How to Setup OwnCloud Server 5 with SSL Connection

in Cloud Server, Security

Today ownCloud is the best cloud storage and useful alternative to Dropbox or other file-hosting services. it free open source software and allowing you to have own cloud server in your home.

I previously wrote about step by step installing ownCloud 5 in ubuntu server 12.10. In this brief guide i will shown you Owncloud server 5 work with SSL/Https Connection.

Step by Step Configure OwnCloud Server 5 with SSL Connection

Step 1: Make sure ownCloud server 5 is installed correctly, you can see guide how to install ownCloud 5 here, Login to ubuntu server via ssh then switch to root mode.

sudo -i

Step 2: Editing file /etc/apache2/sites-enabled/000-default,  change “AllowOverride None” to “AllowOverride All”

nano /etc/apache2/sites-enabled/000-default

Step 3. you need to enable apache module mod_rewrite, mod_headers and mod_ssl, to enable both module use following command:

a2enmod rewrite && a2enmod headers && a2enmod ssl

Restart apache2 daemon:

service apache2 restart

Step 4. On this step you need to editing file configuration /etc/ssl/openssl.cnf,

nano /etc/ssl/openssl.cnf

Find and change the following line:

dir = /root/SSLCertAuth
default_days = 3650 # 10 years
default_bits = 2048 # recommended by NSA until 2030
countryName_default = US
0.organizationName_default = Ubuntu Contrib

Step 5. Create Directory for save all file SSL Certificate Authority, on this case I will make directory name “SSLCertAuth”

mkdir /root/SSLCertAuth
chmod 700 /root/SSLCertAuth
cd /root/SSLCertAuth
mkdir certs private newcerts
echo 1000 > serial
touch index.txt

Step 6. Run the following command to generating Certificate Authority (CA)

openssl req -new -x509 -days 3650 -extensions v3_ca \
-keyout private/cakey.pem -out cacert.pem \
-config /etc/ssl/openssl.cnf

Output:

owncloudssl generating Certificate Authority How to Setup OwnCloud Server 5 with SSL Connection

If you want to keep the default value, Hit [enter]

Step 7. Creating Certificate Signing Request

openssl req -new -nodes \
 -out apache-req.pem \
 -keyout private/apache-key.pem \
 -config /etc/ssl/openssl.cnf

Output:

owncloud SSL Creating Certificate Signing Request How to Setup OwnCloud Server 5 with SSL Connection

Step 8. Generate the certificate then copy the files to directory /etc/ssl :

openssl ca \
-config /etc/ssl/openssl.cnf \
-out apache-cert.pem \
-infiles apache-req.pem

output:

owncloud SSL Certificate Authority How to Setup OwnCloud Server 5 with SSL Connection

mkdir /etc/ssl/crt
mkdir /etc/ssl/key
cp /root/SSLCertAuth/apache-cert.pem /etc/ssl/crt
cp /root/SSLCertAuth/private/apache-key.pem /etc/ssl/key

Step 9. This final step W’ll to Configure HTTPS apache2 web server, create directory SSL log and create new file /etc/apache2/conf.d/owncloud5-ssl.conf to add the SSL virtualhost.

mkdir/var/www/logs
nano /etc/apache2/conf.d/owncloud5-ssl.conf

copy and paste this configuration:

<VirtualHost *:443>
      ServerName 192.168.1.5
      SSLEngine on
      SSLCertificateFile /etc/ssl/crt/apache-cert.pem
      SSLCertificateKeyFile /etc/ssl/key/apache-key.pem
      DocumentRoot /var/www/owncloud
      CustomLog /var/www/logs/ssl-access_log combined
      ErrorLog /var/www/logs/ssl-error_log
</VirtualHost>

Note: on this case my IP server 192.168.1.5, you can replace IP with your server hostname or domain

service apache2 restart

you now have secured, access owncloud using your favorite browser by typing on addressbar https://192.168.1.5 , it will appear like following screenshot

Link Reference:

 

Advertisement:
  • jamie

    Not sure why this failed, but I have followed everything as per the instructions but the output of step 8 is as follows. For extra info, I am running ubuntu 12.10
    root@anubis:~/SSLAuthCert# openssl ca

    > -config /etc/ssl/openssl.cnf

    > -out apache-cert.pem

    > -infiles apache-req.pem

    Using configuration from /etc/ssl/openssl.cnf

    Error opening CA private key ./root/SSLCertAuth/private/cakey.pem

    3074410120:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen(‘./root/SSLCertAuth/private/cakey.pem’,’r’)

    3074410120:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:

    unable to load CA private key

    • jamie

      Also, the file does exist in that location. Its, not empty the path is correct the permissions allow to be read. I’m not understanding why it can see the file?

    • rsevs3

      You have a ‘.’ at the start of your ‘dir = ‘ in the openssl.cnf file.

    • Stefan

      I figgured it out, you must type in the terminal ‘gksudo thunar’ with root privileges(see step 1), and then go to file system etc/ssl/openssl.cnf and open openssl.cnf with mousepad, make the changes he mentioned, then return to terminal and re-do the steps 6, 7 and 8.

  • Palen

    Hi, I have the exact same error as Jamie???

  • Savas

    Thank you for woderfull guide. Only thing needs to be added is ‘Common name’ should not be empty.

    Thanks again.

  • vve1505

    step 2 states to changes “AllowOverride None” to “AllowOverride All”; but what is unclear is that there are three places in the file that have the parameter “AllowOverride None”. Which one gets changes or do all of them get changed?

    • Revv

      +1 to this. What exactly is changed?

  • Vistor Johansson

    Thanks alot, works perfect.
    I had the same problem as Jamie + Palen because i did not pay enough attention to what happened in the previous steps. Guys you need to redo the steps and pay close attention, type in a password where you have to (or certs wont generate etc), supply the same information in the ca-signing-request as you have previously did when you generated the CA or it wont work.

    Good luck !

  • Sam

    Thank you for the post! It seems that it worked fine for me (during “instalation”) but i have encountered an error. Once i do https://myserver/owncloud it appear a message saying: “Cloud not found”. Does someone know how to solve this? Thamk you!

    • Sam

      Sorry for the comment. It works, you only have to do https://myserver , without the /owncloud reference. Thank you again one more time!

  • dante

    Worked flawlessly, thanks. Please add a note that a challenge password and common name fields should not be left blank (required)

  • Godfear

    worked perfect for me… awesome!

  • Mao

    Works good when followed exactly. Thank you.

  • http://dvr.redbeards.ca/ dvr

    Taking the time to share is greatly appreciated. Great Guide

  • http://dvr.redbeards.ca/ dvr

    Damn, did anyone else get CLOUD NOT FOUND? I do have my cloud stored on an external drive.
    But still, great guide.. ty..

  • Tobias Kliem

    The problem of dvr and Sam can easily be fixed by changing the “DocumentRoot” in the last configuration file to “/var/www”. Then you can access your owncloud via https://mydomain.com/owncloud. At least that seems to work for me. Thanks for the tutorial!

  • Chris

    this should work for my install on debian yea??

    • Neo

      I test all the procedure in Rasbian and was ok!!!

      Only you need to do a unique change:

      DocumentRoot /var/www/owncloud (Cloud NOT FOUND)

      the correct for Rasbian is:

      DocumentRoot /var/www

      pd. little mistake here: mkdir /var/www/logs (space needed ;) )

  • Anton Sack

    Hi there, I made an error when creating the cert/key pair and tried to sign the certificate again. But now everything is messed up and I would like to start from scratch. Could you please tell me how to revoke/delete all keys and certificates so far generated? Thanks a ton

  • Edwin

    Very helpful! You just made my day!

  • Osteele

    Thanks for sharing your time and knowledge with us. Works fine if I
    access owncloud locally. eg https://192.x.x.x/owncloud = However, I
    cannot access owncloud when using a dynamic ip address = eg.
    https://mydomain.no-ip.biz – The page cannot be displayed. I can access owncloud using the same dynamic address as long as I use http as opposed to https. Sorry my bad. I forgot to port forward 443 to y server.

  • Daniel T

    Thanks for sharing.
    Under Ubuntu Server 13.10 I ran into error “SSL received a record that exceeded the maximum permissible length” when trying to load owncloud web page.

    Was able to fix this by running the following, then reloading apache2:
    sudo a2ensite default-ssl

  • Bryan Chandler

    If you complete this and get the browser error
    “ERR_SSL_PROTOCOL_ERROR” in Chrome or
    “ssl_error_rx_record_too_long” in Firefox,
    the solution for me was that default-ssl was not enabled in apache 2.
    I had to execute:

    a2ensite default-ssl

    and everything worked.

    • Nuno

      Hi Bryan,

      Only to say thanks.
      With your post I’ve been able to solve the browser error.

      Once again, thanks.

    • Phillip Rumple

      This was the part missing; thank you so much, it worked great :)

  • Joe Kuzma

    I had a few errors, but I was able to fix them. Both were problems in STEP 9.

    First my apache server would not restart. Logs showed the SSL log directory did not exist. This is due to:
    mkdir/var/www/logs
    needs to be changed to add a space:
    mkdir /var/www/logs

    When trying to connect securely (https) I received “cloud not found.”
    The SSL configuration was incorrect:

    DocumentRoot /var/www/owncloud #INCORRECT
    DocumentRoot /var/www/ #CORRECT

  • 3piglets

    Works for owncloud 6 as well. The official owncloud manual did not mention anything about this ssl setup and their clients only talks to ssl server. My server does not have a gui, so I could not enable their ssl server from gui. This is a very helpful guide, Thank you so much!

    The only thing is that after this setup, my server can only serve owncloud on ssl. Ok for me, but what if others want to colocate multiple webservers with ssl? I’m a no expert on web server technologies, only a regular user, so I need a guide like this.

  • ubq

    how do you do a redirect from your http site to your https site? What is the location of the https site?

Previous post:

Next post: