This document can be used for Owncloud Ver 8 and Ubuntu Server 14.04.
If you are running owncloud and have it facing the public internet, you should really be enforcing https communication. Even if it is internal only, enforcing https is a good idea. Since owncloud runs on top of apache2, enabling https is pretty easy. There are lots of tutorials available for this. I have added this here for easy reference.
To start, you need to have a cert issued from a known authority or you create a self signed cert. If you plan on using WebDAV with IOS, I have found that a cert from a known authority works where a self signed certs cause issues. You can thank apple for that.
Since we are using certs, you need openssl modules if you don’t already have it installed.
You should have a public cert, private key, and a root-CA from the issuing Authority.
Copy your public cert PEM file into /etc/ssl/certs/my-public-cert.pem
Copy your private key file into /etc/ssl/private/my-private-key.key
Copy your CertAuth-Rootca.crt file into /usr/local/share/ca-certificates
This command will read in the Root-CA Cert and add it to the trusted list for this server.
sudo update-ca-certificates
Note: For some installations, you need to use “sudo dpkg-reconfigure ca-certificates” instead which calls update-ca-certificates
Now that the CA is trusted, enable the needed apache plugins:
a2enmod rewrite && a2enmod headers && a2enmod ssl
Create an apache virtual host:
nano /etc/apache2/conf-available/owncloud-ssl.conf
Add the following to the new file. This will forward requests from port http port 80 to https port 443 ensuring all communication is encrypted. The virtual host 443 is setup with the certificates specified. The mod_headers is an best practices entry from owncloud for a more secure server.
<VirtualHost *:80>
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>
<VirtualHost *:443>
ServerName 127.0.0.1
SSLEngine on
SSLCertificateFile /etc/ssl/certs/my-public-cert.pem
SSLCertificateKeyFile /etc/ssl/private/my-private-key.key
DocumentRoot /var/www/owncloud
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
</IfModule>
</VirtualHost>
Next we enable the new conf file:
a2enconf owncloud-ssl.conf
Restart apache:.conf
sudo service apache2 restart
Now access owncloud over https://servername . Notice “/owncloud” is not requried in the URL because of the Document Root entry in the conf we added to apache. Navigate to the Admin page and enable the “Enforce HTTPS” option. Enforce HTTPS can only be enabled while accessing the page via https.
HTTPS Enforcement on OwnCloud
All clients can now use https://servername to access the cloud. Http access is no longer available for clients making the server more secure.
NOTE: Some people have complained that this tutorial broke their apache config. If you have a problem, just remove the owncloud-ssl that we create here from enabled conf files in apache. Please make sure you understand what this config does before you put in into a production machine.
Could you add a step including how to create a self-signed certificate in case someone isn’t aware that this is necessary?
I caught it only because I have done this setup once before and recognized the error that my terminal returned.
In your VirtualHost script you end your script with;
>
There is one > to many in this piece of config.
Besides that it’s working perfectly.
Thanks!
I entered
/virtualhost>>
but it showed up as just >
I hope you still understand what I mean… 🙂
do anybody know how to get rid of the welcome screen and having problems redirecting from 80 to 443.
There’s nothing wrong with this config. I’ve used it many times. If you try to incorporate this into an existing apache and do not fully understand the config options…. well that’s a different story. Why not post the config and I’ll see if I can help. But don’t complain if you apply code into another config without understanding how it will impact what you already have.
Hi Mike,
I have ‘owncloud’ up and running on my Raspberry Pi 3 and seems to be working well. I am going in using an IP address i have registered with no-ip.com using http.
I am trying to convert it to https but i seem to have go suck at the line,
‘a2enmod rewrite && a2enmod headers && a2enmod ssl’
I have tried with and without ‘sudo’ but no luck.
I get the response ‘Module rewite does not exist!’
Can you hel please.
Hi Adrian, I hope this is just a typo: ‘Module rewite does not exist!’. It’s rewrite, not rewite. If you installed apache from public repos, a2enmod rewrite should be avilable.
Can someone post how to fix this? This tutorial broke my apache2…
I fixed it. It requires removing the owncloud-ssl.conf from /etc/apache2/conf-available as well as /etc/apache2/conf-enabled.
Running apache2ctl configtest will highlight the issues.
Just remove the owncloud-ssl from enabled confs.
Pingback: Enable Https Owncloud? The 52 Latest Answer