4 June 2016 Update: It looks to me like some major thing just happend to ownCloud. Appairently a significant number of the core ownCloud devs have jumped ship and started a new cloud thingy called Nextcloud. I've made a docker container and associated github repo just like this one to follow nextcloud too. I'll keep supporting this project along side the new Nextcloud one until I can see a winner.
Simple to use Docker container with the latest stable ownCloud server release, complete with all the bells and whistles. This project is 100% transparent and trustable, every file in the resulting docker image is traceable and inspectable by following up the docker image depenancy tree which starts with my Arch Linux base image.
Please report any issues or improvement ideas to the github issue tracker
Pull requests welcome! Let's work together!
Check out the wiki for some stuff that I didn't include here because I thought the readme was getting too big. Feel free to add new content to the wiki as you see fit.
- NEW FEATURE: Try the latest ownCloud daily build by using
- Probably you should report any issues you find here to the official oc issue tracker
- Streamlined Let's Encrypt functionality built right in
- This will fetch valid, trusted and free SSL certs for your domain and install them into the image!
- Hurray for green lock icons!
- Uses PHP7 with APCu and Zend OpCache for maximum performance
- Now with image version tags corresponding to OwnCloud release versions
- So you won't get unexpectedly upgraded and you can safely stay on an OC version you know is working for you
- Built in (optional) MySQL database server (faster than sqlite default)
- Or specify your own pre-existing database server during setup
- Web GUI driven initial setup of user/password/database
- Based on Arch Linux ensuring everything is cutting edge & up to date
- SSL (HTTPS) encryption works out-of-the-box
- Tweaked for maximum security while maintaining compatibility
- Optionally enable automatic SSL certificate regeneration at runtime for maximum security
- Or easily incorporate your own SSL certificates
- In-browser document viewing and editing ready (.odt, .doc, and .docx)
- In-browser media viewing ready (pretty much everything I think)
- Comes complete with all of the official ownCloud apps pre-installed:
- Or install your own 3rd party apps
- Install docker
Download and start the owncloud server instance
docker run --name oc -p 80:80 -p 443:443 -d l3iggs/owncloud
NOTE: In case you have an outdated version of
l3iggs/owncloudyou can update it with
docker pull l3iggs/owncloudbefore you run the server via the above
- Access your ownCloud server
Point your web browser to https://localhost/owncloud
- Setup ownCloud
Follow the on-screen instructions to perform the initial setup of your server.
[Optional] Harden security
This image comes complete with a self-signed ssl certificate already built in, so https access is ready to go out of the box. I've provided this pre-generated certificate for convienence and testing purposes only. It affords greatly reduced security (compared to using secret certificates) since the "private" key is not actually private; anyone can download this image and inspect the keys and then decrypt your ownCloud traffic (sniffing your login credentials for example). To make the ssl connection to this ownCloud server secure, you can:
(A) provide your own (secret) ssl certificate files
(B) use the script provided here to generate new, self-signed certificate files
(C) use the script provided here to fetch (free) certificates for your domain from the Let's Encrypt project
All of these will provide equal security (since the encryption key will be kept secret) but (B) will result in browser warnings whenever somone visits your site since the web browser will likely not trust your self-generated and self-signed keys.
For option (A) (providing your own SSL cert files):
server.keyfiles (named exactly that) in a directory
~/sslCerton your host machine, then run (also on your host machine):
sudo chown -R root ~/sslCert sudo chgrp -R root ~/sslCert sudo chmod 400 ~/sslCert/server.key
Then insert the following into the docker startup command (from step 2. above) between
For option (B) (using the built-in script to re-generate your own self-sigend ssl certificate):
- The image includes a bash script (
/usr/sbin/setup-apache-ssl-key) that generates new ssl cert files on command (and overwrites the pregenerated ones included in this image). You can use this script to regenerate a new SSL key anytime, on the fly. After starting the docker image as described above, run the following command:
docker exec -it oc sh -c 'SUBJECT="/C=US/ST=CA/L=CITY/O=ORGANIZATION/OU=UNIT/CN=localhost" DO_SSL_SELF_GENERATION=true setup-apache-ssl-key'
- To have a new ssl certificate generated automatically every time the image is started, insert the following into the docker startup command (from step 2. above) between
-e DO_SSL_SELF_GENERATION=true -e SUBJECT=/C=US/ST=CA/L=CITY/O=ORGANIZATION/OU=UNIT/CN=localhost
SUBJECTvariable is actually optional here, but I put it in there to show how to change the generated certificate to your liking, especially important if you don't want your certificate to be for
For option (C) (fetching a free, trusted cert from letsencrypt.org):
For this to work, this container must be reachable from the internet by visiting http://your.domain.tld (where "your.domain.tld" will obviously be unique to you). In fact, a Let's Encrypt robot will attempt to visit this address via port 80 to read files served up by the apache server in this container during the certificate fetching process to verify your ownership of the domain.
Start the docker image as described above, except you must specify your hostname: add
--name. Then once the container is running, issue the following command (substituting your proper email address):
docker exec -it oc sh -c 'EMAILemail@example.com DO_SSL_LETS_ENCRYPT_FETCH=true setup-apache-ssl-key'
~30 seconds later you should get a green lock in your browser when visiting your OC server at https://your.domain.tld/owncloud
Now save your newly fetched certificate files somewhere safe:
docker cp oc:/etc/letsencrypt/archive/your.domain.tld ~/letsencryptFor_your.domain.tld
and next time you use docker to start your OC server container, use option (A) to feed your
.crtfiles into the image when it starts.
NOTE: Let's Encrypt gives you a certificate that's valid for three months, afterwhich it needs to be renewed if you'd like to continue getting green locks in your browser. If you run the above
DO_SSL_LETS_ENCRYPT_FETCH=true setup-apache-ssl-keycommand, and then you leave your server running without restarting for three months or longer, your certificate should be auto-renewed forever. If you restart the container, you'll probably need to re-issue the
DO_SSL_LETS_ENCRYPT_FETCH=true setup-apache-ssl-keycommand again manually if you don't want your certificate to expire three months after you first fetched it.
NOTE #2: Let's Encrypt has a strict rate limiting policy; it will only grant 5 certificates / 7 days / domain so be very careful with how often you issue the
DO_SSL_LETS_ENCRYPT_FETCH=true setup-apache-ssl-keycommand above
- The image includes a bash script (
[Optional] Stop the docker-owncloud server instance
docker stop oc
You can restart the container later with
docker start oc
[Optional] Delete the docker-owncloud server instance (after stopping it)
docker rm oc #<--WARNING: this will delete anything stored inside the container
Updating your ownCloud server in this container
Periodically new ownCloud server versions will be released. You should probably keep your server on whatever the latest stable version is. When a new update is released you'll see a banner appear across the top of the ownCloud web interface indicating that it's time to upgrade.
You should follow the official ownCloud instructions for updating your ownCloud server using the updater app built into this container. You'll need to change the permissions of some files in the container to allow them to be updated. I've tried to make this straightforward by including a script to manage the permissions for you. Before you run the updater app (as described in the official instructions), run
docker exec -it oc sh -c 'set-oc-perms upgrade'. Then after you've completed the upgrade, set the permissions back to their "safer" default values like this:
docker exec -it oc sh -c 'set-oc-perms runtime'.
First: This seems to be the most complete implementation of Owncloud in docker. Thank YOU!
However, I'm running into a couple issues.
First I have the same issue as @desert991 when trying option C
"sh: 1: setup-apache-ssl-key: not found"
Second problem is that my container doesn't listen on 443.
root@host:/var/www/html# lsof -Pi
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 1 root 4u IPv6 2524987 0t0 TCP *:80 (LISTEN)
Im getting this error
This version of ownCloud is not compatible with PHP 7.1.
You are currently running 7.1.1. Please use at least ownCloud 9.2.0
was working fine a couple of months ago. had to rebuild.
I try to run container with own certificates, as shown in option A, and get the error:
AH00526: Syntax error on line 143 of /etc/httpd/conf/extra/httpd-ssl.conf:
SSLCertificateFile: file '/root/sslKeys/fullchain.pem' does not exist or is empty
~/sslCert is mounted to /root/sslKey and i can see my certificate and key there.
What i do wrong?
Got this error when I try to run with letsencrypt
root@UKLNDLABDMZ:~# docker exec -it oc sh -c 'EMAILfirstname.lastname@example.org DO_SSL_LETS_ENCRYPT_FETCH=true setup-apache-ssl-key'
Fetching ssl certificate files for mysecurecloud.ddns.net from letsencrypt.org.
This container's Apache server must be reachable from the Internet via http://mysecurecloud.ddns.net
An unexpected error occurred:
Bug in pythondialog: expected an empty output from u'infobox', but got: u'Error opening terminal: unknown.\n'Please see the logfile 'certbot.log' for more details
You have to set the env variable ALLOW_INSECURE=true, i.e. add '-e ALLOW_INSECURE=true' to your options
Great stuff! I love this docker. However when started, seems not listening on port 80 despite the command 80:80. Because of that is not possible to run the letsencript.org certification. Any idea why?
I tried to work with option C) to get ssl support for my docker owncloud and get the following error:
"sh: 1: setup-apache-ssl-key: not found"
Could anybody help?
I've been experiencing a lot of problems attempting to start the owncloud v9, It would prompt me to add the domain name to the trusted list yet even after modifying the config.php directly it wouldn't allow me to continue.
Downgrading to v8 did allow me to continue past the initial configuration screen and use owncloud though webdav wouldn't work so I couldn't synchronise files.
My issue ended up being 'apparmor' in Ubuntu causing interference. The following resolved my issue:
sudo update-rc.d -f apparmor remove
sudo service apparmor stop
Running the docker container with the latest v9 build now works for me.
I'm having an issue with the latest version (126.96.36.199 I think) that won't allow me to change the upload file size from the Admin control panel. Is this an issue with the php.ini config or something within Owncloud itself?
Love your work with the letsEncrypt!
Tried to get it to work with the official owncloud docker-box but without success so i got really happy when a saw that you made one! Looking forward for a "real" one :)