For a long time ago I have installed owncloud as Docker version 10.0 on Ubuntu 16 LTS with a SSL certificate.
Later I have upgraded to Ubuntu 18 and everything still worked fine.
Now I tried to upgrade the owncloud version from 10.0 to 10.4 however I can’t reach my onwcloud Server over https anymore. Over http it still works.
I did exactly the steps as described for an upgrade with docker (https://doc.owncloud.org/server/10.4/admin_manual/installation/docker/).
Could you please explain me, why now I have to use a reverse proxy in combination with owncloud Docker? Is this necessary with the new Docker image? Thanks
Hi, I understand that SSL is no longer supported with the actual Docker setup. But I don’t want to use Traefik.
I not really want to analyze Docker structure. So, please, could you provide me some details about the Docker’s structure?
Where are stocked apache2’s variable like “APACHE_DOCUMENT_ROOT”
What is the site config file (full path name) to add “SSLCertificateKeyFile” parameter, etc?
All other information that could be useful to set this up!!!
I found a solution, it’s more a workaround a bit tricky but that works…
So, if you are not comfortable with bash script, docker and apache2, it’s probably not for you.
This is a resume of my procedure to enable SSL without Traefik.
For my example I use these folder names :
owncloud = Folder where I put docker-compose.yml file
ownclouddata = Folder for owncloud service (equivalent to /mnt/data/ inside the docker).
Create a folder ./owncloud/ownclouddata/ssl
copy service certificate/key and CA certificate (if self-signed certificate) inside this folder
apply appropriate access for the folder and sub-files (www-data:root rr-)
create a file ./owncloud/ownclouddata/apacheSSL.inc
put these lines inside this file:
SSLEngine on
SSLCertificateFile /mnt/data/ssl/ownCloud_cert.pem
SSLCertificateKeyFile /mnt/data/ssl/ownCloud_key.pem
SSLCACertificateFile /mnt/data/ssl/server_ca_cert.pem
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
Note that you must match filename with your certificates/key filenames inside your ssl folder
create a new file ./owncloud/ownclouddata/set_SSL.sh
add these lines inside this file:
#!/usr/bin/env bash
# Enable the apache2 SSL module
a2enmod ssl
# Delete previous adding
sed -i '/^include \/mnt\/data.*/d' /etc/templates/apache.conf
# Adding SSL parameters to the apache.conf template file
sed -i '/<Directory/i include /mnt/data/apacheSSL.inc' /etc/templates/apache.conf
Modify your ./owncloud/docker-compose.yml file to add the following line under
services --> owncloud -->volumes - ./ownclouddata/set_SSL.sh:/etc/entrypoint.d/13-set_ssl.sh
Execute the following command to reset and rebuild your container docker-compose down && docker-compose up -d
Wait until the service is up and running and try to access your ownCloud server with the httpS://
That can takes a moment, be patient. If you can’t access your server with https, try with http. If nothing happend, probably you have miss something…
Like I said at the beginning, it’s a tricky solution. It’s for people comfortable with bash script, apache2 and Docker/Docker-compose
The process is quite simple.
The volume line added in the docker-compose.yml file will add the script to the entrypoint folder and it will be executed to add SSL parameters required to run SSL on apache2 server.
It’s not the simplest way I found but that works very well and I don’t need to install Traefik to have SSL communication to my ownCloud.
Another great advantage to this method is that we can add any apache2 additional parameters directly inside the apacheSSL.inc file.
