This is a Guide Post to get OwnCloud Setup with HTTPS for more basic use scenarios.
After 3 holiday vacation days spent playing around with the various OwnCloud builds, I’ve tried a number of successful options. BUT for new-comers this is tricky stuff, and despite there being some really great options posted already (like the Owncloud Rockon HTTPS guide which suggests stronger encryption and a better database) my opinion is that for many Rockstor users, it’s a bit too much and too tough to start with. Many just have Rockstor as a basic NAS for home or small office setups.
I think the other guides a much better for enterprise/large scale deployments, but if you’re looking for a simple, setup with the basics of HTTPS encryption in place --This post is for you. Hopefully you can learn a bit along the way and later can employ a better database and stronger encryption once you get the hang of the basic ideas here. This will be mostly Copy/Paste so it shouldn’t be too bad.
TUTORIAL
Phase 1: Getting keys – If you already have keys, skip to Phase 2.
First you need keys. SSH into Rockstor (or use the Shell-in-a-box) and generate keys. The easy way is to download and run a LetsEncrypt program called Certbot.
yum -y install certbot
certbot certonly
Make sure port 80 and 443 are open and forwarding to Rockstor through your firewall for this verification. If they aren’t publicly reachable, LetsEncrypt can’t see them. I found it easiest to let it use a webserver verification rather than webroot, but this will depend on your network setup.
The domain info you use in your certs will be what you’ll throughout this guide each time you see “YourDomain.com” in my examples. Once certbot builds your keys, they’ll be stored on Rockstor under the directory:
/etc/letsencrypt/live/YourDomain.com/
Phase 2: Prepping Rockstor
In Rockstor’s GUI go to Storage and create a shared named “owncloud”
Go to the Rock-Ons, click “Update”
Find the “owncloudHTTPS” Rock-on and click install
Link it to the “owncloud” storage share you just made.
Phase 3: SSH Work
SSH into Rockstor (or use the shell-in-a-box feature) and use cp to move them into /mnt2/owncloud:
cp etc/letsencrypt/live/YourDomain.com/cert.pem /mnt2/owncloud
cp etc/letsencrypt/live/YourDomain.com/privkey.pem /mnt2/owncloud
Enter your Rock-on Docker container (use the command docker ps
to see IDs).
Move the key files to your docker’s root.
docker exec -it YOURDOCKERID bash
mv privkey.pem /root/ && mv cert.pem /root/
Enter your Rock-on Docker container
docker exec -it YOURDOCKERID bash
echo ServerName owncloud >> /etc/apache2/apache2.conf
a2enmod rewrite && a2enmod headers && /etc/init.d/apache2 restart
Re-enter your Rock-on Docker container (just press “up” and “Enter”)
docker exec -it YOURDOCKERID bash
nano /etc/apache2/sites-enabled/000-default.conf
Paste this text: (you may need a text editor… apt update && apt install nano
)
<VirtualHost *:443>
ServerName owncloud
SSLEngine on
SSLCertificateFile /root/cert.pem
SSLCertificateKeyFile /root/privkey.pem
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</VirtualHost>
Save and close
rm /etc/apache2/sites-available/default-ssl.conf
nano /etc/apache2/sites-available/default-ssl.conf
Paste this but change your domain name:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin@YourDomain.com
SSLEngine on
SSLCertificateFile /root/cert.pem
SSLCertificateKeyFile /root/privkey.pem
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
OwnCloud won’t load for most addresses aside for localhost. You’ll need to add your more specific addresses in the following file:
nano config/config.php
Add your addresses to the trusted domains section.
'trusted_domains' =>
array (
0 => '192.168.1.11:8445',
1 => 'YourDomain.com',
2 => 'YourDomain.com:8445',
),
Phase 4: Testing, Troubleshooting
Run the following and keep en eye out for errors. It’ll tell you any lines that have having errors and needing fixed.
a2enmod ssl && apache2ctl configtest
save and close
apache2ctl restart
Phase 5: Finale
In the Rock-on sections of Rockstor, Restart the owncloudHTTPS Docker and see if the UI works. You should be off to the races now, ready to make the first account and get started.
Best of luck!
Notes:
If you get untrusted domain errors, play with the config/config.php file again.
If you don’t load anything at all, it might be your router is stopping you. Make sure your firewall is open to accepting through that port, or make sure port forwarding is on if you use that.