Ubuntu 16.04 LTS as an ownCloud server

Secure Collaboration

Getting Your Own System

After a manual installation or a "canned" version by the provider, you now have a pristine Ubuntu installation. Besides the basic services, you have no software. In most cases, these "essential services" are restricted to SSH, which allows logins via the remote shell. Your first task now awaits you: SSH login with an SSH key is far safer than using a password. The public part of an SSH key belongs in ~/.ssh/authorized_keys. You can find instructions online [1] for Linux, Windows, and OS X on how to create an SSH key.

The first round of updates then follow: The basic installation of a distribution is usually only revised every few months. Updates to individual packages are released many times in between. Run

apt-get update
apt-get -y dist-upgrade

to install the latest updates after the basic install. This process regularly installs a new operating system kernel on the system, which requires a reboot (with the reboot command). When the system comes back after the restart, you can start installing ownCloud, and ownCloud needs a web server.

Setting Up Apache

OwnCloud is a PHP application that only works sensibly in conjunction with a web server. Nginx is a possibility, but the combination of Apache and ownCloud is certainly more widespread. Apache in a current version is included in Ubuntu, so you just need to install the apache2 package. However, Apache on Ubuntu is not set up out the box to support SSL for secure connections, which is unacceptable: The transfer of corporate data should be always encrypted.

The good news is that Apache itself is easily extended to include SSL functionality. For this purpose, you need the SSL certificate issued by an SSL Certificate Authority along with the corresponding private key; you should install these files in the /etc/apache2/ssl that you create with mkdir, if it does not exist. For simplicity's sake, I am assuming in this example that the certificate is named owncloud.crt and that owncloud.key is the matching key. The command

sudo a2enmod ssl && sudo service apache2 restart

enables the SSL module for Apache.

Configuring the SSL Default Page

Next, focus your attention on the /etc/apache2/sites-available/default-ssl.conf file, where you will find two lines that start with SSLCertificateFile and SSLCertificateKeyFile (Figure 1). The entries /etc/apache2/ssl/owncloud.crt and /etc/apache2/ssl/owncloud.key are correct for this example. The line that begins with DocumentRoot needs the value /var/www. So that the web server knows its name, the ServerName keyword must be present and must have a correct value (e.g., owncloud.example.com). If you want the setup to be accessible under alias domains (e.g., storage.example.com), you need to add a ServerAlias record. The shared domain must match the SSL certificate you use, because users with SSL-based access will otherwise see a certificate warning. Also, the value for SSLEngine must be on. Finally, copy the text in Listing 1 to the file.

Listing 1

Apache Config Addition

<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
</IfModule>
Figure 1: Some changes to the configuration of the Apache web server are necessary for the web browser to support SSL.

For each of the keywords mentioned, you have to remove the # at the beginning of the line if the respective line is commented out; then, type

sudo a2ensite default-ssl.conf
sudo a2enmod headers
sudo service apache2 restart

to enable the default SSL page, enable the module that allows the modification of HTTP headers in Apache, and restart Apache.

That's it: Apache now has an SSL certificate. By the way, if you have never been through the process of issuing an SSL certificate, you will find instructions online [2]. The referenced article refers to Let's Encrypt, a service that issues free SSL/TLS certificates.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • ownCloud

    ownCloud is an alternative to the many online storage services whose data protection promises could turn out to be as nebulous as their offerings.

  • Nine home clouds compared
    Dropbox was the first of a number of cloud service providers. However, only services that promise full control over your own data can give users a feeling of security. We provide an overview of nine cloud projects and two BitTorrent tools.
  • Novell Filr 1.0 tested
    External staff, home offices, individual smartphones, and cloud services like Dropbox can easily drive a security-conscious admin crazy. But, Novell's Filr file storage system is designed to solve most of these problems.
  • Exploring Apache CloudStack
    Apache's CloudStack offers flexibility and some powerful networking features.
  • Jira, Confluence, and GitLab
    Jira, Confluence, and GitLab are very popular DevOps tools and often form the basis for agile work flows. With the right Ansible playbooks, Ubuntu can be turned into an agile work center.
comments powered by Disqus