Webmonkey notes setting ssl piwik and owncloud under subdomains linode

• webmonkeying

As per usual part tutorial and mostly notes for me and anything with ridiculous names (e.g. username and domain) means replace with your information.

Ingredients

• 1 Linode (this one has my referral attached because I’m a bastard like that) or equivalent
• 1 copy of Piwik
• 1 copy of ownCloud Server (grab clients for your devices while you’re there if you like)
• 1-2 ssl certificates (depending on whether you can use wildcard certificates and are going to be running Piwik and ownCloud from the same domain, I like StartSSL but any certificate from anywhere will work)

I downloaded Piwik directly to the Linode (saves two steps of downloading it and then uploading it, plus my upload speed is crap) and ownCloud conveniently has many packages.

Method

https subdomain setup

1. if it doesn’t already exist mkdir ~/public/domain/sub for each subdomain
2. upload domain.crt, domain.key, any additional certificates and keys for other domains, and ca-root.pem (or it might also be a crt) to /home/username on the Linode. If multiple certficates were issued from the same certificate CA they should all be able to use the same root certificate as long as they’re the right type of certificate (e.g. in the case of StartSSL they have different root certificates for Class 1 and Class 2/3 validations and presumably a different one again for extended validations)
3. sudo mv domain.crt domain.key ca-root.pem /etc/apache2/ssl and whack in your password.
4. sudo nano /etc/apache2/sites-available/sub.domain
5. first virtualhost block redirects from http to https, second one to do all the stuff related to the website

   # domain: sub.domain 
   # public: /home/username/public/domain/public/sub 
   
   RewriteEngine On 
   RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] 
   
   ServerAdmin you@email 
   ServerName sub.domain 
   
   DiretoryIndex index.php 
   DocumentRoot /home/username/public/domain/public/sub 
   
   SSLEngine On 
   SSLCertificateFile /etc/apache2/ssl/domain.crt 
   SSLCertificateKeyFile /etc/apache2/ssl/domain.key 
   SSLCertificateChainFile /etc/apache2/ssl/ca-root.pem
   

6. sudo a2ensites sub.domain for each domain
7. sudo service apache2 reload

Setting up Piwik

1. wget http://builds.piwik.org/latest.zip && unzip latest.zip from the home directory
2. mv piwik/* public/domain/public/sub
3. mysql -u root -p and enter password
4. create database piwik;
5. grant all on piwik.* to 'piwik' identified by 'some sensible password';
6. flush privileges;
7. exit
8. point browser at sub.domain (whichever one is going to house Piwik)
9. follow instructions

Setting up ownCloud

I’m a numpty and forgot that you need to make the owncloud database so instructions edited.

1. I currently have an Ubuntu 12.04LTS server (which may or may not change in the not-too-distant future, anyway there’s seven distros listed at time of writing) so wget http://download.opensuse.org/repositories/isv:ownCloud:community/xUbuntu_12.04/Release.key to download the key and sudo apt-key add - < Release.key to trust packages from them
2. sudo sh -c "echo 'deb http://download.opensuse.org/repositories/isv:/ownCloud:/community/xUbuntu_12.04/ /' >> /etc/apt/sources.list.d/owncloud.list"
3. sudo apt-get update
4. sudo apt-get install owncloud
5. ownCloud installs to /var/www/owncloud by default so we are going to move it to the subdomain folder we set up for it: sudo mv /var/www/owncloud/ ~/public/domain2/sub/
6. mysql -u root -p
7. enter password
8. create database owncloud;
9. grant all on owncloud.* to 'some admin user' indentified by 'some sensible password';
10. flush privileges;
11. exit
12. visit sub.domain2 and follow the instructions to install the server

There’s a user manual to get things set up and syncing. With wither OSX native Contacts or Calendar (Contacts I think but honestly can’t remember now) I had to set up the account from within the program rather than using the System Preferences overview. iOS7 involves a bit of shenanigans where you follow the instructions

and after it’s whinged about possibly not being able to sync your account, go back into it and make sure the https is in the url, and then everything is sweet.

See, easy as. Note to self: don’t forget the directives again.