Owncloud Docker Upgrade - SSL problem

Hello,

For a long time ago I have installed owncloud as Docker version 10.0 on Ubuntu 16 LTS with a SSL certificate.
Later I have upgraded to Ubuntu 18 and everything still worked fine.

Now I tried to upgrade the owncloud version from 10.0 to 10.4 however I can’t reach my onwcloud Server over https anymore. Over http it still works.
I did exactly the steps as described for an upgrade with docker (https://doc.owncloud.org/server/10.4/admin_manual/installation/docker/).

Is there anything else I have to do for SSL?

Thank you very mich for your help and infos.

Best regards.

Reverse proxy (traefik for example) is needed. Check this blog post:

Also check this example with docker-compose:

1 Like

ok…thank you. I will have a look at it.

Could you please explain me, why now I have to use a reverse proxy in combination with owncloud Docker? Is this necessary with the new Docker image? Thanks

No SSL in the Docker images. But this is not so new, change was made in 2018:
https://github.com/owncloud-docker/server/blob/master/CHANGELOG.md#2018-10-09

1 Like

thanks, I understand :slight_smile:

Hi, I understand that SSL is no longer supported with the actual Docker setup. But I don’t want to use Traefik.

I not really want to analyze Docker structure. So, please, could you provide me some details about the Docker’s structure?
Where are stocked apache2’s variable like “APACHE_DOCUMENT_ROOT”
What is the site config file (full path name) to add “SSLCertificateKeyFile” parameter, etc?
All other information that could be useful to set this up!!!

Thanks you for your help and great work!!

Hey @skinless,

i think you should create a new thread about this different questions. :wink:

I found a solution, it’s more a workaround a bit tricky but that works…
So, if you are not comfortable with bash script, docker and apache2, it’s probably not for you.
This is a resume of my procedure to enable SSL without Traefik.

For my example I use these folder names :

  • owncloud = Folder where I put docker-compose.yml file
  • ownclouddata = Folder for owncloud service (equivalent to /mnt/data/ inside the docker).
  1. Create a folder ./owncloud/ownclouddata/ssl

  2. copy service certificate/key and CA certificate (if self-signed certificate) inside this folder

  3. apply appropriate access for the folder and sub-files (www-data:root rr-)

  4. create a file ./owncloud/ownclouddata/apacheSSL.inc
    put these lines inside this file:

SSLEngine on
SSLCertificateFile /mnt/data/ssl/ownCloud_cert.pem
SSLCertificateKeyFile /mnt/data/ssl/ownCloud_key.pem
SSLCACertificateFile /mnt/data/ssl/server_ca_cert.pem
<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>

Note that you must match filename with your certificates/key filenames inside your ssl folder

  1. create a new file ./owncloud/ownclouddata/set_SSL.sh
    add these lines inside this file:
#!/usr/bin/env bash
# Enable the apache2 SSL module 
a2enmod ssl
# Delete previous adding
sed -i '/^include \/mnt\/data.*/d' /etc/templates/apache.conf
# Adding SSL parameters to the apache.conf template file
sed -i '/<Directory/i include /mnt/data/apacheSSL.inc' /etc/templates/apache.conf
  1. Modify your ./owncloud/docker-compose.yml file to add the following line under
    services --> owncloud -->volumes
    - ./ownclouddata/set_SSL.sh:/etc/entrypoint.d/13-set_ssl.sh

  2. Execute the following command to reset and rebuild your container
    docker-compose down && docker-compose up -d

Wait until the service is up and running and try to access your ownCloud server with the httpS://
That can takes a moment, be patient. If you can’t access your server with https, try with http. If nothing happend, probably you have miss something…
Like I said at the beginning, it’s a tricky solution. It’s for people comfortable with bash script, apache2 and Docker/Docker-compose

The process is quite simple.
The volume line added in the docker-compose.yml file will add the script to the entrypoint folder and it will be executed to add SSL parameters required to run SSL on apache2 server.

It’s not the simplest way I found but that works very well and I don’t need to install Traefik to have SSL communication to my ownCloud.

Another great advantage to this method is that we can add any apache2 additional parameters directly inside the apacheSSL.inc file.

If that can help someone!!

2 Likes

looks good

I am gonna test it later