«

»

Jul 16 2015

Enable SSL for Owncloud 8 on Ubuntu

This was tested on Ubuntu Server Ubuntu 14.04.2 LTS x64 running Owncloud 8.0.4

1. Ensure you have ssl installed in Ubuntu

$ sudo apt-get install openssl

2. Enable the ssl and rewrite modules in apache2 :

$sudo su -
#a2enmod ssl
#a2enmod rewrite

3. Create a ssl directory inside /etc/apache2

# mkdir -p /etc/apache2/ssl

4. Create self signed ssl certificate. Fill the info as you wish. I’ve made the certificate valid for 10 years (3650 days).

# openssl req -new -x509 -days 3650 -nodes -out /etc/apache2/ssl/owncloud.pem -keyout /etc/apache2/ssl/owncloud.key

5. Edit Owncloud config file :

#nano /etc/apache2/conf-enabled/owncloud.conf

Change from :

Alias /owncloud "/var/www/owncloud/"
<Directory "/var/www/owncloud">
    Options +FollowSymLinks
    AllowOverride All

    <IfModule mod_dav.c>
      Dav off
    </IfModule>

    SetEnv HOME /var/www/owncloud
    SetEnv HTTP_HOME /var/www/owncloud
</Directory>

<Directory "/var/www/owncloud/data/">
  # just in case if .htaccess gets disabled
  Require all denied
</Directory>

to the config below. Replace 192.168.0.16 with your server’s IP address.
The highlighted text is the original config that must be left untouched.

#Listen 443
#uncomment and change the above only for other ports

 <VirtualHost 192.168.0.16:80>
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost 192.168.0.16:443>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/owncloud.pem
SSLCertificateKeyFile /etc/apache2/ssl/owncloud.key
DocumentRoot /var/www/owncloud/

Alias /owncloud "/var/www/owncloud/"
<Directory "/var/www/owncloud">
    Options +FollowSymLinks
    AllowOverride All

    <IfModule mod_dav.c>
      Dav off
    </IfModule>

    SetEnv HOME /var/www/owncloud
    SetEnv HTTP_HOME /var/www/owncloud
</Directory>

<Directory "/var/www/owncloud/data/">
  # just in case if .htaccess gets disabled
  Require all denied
</Directory>
</VirtualHost>

Restart Apache webserver.

#service apache2 restart

That’s it. All Owncloud connections will use SSL encryption.
Modify all desktop and mobile client settings to use https instead of http when accessing Owncloud.

To make your Owncloud accept connections from outside your home network, you must do the additional steps below :

7. Forward port 443 on your router to 192.168.0.16 port 443. If you used another port in the owncloud.conf file, make sure it’s the same as here.

8. Edit /var/www/owncloud/config/config.php and change the trusted domains section from :

'trusted_domains' =>
array (
0 => '192.168.0.16',
),

to

'trusted_domains' =>
array (
0 => '192.168.0.16',
1 => '89.90.91.92',
),

89.90.91.92 is a new IP allowed to connect to Owncloud and 192.168.0.16 is the Ubuntu server’s IP.

From outside, Owncloud will be accessible by using the following adress https://your-public-home-ip:443/owncloud

19 comments

Skip to comment form

  1. martin

    Thanks for a guide that is straight-forward!

    I’m having a bit of trouble though. After I followed this guide I tried to connect from browser to https://192.168.1.4/owncloud

    This gives me a warning that my connection is not private (NET::ERR_CERT_AUTHORITY_INVALID) and if i proceed, ignoring the warning, i get to a page saying:

    Not found
    The requested URL /owncloud/ was not found on this server.
    Apache/2.4.7 (Ubuntu) Server at 192.168.1.4 Port 443

    I copied the virtual host code above and changed my ip to my servers ip

    Any idea what i did wrong?

    1. Bogdan

      Hi. Is https://192.168.1.4 working ? Have you restarted Apache ?

      1. martin

        I reinstalled everything and it now works! Thanks

        1. Sandi

          Can you tell me, what did you do exactly? i have the same problem, thanks in advance.

  2. Robin

    I too have the same problem as martin described. .. and i’ve reinstalled more than a couple of times.
    I get a warning that my connection is not private (NET::ERR_CERT_AUTHORITY_INVALID)

    1. Bogdan

      Can you access the server by it’s IP, but without “/owncloud” at the end ?
      You don’t have the “Advanced” button ? If you click it, it should display the link to proceed. The connection is private, but the security certificate is self generated and therefore not trusted by your browser.

  3. Raphael França

    Tank you! very goooood!

  4. Peter

    Hi!
    Your tutorial works fine!
    In my configuration for owncloud is intended only 192.168.0.16/owncloud
    I have some other websites in my domain, 192.168.0.16 is main site, 192.168.0.16/lwt is another and so on.
    Now all my sites requesting ssl and displaying owncloud logo together with error message.
    How can I make only owncloud request ssl?

    1. Bogdan

      This part tells the server to redirect http port 80 to https port 443, so you must comment it :

       <VirtualHost 192.168.0.16:80>
      RewriteEngine on
      ReWriteCond %{SERVER_PORT} !^443$
      RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
      </VirtualHost>
      
      1. scott

        Thank you! But now i cannot access owncloud haha

        how to I redirect all that comes through port 80, only via my /owncloud directory?

      2. Morice

        thanks for your post, pretty useful. I am redirected to https://192.168.1.100:80/index.php. It changes the protocol but not the port. What am I doing wrong?

  5. indra

    thanks for easier guide,, i follow all step,, but i have a problem like this

    Bad Request

    Your browser sent a request that this server could not understand.
    Reason: You’re speaking plain HTTP to an SSL-enabled server port.
    Instead use the HTTPS scheme to access this URL, please.

    1. Bogdan

      You need to use https instead of http when accessing Owncloud URL.

  6. Antonio

    Thank you so much! It is working perfectly!

  7. Jeff

    I’m doing this on an Amazon EC2 instance with ubuntu 16 and the steps you provide work great! Added an https rule for port 443 to the instance’s security group (didn’t check to see that this was necessary, just assumed it was).

    Thanks!

    1. Bogdan

      Thanks for the info.

  8. stefano

    Hello,
    i got this errors when i go to edit the /etc/apache2/conf-enabled/owncloud.conf
    Job for apache2.service failed. See ‘systemctl status apache2.service’ and ‘journalctl -xn’ for details

  9. Joe

    I configured owncloud and when ever I go to https://192.168.1.10 it redirects me to https://192.168.1.10/owncloud. How do I disable redirect and make sure that I have to go to /owncloud to get access?

  10. Luciano

    Dear
    Congrats for your post! It worked on the first try!
    Tks
    Luciano Albano

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*