Installing on Debian+Nginx

Created on 2016/10/20, debian, nginx
Category: 

Last Update Updated on Dec. 8 2016 for Pydio 7

Following are the instructions for installing Pydio with Nginx on Debian Jessie.

Assumptions

You already have Debian 8.0 (Jessie) running with minimal stuff installed (no LAMP or existing web server stack). If php5 is already installed, make sure to remove it before installing php7.0 (or replace the instructions to use php5, must be > 5.6).

Install Packages

First we need to authenticate the nginx repository signature, we add the key used to sign the nginx packages and repository to the apt program keyring. Download this key and add it to the apt program keyring with the following command:

wget -O- http://nginx.org/keys/nginx_signing.key | apt-key add -
wget -O- https://www.dotdeb.org/dotdeb.gpg | apt-key add -

Then you can add at the end of /etc/apt/sources.list file:

echo deb http://nginx.org/packages/debian/ jessie nginx > /etc/apt/sources.list.d/nginx.list
echo deb-src http://nginx.org/packages/debian/ jessie nginx >> /etc/apt/sources.list.d/nginx.list

And

echo "deb http://packages.dotdeb.org jessie all" > /etc/apt/sources.list.d/dotdeb.list

Installing Nginx, PHP7-fpm and MySQL Server

So after that, you can install the prerequisites;

apt-get update
apt install nginx mysql-server php7.0 php7.0-fpm php7.0-mysql php7.0-curl php7.0-json php7.0-gd php7.0-intl php7.0-mbstring php7.0-xml php7.0-zip php7.0-exif php7.0-apcu

Once the prerequisites are installed, create the www directory and set ownership;

chown -R www-data:www-data /var/www

We need to configure php to support larger file uploads so edit the php.ini file;

vim /etc/php/7/fpm/php.ini

Edit the following values to your liking;

file_uploads = On
post_max_size = 20G
upload_max_filesize = 20G
max_file_uploads = 20000
output_buffering = Off

Then restart php fpm service

/etc/initp.d/php7.0-fpm restart

Configure VirtualHost

Now we need to configure Nginx to setup our Pydio web site (use your own domain name below);

vim /etc/nginx/sites-available/pydio.conf

As we are security concerned, everything hitting the port 80 is redirected to port 443 over HTTPS. Pydio installation folder is assumed to be /var/www/pydio.

server {
    listen 80;
    ### Change the following line to match your website name
    server_name YOUR_SERVER_NAME;
    rewrite ^ https://$server_name$request_uri? permanent;
}

server {
    listen 443 ssl;
    ### Change the following line to match your website name
    server_name YOUR_SERVER_NAME;
    root /var/www/pydio;
    index index.php;

    ### If you changed the maximum upload size in PHP.ini, also change it below
    client_max_body_size 20G;

    # Prevent Clickjacking
    add_header X-Frame-Options "SAMEORIGIN";

    # SSL Settings
    ### If you are using different names for your SSL certificate and key, change them below:
    ssl on;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

    # This settings are destined to limit the supported crypto suites, this is optional and may restrict the availability of your website.
    #ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    add_header Strict-Transport-Security "max-age=16070400; includeSubdomains";

    keepalive_requests    10;
    keepalive_timeout     60 60;
    access_log /var/log/nginx/access_pydio7.log;
    error_log /var/log/nginx/error_pydio7.log;

    client_body_buffer_size 128k;
    # All non existing files are redirected to index.php
    if (!-e $request_filename){
        # For old links generated from Pydio 6
        rewrite ^/data/public/([a-zA-Z0-9_-]+)$ /public/$1? permanent;
        rewrite ^(.*)$ /index.php last;
    }

    # Manually deny some paths to ensure Pydio security
    location ~* ^/(?:\.|conf|data/(?:files|personal|logs|plugins|tmp|cache)|plugins/editor.zoho/agent/files) {
            deny all;
    }

    # Forward PHP so that it can be executed
    location ~ \.php$ {

            fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
            fastcgi_param  SERVER_SOFTWARE    nginx;
            fastcgi_param  QUERY_STRING       $query_string;
            fastcgi_param  REQUEST_METHOD     $request_method;
            fastcgi_param  CONTENT_TYPE       $content_type;
            fastcgi_param  CONTENT_LENGTH     $content_length;
            fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
            fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
            fastcgi_param  REQUEST_URI        $request_uri;
            fastcgi_param  DOCUMENT_URI       $document_uri;
            fastcgi_param  DOCUMENT_ROOT      $document_root;
            fastcgi_param  SERVER_PROTOCOL    $server_protocol;
            fastcgi_param  REMOTE_ADDR        $remote_addr;
            fastcgi_param  REMOTE_PORT        $remote_port;
            fastcgi_param  SERVER_ADDR        $server_addr;
            fastcgi_param  SERVER_PORT        $server_port;
            fastcgi_param  SERVER_NAME        $server_name;

            try_files $uri =404;
            fastcgi_pass unix:/run/php/php7.0-fpm.sock ;
    }

    # Enables Caching
    location ~* \.(ico|css|js)$ {
        expires 7d;
        add_header Pragma public;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    }
}

Create database

Log in to mysql server and create a database. You must have set a password for root user during MySQL installation:

mysql -u root -p
create database pydio;

For better security, please make sure to create a dedicated mysql user for the application, and grant privileges to this DB. For now we assume you use root user to configure pydio.

Install Pydio

We can enable the site by deleting the default Nginx site and linking to the new site;

cd /etc/nginx/sites-enabled
rm default
ln -s ../sites-available/pydio.conf

Time to get the Pydio code. Download the latest version and save it to your /var/www directory. Extract the downloaded file to the root of the www directory;

cd /var/www
tar -xzf <gz file name here>
ls -l
mv <extracted directory name> pydio
rm -R /var/www/<gz file name here>
chown -R www-data:www-data /var/www/pydio

Now open a browser and hit your IP address or DNS name. The first time you access Pydio you will see a diagnostics page that will look like this.

You will need to fix any issues discovered by the Diagnostics program before continuing. You will notice the warning about SSL Encryption. I am accessing my server using Pound as a reverse proxy to encrypt the pages using SSL.

Once you have fixed any errors reported by the Diagnostics page click on the link under the title to continue to the Pydio installation wizard. Use the MySQL credentials and 'pydio' database you just created, and make sure to use the correct URL for the server (like https://your_server_name/), otherwise you may have issues loading public links.

That’s it. Pydio is now installed and waiting for you to configure workspaces and other customizations. There are plugins available and client applications

PS: Pydio 6 Nginx Configuration

This is the old config.

server {
        server_name www.example.com;
        listen 80;
        rewrite ^ https://$server_name$request_uri? permanent;
}
server {
        server_name www.example.com;
        root /var/www/<extracted directory name>;
        index index.php;
        listen 443 ssl;
        keepalive_requests    10;
        keepalive_timeout     60 60;
        access_log /var/log/nginx/access_pydio6_log;
        error_log /var/log/nginx/error_pydio6_log;

        client_max_body_size 15M;
        client_body_buffer_size 128k;

        rewrite ^/dashboard|^/settings|^/welcome|^/ws- /index.php last;
        if ( !-e $request_filename ) {
                # WebDAV Rewrites
                rewrite ^/shares /dav.php last;
                # Sync client
                rewrite ^/api /rest.php last;
                # External users
                rewrite ^/user ./index.php?get_action=user_access_point last;
                # Public shares
                rewrite ^/data/public/([a-zA-Z0-9_-]+)\.php$ /data/public/share.php?hash=$1?;
        }
        rewrite ^/data/public/([a-zA-Z0-9_-]+)--([a-z]+)$ /data/public/share.php?hash=$1&lang=$2?;
        rewrite ^/data/public/([a-zA-Z0-9_-]+)$ /data/public/share.php?hash=$1?;

        # Prevent Clickjacking
        add_header X-Frame-Options "SAMEORIGIN";

        # Only allow these request methods and do not accept DELETE, SEARCH and other methods
        if ( $request_method !~ ^(GET|HEAD|POST|PROPFIND|OPTIONS)$ ) {
                return 444;
        }

        location ~* ^/(?:\.|conf|data/(?:files|personal|logs|plugins|tmp|cache)|plugins/editor.zoho/agent/files) {
                deny all;
        }
        # Enables PHP
        location ~ \.php$ {
                # for ^/(index|plugins) request_uri should be changed
                set $request_url $request_uri;
                if ( $uri ~ ^/(index|plugins) ) {
                        set $request_url /;
                }
                include fastcgi.conf;
                fastcgi_param  REQUEST_URI $request_url;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                try_files $uri =404;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock ;
        }

       # Enables Caching
        location ~* \.(ico|css|js)$ {
                 expires 7d;
                add_header Pragma public;
                add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        }
}