Public | Automated Build

Last pushed: 3 hours ago
Short Description
ownCloud 7 on Nginx
Full Description


Docker image for ownCloud with security in mind.

The build instructions are tracked on GitHub.
Automated builds are hosted on Docker Hub.

Why using this image

  • It is directly based on Debian stable. No additional image layers which blow up the total image size and might by a security risk.
  • Uses nginx as webserver.
  • Hardened TLS configuration.
  • Generates unique Diffie Hellman parameters to mitigate precomputation based attacks on common parameters. Refs: Guide to Deploying Diffie-Hellman for TLS.
  • Local caching enabled by default (APCu).
  • Installs the ownCloud tarball directly from and it securely verifies the GPG signature.
  • Makes installing of 3party apps easy and keeps them across updates.
  • The occ command can be used just by typing docker exec -ti $owncloud_container_name occ.
  • ownCloud can only be updated by redeploying the container. No update via the web interface is possible. The ownCloud installation is fully contained in the container and not made persistent. This allows to make the ownCloud installation write protected for the Webserver and PHP which run as www-data.
  • Automated database update on ownCloud update during the startup of a redeployed/updated container.

Getting the image

You have two options to get the image:

  1. Build it yourself with make build.
  2. Download it via docker pull jchaney/owncloud (automated build).

ownCloud up and running

Checkout the Makefile for an example or just run make owncloud which will setup a ownCloud container instance (called "owncloud"). After that, just head over to http://localhost/ and give it a try. You can now create an admin account. For testing purposes you can use SQLite (but remember to use a real database in production).

Running ownCloud in production

Setup a separate container running your database server and link it to the ownCloud container.
For running in production, you need to provide a TLS key and certificate. The
Makefile defaults to /etc/ssl/private/ssl-cert-snakeoil.key and
/etc/ssl/certs/ssl-cert-snakeoil.pem. Make sure those files exist or extend
the Makefile (you can include this Makefile and overwrite some variables in
your own Makefile).
You might also want to change variables like
docker_owncloud_permanent_storage to define where the persistent data will be
To generate self signed once you can run the following command:

make-ssl-cert generate-default-snakeoil

To setup ownCloud with MariaDB as backend, just run:

make owncloud-production

In the initial ownCloud setup, you need to supply the database user, password, database name and database host which you can look up via:

make owncloud-mariadb-get-pw

Note that this command also shows you the MariaDB root password which you need to write down because you will not be able to access it later (after you run make owncloud-production again to update the containers, the passwords will be different and not match the once which are actually used).

That should be it :smile:

Update your container and ownCloud

It is recommended to rebuild/pull this image on a regular basis and redeploy your ownCloud container(s) to get the latest security fixes.
Note that ownCloud version jumps are uploaded to the latest tag of this image once they are tested. You might want to watch this repository to see when this happens.

Once the ownCloud image is up-to-date, just run:

make owncloud-production

to update your container. ownCloud usually requires a database update when the version of ownCloud is bumped. This process has been automated for this Docker image but remember that you are still in charge of making backups/snapshots prior to updates!

Installing 3party apps

Just write the command(s) needed to install apps in a configuration file and make sure it is present as /owncloud/3party_apps.conf in your container.

Checkout the example configuration and the install script for details.

docker-compose support

You can also run this image with docker-compose. First you need to declare all env variables since docker-compose does not support (yet) default variables.

# Where to store data and database ?
export docker_owncloud_permanent_storage="~/owncloud_data"

# SSL Certificates to use.
export docker_owncloud_ssl_cert="../certs/cloud.cert"
export docker_owncloud_ssl_key="../certs/cloud.key"

# Servername
export docker_owncloud_servername="localhost"

export docker_owncloud_http_port="80"
export docker_owncloud_https_port="443"
export docker_owncloud_in_root_path="1"

export docker_owncloud_mariadb_root_password=$(pwgen --secure 40 1)
export docker_owncloud_mariadb_user_password=$(pwgen --secure 40 1)

export image_owncloud="jchaney/owncloud"
export image_mariadb="mysql"


docker-compose up

That's all !

Related projects

  • official docker repository for ownCloud

    Uses Apache as webserver and is based on the official Docker PHP image.

  • l3iggs/owncloud

    Uses Apache as webserver and is based on a self build LAMP stack based on Arch Linux.

  • Ansible role to install and manage ownCloud instances

    Automation framework for setting up ownCloud on any Debian based system. This offers much
    more flexibility and is not limited to Docker. So you can setup a ownCloud
    instance in a KVM virtual machine and/or a LXC container for example.

    This role is part of the DebOps project which allows
    you to automate all the steps mentioned above (setting up a Hypervisor host with
    support for KVM and/or LXC, setting up the virtual machine/container and
    installing Webserver/PHP/Database and finally ownCloud).

    The real fun with this approach begins when you manage multiple instances
    because Ansible and this role allow you to run actions like ownCloud updates
    or enabling apps or the like on all your instances automatically.


The current maintainer is Robin ypid Schneider.

List of previous maintainers:

  1. Josh Chaney
  2. silvio



This project is distributed under GNU Affero General Public License, Version 3.

Docker Pull Command
Source Repository

Comments (15)
a year ago

I finally fighure it out , modify the owncloud/.user.ini in where u store the container

a year ago

works great ! thanks !
But how to modify the max upload size ?
in the admin console , there`s an limit to 513M
But the config file in the docker shows it should be 10G ?

a year ago


Thanks for this image, but I cannot make it works... I use it with Nginx Reverse Proxy and owncloud redirect me from http://mycloud.mydomain to https://localhost (which fails because I'm not on the localhost)... Reading Dockerfile, owncloud config must be volume mounted in /owncloud but how to know if it's actually read or what can be wrong?

Thanks in advance !

2 years ago

Hey thx, its pretty cool. I still have to checkout if the webdav stuff is working as well.

How can I change the subdomain/owncloud to subdomain?

Thank you!

2 years ago

Just to say thanks ! I used your automated build to make mine aries4/owncloud (v8, mysql, http only), in order to present this project at my school.

Thanks a lot !

2 years ago

still working well, thank you, but path is at

docker run -h -d \
--name srv-oc \
--link db-oc:db \
-v /opt/dockx/oc/files:/var/www/owncloud/data \
-v /opt/dockx/oc/logs/nginx:/var/log/nginx \
-v /opt/dockx/oc/logs/cron:/var/log/cron \

if working with jwilder/docker-nginx-proxy1

-e '' \

3 years ago

Getting permission error(s) on fresh Fedora 21 or CentOS 7 (official) cloud images:

sudo docker run -h -p 443:443 --name owncloud -v /mnt/files:/var/www/owncloud/data -v /home/fedora/ssl:/root/ssl -e "SSL_KEY=/root/ssl/" -e "SSL_CERT=/root/ssl/" jchaney/owncloud


Copying nginx.conf with SSL support..

chown: cannot read directory '/var/www/owncloud/data': Permission denied
Starting server..

==> /var/log/nginx/access.log <==

==> /var/log/nginx/error.log <==
2015/01/14 17:15:15 [emerg] 34#0: BIO_new_file("/root/ssl/oc.mydomain.cert") failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/root/ssl/','r') error:2006D002:BIO routines:BIO_new_file:system lib)

'mydomain' is actually a real domain when testing.

3 years ago

If I get the concept of docker correctly, images should be stateless. To achieve this, add

-v /some/path/on/host:/owncloud

this will store the database setup outside of the image as well, allowing you to do a

docker stop owncloud
docker rm owncloud
docker pull jchaney/owncloud
docker run ...

without loosing any data for upgrades etc.

3 years ago

@kedrigern: Problem is that at the localhost:8383 is nothing. App is at link: localhost:8383/owncloud

3 years ago

I have this problem too - doesn't work at localhost. When I run:

docker run -d --name "ocloud-db" -e "POSTGRES_PASSWORD=password" postgres:9
docker run -d --name "ocloud" --link "ocloud-db:db" \
    -v "/opt/docker/ocloud/data:/var/www/owncloud/data" \
    -p "8383:80" \

I get this error via docker logs:

Copying nginx.conf without SSL support..

Starting server..

==> /var/log/nginx/access.log <==

==> /var/log/nginx/error.log <==
2015/01/03 15:28:34 [error] 32#0: *1 directory index of "/var/www/" is forbidden, client:, server: , request: "GET / HTTP/1.1", host: "localhost:8383"
2015/01/03 15:28:34 [error] 32#0: *1 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client:, server: , request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "localhost:8383"

I have Fedora 21, SELinux in Permisive mode. Run via sudo. With other containers I have no problems.