OwnCloud with HTTPS setup for SOHO use

This is a Guide Post to get OwnCloud Setup with HTTPS for more basic use scenarios.

After 3 holiday vacation days spent playing around with the various OwnCloud builds, I’ve tried a number of successful options. BUT for new-comers this is tricky stuff, and despite there being some really great options posted already (like the Owncloud Rockon HTTPS guide which suggests stronger encryption and a better database) my opinion is that for many Rockstor users, it’s a bit too much and too tough to start with. Many just have Rockstor as a basic NAS for home or small office setups.

I think the other guides a much better for enterprise/large scale deployments, but if you’re looking for a simple, setup with the basics of HTTPS encryption in place --This post is for you. Hopefully you can learn a bit along the way and later can employ a better database and stronger encryption once you get the hang of the basic ideas here. This will be mostly Copy/Paste so it shouldn’t be too bad.

TUTORIAL

Phase 1: Getting keys – If you already have keys, skip to Phase 2.

First you need keys. SSH into Rockstor (or use the Shell-in-a-box) and generate keys. The easy way is to download and run a LetsEncrypt program called Certbot.

yum -y install certbot
certbot certonly

Make sure port 80 and 443 are open and forwarding to Rockstor through your firewall for this verification. If they aren’t publicly reachable, LetsEncrypt can’t see them. I found it easiest to let it use a webserver verification rather than webroot, but this will depend on your network setup.

The domain info you use in your certs will be what you’ll throughout this guide each time you see “YourDomain.com” in my examples. Once certbot builds your keys, they’ll be stored on Rockstor under the directory:

/etc/letsencrypt/live/YourDomain.com/

Phase 2: Prepping Rockstor

In Rockstor’s GUI go to Storage and create a shared named “owncloud”

Go to the Rock-Ons, click “Update”

Find the “owncloudHTTPS” Rock-on and click install

Link it to the “owncloud” storage share you just made.

Phase 3: SSH Work

SSH into Rockstor (or use the shell-in-a-box feature) and use cp to move them into /mnt2/owncloud:

cp etc/letsencrypt/live/YourDomain.com/cert.pem /mnt2/owncloud
cp etc/letsencrypt/live/YourDomain.com/privkey.pem /mnt2/owncloud

Enter your Rock-on Docker container (use the command docker ps to see IDs).

Move the key files to your docker’s root.

docker exec -it YOURDOCKERID bash

mv privkey.pem /root/ && mv cert.pem /root/

Enter your Rock-on Docker container

docker exec -it YOURDOCKERID bash
echo ServerName owncloud >> /etc/apache2/apache2.conf
a2enmod rewrite && a2enmod headers && /etc/init.d/apache2 restart

Re-enter your Rock-on Docker container (just press “up” and “Enter”)

docker exec -it YOURDOCKERID bash
nano /etc/apache2/sites-enabled/000-default.conf

Paste this text: (you may need a text editor… apt update && apt install nano)

<VirtualHost *:443>
    ServerName owncloud
    SSLEngine on
    SSLCertificateFile      /root/cert.pem
    SSLCertificateKeyFile   /root/privkey.pem
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" 
</VirtualHost>

Save and close

rm /etc/apache2/sites-available/default-ssl.conf
nano /etc/apache2/sites-available/default-ssl.conf

Paste this but change your domain name:

<IfModule mod_ssl.c>
    <VirtualHost *:443>
                         ServerAdmin admin@YourDomain.com
                         SSLEngine on
                         SSLCertificateFile /root/cert.pem
                         SSLCertificateKeyFile /root/privkey.pem
                         SetEnvIf User-Agent ".*MSIE.*" \
                         nokeepalive ssl-unclean-shutdown \
                         downgrade-1.0 force-response-1.0
    </VirtualHost>
    </IfModule>

OwnCloud won’t load for most addresses aside for localhost. You’ll need to add your more specific addresses in the following file:

nano config/config.php

Add your addresses to the trusted domains section.

'trusted_domains' =>  
  array (
    0 => '192.168.1.11:8445',
    1 => 'YourDomain.com',
    2 => 'YourDomain.com:8445',
  ),

Phase 4: Testing, Troubleshooting

Run the following and keep en eye out for errors. It’ll tell you any lines that have having errors and needing fixed.

a2enmod ssl && apache2ctl configtest

save and close

apache2ctl restart

Phase 5: Finale

In the Rock-on sections of Rockstor, Restart the owncloudHTTPS Docker and see if the UI works. You should be off to the races now, ready to make the first account and get started.

Best of luck!

Notes:

If you get untrusted domain errors, play with the config/config.php file again.

If you don’t load anything at all, it might be your router is stopping you. Make sure your firewall is open to accepting through that port, or make sure port forwarding is on if you use that.

1 Like