How to Install Pydio Web File Manager on Debian 9
Pydio is a powerful open source web file sync and file share solution software for online collaboration, similar to Gdrive or other online file-sharing services. Mostly written in PHP programming language and Ajax, Pydio can be installed on a Linux virtual private server or physical server under Apache/Nginx web servers, PHP and MySQL/MariaDB database management system (also known as LAMP or LEMP stack), or it can be deployed in the cloud as well.
In this tutorial, we’ll cover the installation and configuration process of the Pydio Community Edition from source on Debian 9 release, on top of LAMP stack. We’ll cover the entire installation process from scratch with all required steps you need to perform on your Debian server in order to build a private online cloud for sharing documents, movies, music, or any other type of files.
Requirements
You need to meet the following requirements in order to deploy a Pydio file share cloud solution at your premises:
- A dedicated physical server or a virtual machine or a VPS with minimum 2Gb of RAM and the latest version of Debian 9 installed.
- One of the server network interfaces cards must be configured with a static IP address or the DHCP server must be configured to lease the same IP address for the server’s NIC
- Server console root privileges remotely via SSH or locally or a local or LDAP user with root privileges to the system via sudo utility.
- A publicly registered domain name or a private local domain name configured via your own DNS server at your premises. The domain name should be configured with all required DNS records, such an A and CNAME records to point back to www. However, you can still deploy Pydio and access the web cloud via your server IP address in case you don’t own a domain name.
- An email server configured at your premises in order to use Pydio registration or other features. You can also use a public mail service in this case, such as Gmail or Yahoo!
Pre-Requirements
To begin with, log in to your server console with the root account or an account with root powers and issue the following commands in order to assure that your Debian system is up-to-date with the latest security patches, software, repositories and kernel updates.
apt update
apt upgrade
In the next step, setup a descriptive name for your machine hostname with the command below (replace your hostname variable accordingly).
hostnamectl set-hostname www.mysharedfiles.com
Verify machine hostname and the record applied in system hosts file by issuing the following commands.
hostnamectl
cat /etc/hostname
hostname –f
hostname –s
Finally, reboot the server to apply kernel updates and the hostname changes properly.
systemctl reboot
In the next step, log in back to the system with root privileges and install the following system utilities, such as zip, unzip (to decompress zip archives), curl and wget (download online files) and bash-completion command line autocompletion.
su –
apt install bash-completion zip unzip curl wget imagemagick unoconv
In order to edit, compose or convert different image formats and convert documents via Pydio web interface, install ImageMagick software and unoconv – Universal Office Converter utilities by executing the following command.
apt install imagemagick unoconv
If you have Samba shares that need to be mounted in Pydio workspaces, install samba client in Debian with the following command.
apt-get install smbclient
Install Apache and PHP
In the next step, we’ll start by installing the server side components of the LAMP stack required by Pydio web share file cloud: the Apache HTTP server and the PHP programming language interpreter. We’ll also install all the required Pydio PHP modules and extensions. Issue the following command to install all described software components we just discussed.
apt install apache2 libapache2-mod-php7.0 php7.0 php7.0-gd php7.0-opcache php7.0-json php7.0-mbstring php7.0-xml php7.0-cli php7.0-curl php7.0-zip php7.0-xmlrpc php7.0-intl php-imagick php-smbclient
Next, check if all installed PHP modules are enabled in your system, something you can do by executing the following command.
php7.0 –m
In the next step, enable Apache HTTP server rewrite and SSL modules which will allow the use of .htaccess files in web server document root path so we can force visitors to securely browse the website via the HTTPS protocol. The SSL module will secure the traffic between the server and your client browsers with a Self-Signed Certificate automatically issued by Apache. Enable Apache SSL configuration file in order for the SSL module to work properly. Execute the following command to activate all required configurations.
a2enmod ssl rewrite
a2ensite default-ssl.conf
Next, open Apache default SSL site configuration file with a text editor and add the URL rewrite rules code lines after the DocumentRoot directive, as shown in the sample below.
nano /etc/apache2/sites-enabled/default-ssl.conf
SSL site configuration file excerpt:
DocumentRoot /var/www/html
<Directory /var/www/html>
Options +FollowSymlinks
AllowOverride All
Require all granted
</Directory>
Save and close the SSL Apache conf file and also open default vhost conf file for editing. Here, add the same URL rewrite rules as for SSL configuration file. Insert the lines of code after the DocumentRoot statement as shown in the example below.
nano /etc/apache2/sites-enabled/000-default.conf
000-default.conf file excerpt:
DocumentRoot /var/www/html
<Directory /var/www/html>
Options +FollowSymlinks
AllowOverride All
Require all granted
</Directory>
In order to apply all the changes made so far you need to restart the Apache daemon by issuing the command below.
systemctl restart apache2
Configure the Firewall
Before visiting your domain name or server IP address via a web browser opened in a computer at your premises, first add the required firewall rules to allow web traffic to pass the firewall. If your Debian server ships with UFW firewall application, you should add some new rules to allow HTTP/S traffic to pass through the firewall by issuing the following commands.
ufw allow ‘WWW Full’
or
ufw allow 80/tcp
ufw allow 443/tcp
You should also allow SSH traffic to pass through UFW firewall in case of remote connections to the server.
ufw allow 22/tcp
If your Debian server is behind an iptables firewall, add the following iptables raw rules to allow ports 80 and 443 inbound traffic to pass the firewall so that external visitors can browse the application.
apt-get install -y iptables-persistent
iptables -I INPUT -p tcp –destination-port 80 -j ACCEPT
iptables -I INPUT -p tcp –destination-port 443 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent
systemctl status netfilter-persistent
systemctl enable netfilter-persistent.service
In case you’re connected to the Debian server remotely via SSH, you should first add the below rule to allow SSH traffic to pass through iptables firewall. Otherwise, you will be locked up, because the firewall will start dropping all incoming traffic to port 22.
iptables -I INPUT -p tcp –destination-port 22 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent
Finally, to test if you can reach Apache HTTP server from a remote computer in your LAN, open a browser and visit your domain name or IP address of the server via HTTPS protocol. To display the server IP address, execute ifconfig or ip a command in the terminal. If your machine is a part of your internal infrastructure network and is hidden behind a NAT-ed network, execute the below command to get the public IP address.
curl ipinfo.io/ip
Because you’re using the automatically Self-Signed certificates pairs issued by Apache at installation, the certificate would be marked as untrusted by the browser and an error warning should be displayed in the browser. Hit on continue to bypass this warning, accept the untrusted certificate and continue to be redirected to Apache default web page.
https://yourdomain.tld
So far, we’ve only installed Apache web server and PHP interpreter in our Debian server. To complete the LAMP stack, needed to install Pydio file sharing solution, we need to install one final component that is missing: an RDBMS database backend.
Install MariaDB
In this tutorial, we’ll install Pydio with MariaDB database server as backend. In MariaDB database, the Pydio application will store users, website configurations, and other various data. In order to install MariaDB database server and client and the PHP MySQL extension in Debian 9, issue the following command.
apt install mariadb-server mariadb-client php7.0-mysql
By default, the database root account can be accessed by supplying a password in Debian 9. To overcome this security issue and secure the database server, first log in to MySQL console and execute the following commands to secure the MariaDB root account.
mysql -h localhost
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
MariaDB [(none)]> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [mysql]> update user set plugin=” where user=’root’;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [mysql]> exit
On the next step, start to secure MariaDB server by executing the script mysql_secure_installation. A series of questions designed to secure MariaDB database will be asked by this script. Answer with “yes” to all questions: remove anonymous users, disable remote root log in and delete the test database. Also, make sure you setup a strong password for database root account, as shown in the below excerpt.
mysql_secure_installation
==========================================================================================
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we’ll need the current
password for the root user. If you’ve just installed MariaDB, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on…
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
You already have a root password set, so you can safely answer ‘n’.
Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
… Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
… Success!
Normally, root should only be allowed to connect from ‘localhost’. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
… Success!
By default, MariaDB comes with a database named ‘test’ that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
– Dropping test database…
… Success!
– Removing privileges on test database…
… Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
… Success!
Cleaning up…
All done! If you’ve completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
======================================================================================
After the script completes, try to log in to the database from console with no root password. The access to the database should be denied if no password is provided for the root account, as illustrated in the below command excerpt:
mysql -h localhost -u root
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
If the password is supplied, the log in process should be granted to MySQL console, as shown in the command sample. Type exit to leave the database console.
mysql -h localhost -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 15
Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
MariaDB [(none)]> exit
Bye
Adjust PHP settings
Next, open PHP default configuration file for editing and change the following PHP variables as described below. Set the PHP timezone setting to match your system geographical location. The PHP date.timezone variable can be found by consulting the list of time zones provided by PHP docs at the following link http://php.net/manual/en/timezones.php
First, make a backup of the PHP configuration file.
cp /etc/php/7.0/apache2/php.ini{,.backup}
nano /etc/php/7.0/apache2/php.ini
Search, edit and change the following variables in the php.ini configuration file:
file_uploads = On
memory_limit = 128M
post_max_size = 80M
upload_max_filesize = 80M
output_buffering = 0
date.timezone = Europe/London
You should increase upload_max_file_size variable in PHP configuration file in order to support large file attachments.
You should also add OPCache plugin configurations for PHP7 in order to increase the load speed of the web application. Edit php.ini file and append the following lines of code at the bottom of the file, under the [opcache] statement, as detailed below:
nano /etc/php/7.0/apache2/php.ini
[opcache]
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
After you’ve added all the code lines described below, close the php.ini configuration file and check if the OPCache variables had been correctly added by issuing the following command.
grep opcache /etc/php/7.0/apache2/php.ini
In order to encrypt and protect Pydio files via PHP encoding, install Ioncube software on your Debian server by issuing the following commands:
wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz
tar xfz ioncube_loaders_lin_x86-64.tar.gz
cp ioncube/ioncube_loader_lin_7.0.so /usr/lib/php/20151012/
Then, edit the ioncube configuration file and add the following line.
nano /etc/php/7.0/apache2/conf.d/00-ioncube.ini
00-ioncube.ini file excerpt:
zend_extension=ioncube_loader_lin_7.0.so
Restart Apache server to apply the Ioncube extension.
systemctl restart apache2
As the final step in configuring LAMP stack, create a PHP info file in web server webroot path by executing the following command.
echo ‘<?php phpinfo(); ?>’| tee /var/www/html/info.php
Visit the PHP info script file from a browser at the following URL, and check if Ioncube Zend has been successfully loaded and, also, scroll down to date setting to check PHP time zone configuration. The timezone settings should reflect your PHP geographical location configured earlier.
https://domain.tld/info.php
Download and Install Pydio
Now that all system requirements have been met for installing Pydio community software, open a browser and navigate to Pydio official download page at https://pydio.com/en/community and copy the download link in order to grab the latest zip archive in your system via the wget utility.
wget https://download.pydio.com/pub/core/archives/pydio-core-8.0.2.zip
After Pydio zip archive download finishes, extract the zip archive file to your current working directory and list the extracted files with the ls command.
unzip pydio-core-8.0.2.zip
ls
Next, remove the default index.html file installed by the Apache web server to webroot path and also delete the info.php file created earlier.
rm /var/www/html/index.html
rm /var/www/html/public/info.php
Copy Pydio installation files located in your current working directory in pydio-core-8.0.2/ directory. Issue ls command to list this directory files for hidden files. Copy all the content of the extracted directory to your web server document root path by issuing the following command. Also, make sure you copy the hidden file .htaccess to webroot path.
ls -al pydio-core-8.0.2
cp -rf pydio-core-8.0.2/* /var/www/html/
cp pydio-core-8.0.2/.htaccess /var/www/html/
Next, grant Apache runtime user with full write permissions to the document root path by executing the following command. Use the ls command to list permissions for application’s installed files under the /var/www/html/ directory.
chown -R www-data:www-data /var/www/html/
ls -al /var/www/html/
Next, open Pydio bootstrap_conf.php configuration file located in the webroot path and modify the below lines, as shown in the below file excerpt:
nano /var/www/html/conf/bootstrap_conf.php
bootstrap_conf.php file sample:
setlocale(LC_ALL, "en_US.UTF-8");
define("AJXP_LOCALE", "en_EN.UTF-8");
In the next step, log in to MariaDB database console and create the Pydio application database. Also, add a new MySQL user for managing Pydio database and setup a strong password for this user. Issue the below commands to create database and user and make sure you replace the database name, user and password used in this guide with your own settings.
mysql –u root -p
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 305
Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE pydio_db;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on pydio_db.* to ‘pydio_user’@’localhost’ identified by ‘mypass123’;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
After you’ve created the database, open a browser and navigate to your server IP address or domain name via the HTTPS protocol in order to start with the Pydio web installation process. On the first installation screen, select your language and hit on Start Wizard button to start the installation process.
On the next installation screen, add an Application Title and the Welcome Message for Pydio application and hit on Next button to move to the next configuration screen.
Next, add your Pydio application administrator name and full name. Supply and confirm a strong password for admin account and hit on Next button to move to the next configuration screen.
In the next screen, configure database connection settings. Select MySQL as database type, use localhost as database host and add Pydio database name, user and password created earlier in order to connect to the database. Hit on the Test DB Connection button to log in to Pydio database and move forward with the installation process.
In advanced options screen, change application encoding dataset and server URL address if they weren’t correctly detected, enable the cache setting, add your email address and default language and hit on Install Pydio button to start the installation.
After the installation process completes, the install wizard will automatically redirect you to Pydio Login page form. Supply the application admin username and password configured during the installation process in order to log in to Pydio dashboard.
You can also log in to Pydio web sharing application by visiting your domain name or server IP address via HTTPS protocol.
https://www.yourdomain.tld
After logging in to Pydio admin dashboard, you can follow the wizard tour that will pop-up in order to quickly learn how to manage application via the web admin panel.
Some visitors might browse Pydio application in an unsecured way via HTTP protocol. In order to force all visitors to securely browse Pydio interface via HTTPS protocol go back to your server’s console and edit the .htaccess file located in web root directory by issuing the following command.
nano /var/www/html/public/.htaccess
Once the .htaccess file is opened for editing, search for the line that starts with RewriteEngine on and add the below redirect rules under this line.
# Redirect to HTTPS
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
Also, if you want to change PHP server settings, so that you can increase file upload sizes or other PHP variables, append the below lines to the bottom of .htaccess file, as shown in the below excerpt.
php_value upload_max_filesize 50M
php_value post_max_size 50M
Congratulations! You have successfully installed Pydio file sync and sharing application in Debian 9 server. For other special types of installation procedures and configurations regarding the application, visit the Pydio documentation page at the following address: https://pydio.com/en/docs/administration-guides
Share this page: