested in having uploaded this VM by SCP in the files '/var/www/owncloud/apps/user_openid/templates/nomode.php’ and '/var/www/owncloud/core/templates/layout.guest.php’

And finally we'll change the small logo inside the OwnCloud portal to '/var/www/owncloud/core/templates/layout.user.php’ called 'core/img/logo-wide.(png|SVG)’ which defaults to 230x32px.

Enabling secure connections,

To enable connections using HTTPS, we must first enable SSL in Apache by running: 'sudo a2enmod ssl'.

Later we must generate a certificate request, send it to a certificate authority to finally install the certificate in the Apache and be able to attend to secure requests from OwnCloud.

We generate the CSR (Certificate Signing Request) with: 'openssl req -nodes -newkey rsa:2048 -Keyout owncloud.tundra-it.com.key -out owncloud.tundra-it.com.csr'. It will ask us a series of questions that we must complete as usual when generating certificates, In these following steps, the examples are made with the domain 'owncloud.tundra-it.com’ And obviously everyone can use whatever name they want for the certificates.
We will send the .csr file to the certificate authority or CA we trust (or our own DA) and we will obtain the certificate that we will rename it to 'owncloud.tundra-it.com.crt’ and that of the primary or intermediate certificate authority to: CA.crt.

We will create the file to enable the configuration of the new site with SSL: '/etc/apache2/conf.d/owncloud5-ssl.conf’

<VirtualHost *:443>
ServerName IP/NOMBRE_SERVIDOR
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/owncloud.tundra-it.com.crt
#/etc/ssl/crt/apache-cert.pem
SSLCertificateKeyFile /etc/apache2/ssl/owncloud.tundra-it.com.key
#/etc/ssl/key/apache-key.pem
SSLCertificateChainFile  /etc/apache2/ssl/CA.crt
DocumentRoot /var/www/owncloud
CustomLog /var/www/logs/ssl-access_log combined
ErrorLog /var/www/logs/ssl-error_log
</VirtualHost>

And we restarted Apache! We will now be able to access the files by secure connection, In addition, in the administration menu we can force all connections to be via https, o encrypt the contents of the files.

Filter by AD Group,

If we want to filter the users we want to access, we can do it through a group of users of our Active Directory, We will configure the following filters:

– Under 'User Login Filter'’ put: ‘(&(memberof=cn=Users with access,ou=Users,ou=Tundra IT,dc=tundra-it,dc=local)(sAMAccountName=%uid))’
– Under 'User Filter List'’ put: ‘(&(memberof=cn=Users with access,ou=Users,ou=Tundra IT,dc=tundra-it,dc=local)(objectClass=person))’.

Tracking users,

If we want to analyze what files our users store or which files they share with whom, we will be able to use two OwnCloud Apps that we will integrate into our installation, would be 'SuperLog’ and 'Share Watcher'.

The first, SuperLog, will allow us to know the files stored by users in our OwnCloud system, we will be able to download it, Unzip it in /var/www/owncloud/apps/

We can download it with wget, in this case we will rename the directory Owncloud-Superlog-master/ to superlog/ and correct the permissions with 'chown www-data:www-data superlog/ -R'.

We will enter the portal as an administrator and in the 'Applications' menu’ We will activate the app.

We will be able to see how we have a new section called 'SuperLog Activity’ in the 'Administration' menu, where everything that happens on our OwnCloud site will be recorded, We'll look at the files that users create, modify or delete.

If we also want to see the files they share and with whom, we must install the App Share Watcher, igualmente podremos descargarla con wget o copiarnosla con WinSCP o similar a /var/www/owncloud/apps/

Corregimos los permisos con ‘chown www-data:www-data files_share_watcher/ -R’.

Lo activamos una vez descomprimido.

Y ya podremos ver en el Historial estos registros también!

Conexión por WebDAV,

Esto sería otra manera de acceder al contenido de forma remota, en vez de mantener sincronizada la información podremos atacarla a ella fácilmente por WebDAV. Para ello sería tan fácil como conectar una unidad de red en Windows o montarla en un Mac/Linux.