Public | Automated Build

Last pushed: 5 months ago
Short Description
Bleeding edge ownCloud container with the latest stable release. Now with PHP7!
Full Description

docker-owncloud

4 June 2016 Update: It looks to me like some major thing just happend to ownCloud. Appairently a significant number of the core ownCloud devs have jumped ship and started a new cloud thingy called Nextcloud. I've made a docker container and associated github repo just like this one to follow nextcloud too. I'll keep supporting this project along side the new Nextcloud one until I can see a winner.

Simple to use Docker container with the latest stable ownCloud server release, complete with all the bells and whistles. This project is 100% transparent and trustable, every file in the resulting docker image is traceable and inspectable by following up the docker image depenancy tree which starts with my Arch Linux base image.

Please report any issues or improvement ideas to the github issue tracker
Pull requests welcome! Let's work together!

Say thanks by adding a star here and/or here.

Check out the wiki for some stuff that I didn't include here because I thought the readme was getting too big. Feel free to add new content to the wiki as you see fit.

Features

  • NEW FEATURE: Try the latest ownCloud daily build by using l3iggs/owncloud:daily
  • Streamlined Let's Encrypt functionality built right in
    • This will fetch valid, trusted and free SSL certs for your domain and install them into the image!
    • Hurray for green lock icons!
  • Superfast
    • Uses PHP7 with APCu and Zend OpCache for maximum performance
  • Now with image version tags corresponding to OwnCloud release versions
    • So you won't get unexpectedly upgraded and you can safely stay on an OC version you know is working for you
  • Built in (optional) MySQL database server (faster than sqlite default)
    • Or specify your own pre-existing database server during setup
  • Web GUI driven initial setup of user/password/database
  • Based on Arch Linux ensuring everything is cutting edge & up to date
  • SSL (HTTPS) encryption works out-of-the-box
    • Tweaked for maximum security while maintaining compatibility
  • Optionally enable automatic SSL certificate regeneration at runtime for maximum security
    • Or easily incorporate your own SSL certificates
  • In-browser document viewing and editing ready (.odt, .doc, and .docx)
  • In-browser media viewing ready (pretty much everything I think)
  • Comes complete with all of the official ownCloud apps pre-installed:
    • Bookmarks
    • Calendar
    • Contacts
    • Documents
    • Gallery
  • Or install your own 3rd party apps

Usage

  1. Install docker
  2. Download and start the owncloud server instance

    docker run --name oc -p 80:80 -p 443:443 -d l3iggs/owncloud
    

    NOTE: In case you have an outdated version of l3iggs/owncloud you can update it with docker pull l3iggs/owncloud before you run the server via the above docker run... command

  3. Access your ownCloud server
    Point your web browser to https://localhost/owncloud
  4. Setup ownCloud
    Follow the on-screen instructions to perform the initial setup of your server.
  5. [Optional] Harden security
    This image comes complete with a self-signed ssl certificate already built in, so https access is ready to go out of the box. I've provided this pre-generated certificate for convienence and testing purposes only. It affords greatly reduced security (compared to using secret certificates) since the "private" key is not actually private; anyone can download this image and inspect the keys and then decrypt your ownCloud traffic (sniffing your login credentials for example). To make the ssl connection to this ownCloud server secure, you can:
    (A) provide your own (secret) ssl certificate files
    (B) use the script provided here to generate new, self-signed certificate files
    or
    (C) use the script provided here to fetch (free) certificates for your domain from the Let's Encrypt project
    All of these will provide equal security (since the encryption key will be kept secret) but (B) will result in browser warnings whenever somone visits your site since the web browser will likely not trust your self-generated and self-signed keys.


    For option (A) (providing your own SSL cert files):
    Put your server.crt and server.key files (named exactly that) in a directory ~/sslCert on your host machine, then run (also on your host machine):

    sudo chown -R root ~/sslCert
    sudo chgrp -R root ~/sslCert  
    sudo chmod 400 ~/sslCert/server.key
    

    Then insert the following into the docker startup command (from step 2. above) between run and --name:

    -v ~/sslCert:/root/sslKeys
    

    For option (B) (using the built-in script to re-generate your own self-sigend ssl certificate):

    • The image includes a bash script (/usr/sbin/setup-apache-ssl-key) that generates new ssl cert files on command (and overwrites the pregenerated ones included in this image). You can use this script to regenerate a new SSL key anytime, on the fly. After starting the docker image as described above, run the following command:
      docker exec -it oc sh -c 'SUBJECT="/C=US/ST=CA/L=CITY/O=ORGANIZATION/OU=UNIT/CN=localhost" DO_SSL_SELF_GENERATION=true setup-apache-ssl-key'
      
    • To have a new ssl certificate generated automatically every time the image is started, insert the following into the docker startup command (from step 2. above) between run and --name:
      -e DO_SSL_SELF_GENERATION=true -e SUBJECT=/C=US/ST=CA/L=CITY/O=ORGANIZATION/OU=UNIT/CN=localhost
      
      The SUBJECT variable is actually optional here, but I put it in there to show how to change the generated certificate to your liking, especially important if you don't want your certificate to be for localhost

    For option (C) (fetching a free, trusted cert from letsencrypt.org):
    For this to work, this container must be reachable from the internet by visiting http://your.domain.tld (where "your.domain.tld" will obviously be unique to you). In fact, a Let's Encrypt robot will attempt to visit this address via port 80 to read files served up by the apache server in this container during the certificate fetching process to verify your ownership of the domain.
    Start the docker image as described above, except you must specify your hostname: add --hostname=your.domain.tld between run and --name. Then once the container is running, issue the following command (substituting your proper email address):

    docker exec -it oc sh -c 'EMAIL=youremail@addre.ss DO_SSL_LETS_ENCRYPT_FETCH=true setup-apache-ssl-key'
    

    ~30 seconds later you should get a green lock in your browser when visiting your OC server at https://your.domain.tld/owncloud
    Now save your newly fetched certificate files somewhere safe:

    docker cp oc:/etc/letsencrypt/archive/your.domain.tld ~/letsencryptFor_your.domain.tld
    

    and next time you use docker to start your OC server container, use option (A) to feed your .key and .crt files into the image when it starts.
    NOTE: Let's Encrypt gives you a certificate that's valid for three months, afterwhich it needs to be renewed if you'd like to continue getting green locks in your browser. If you run the above DO_SSL_LETS_ENCRYPT_FETCH=true setup-apache-ssl-key command, and then you leave your server running without restarting for three months or longer, your certificate should be auto-renewed forever. If you restart the container, you'll probably need to re-issue the DO_SSL_LETS_ENCRYPT_FETCH=true setup-apache-ssl-key command again manually if you don't want your certificate to expire three months after you first fetched it.
    NOTE #2: Let's Encrypt has a strict rate limiting policy; it will only grant 5 certificates / 7 days / domain so be very careful with how often you issue the DO_SSL_LETS_ENCRYPT_FETCH=true setup-apache-ssl-key command above

  6. [Optional] Stop the docker-owncloud server instance

    docker stop oc
    

    You can restart the container later with docker start oc

  7. [Optional] Delete the docker-owncloud server instance (after stopping it)

    docker rm oc #<--WARNING: this will delete anything stored inside the container
    
  8. Profit.

Updating your ownCloud server in this container

Periodically new ownCloud server versions will be released. You should probably keep your server on whatever the latest stable version is. When a new update is released you'll see a banner appear across the top of the ownCloud web interface indicating that it's time to upgrade.
You should follow the official ownCloud instructions for updating your ownCloud server using the updater app built into this container. You'll need to change the permissions of some files in the container to allow them to be updated. I've tried to make this straightforward by including a script to manage the permissions for you. Before you run the updater app (as described in the official instructions), run docker exec -it oc sh -c 'set-oc-perms upgrade'. Then after you've completed the upgrade, set the permissions back to their "safer" default values like this: docker exec -it oc sh -c 'set-oc-perms runtime'.

Docker Pull Command
Owner
l3iggs
Source Repository

Comments (48)
dukekautington
5 months ago

First: This seems to be the most complete implementation of Owncloud in docker. Thank YOU!

However, I'm running into a couple issues.

First I have the same issue as @desert991 when trying option C
"sh: 1: setup-apache-ssl-key: not found"

Second problem is that my container doesn't listen on 443.

root@host:/var/www/html# lsof -Pi
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 1 root 4u IPv6 2524987 0t0 TCP *:80 (LISTEN)

nucshuco
7 months ago

Im getting this error
This version of ownCloud is not compatible with PHP 7.1.
You are currently running 7.1.1. Please use at least ownCloud 9.2.0

was working fine a couple of months ago. had to rebuild.

chaba
9 months ago

Hello!
I try to run container with own certificates, as shown in option A, and get the error:
AH00526: Syntax error on line 143 of /etc/httpd/conf/extra/httpd-ssl.conf:
SSLCertificateFile: file '/root/sslKeys/fullchain.pem' does not exist or is empty
~/sslCert is mounted to /root/sslKey and i can see my certificate and key there.
What i do wrong?

federico87
10 months ago

Got this error when I try to run with letsencrypt

root@UKLNDLABDMZ:~# docker exec -it oc sh -c 'EMAIL=lvrfrc87@gmail.com DO_SSL_LETS_ENCRYPT_FETCH=true setup-apache-ssl-key'
Fetching ssl certificate files for mysecurecloud.ddns.net from letsencrypt.org.
This container's Apache server must be reachable from the Internet via http://mysecurecloud.ddns.net
An unexpected error occurred:
Bug in pythondialog: expected an empty output from u'infobox', but got: u'Error opening terminal: unknown.\n'Please see the logfile 'certbot.log' for more details

mneund
a year ago

@federico:

You have to set the env variable ALLOW_INSECURE=true, i.e. add '-e ALLOW_INSECURE=true' to your options

federico87
a year ago

Great stuff! I love this docker. However when started, seems not listening on port 80 despite the command 80:80. Because of that is not possible to run the letsencript.org certification. Any idea why?

desert991
a year ago

I tried to work with option C) to get ssl support for my docker owncloud and get the following error:
"sh: 1: setup-apache-ssl-key: not found"
Could anybody help?

wazzgood
a year ago

I've been experiencing a lot of problems attempting to start the owncloud v9, It would prompt me to add the domain name to the trusted list yet even after modifying the config.php directly it wouldn't allow me to continue.
Downgrading to v8 did allow me to continue past the initial configuration screen and use owncloud though webdav wouldn't work so I couldn't synchronise files.

My issue ended up being 'apparmor' in Ubuntu causing interference. The following resolved my issue:
sudo update-rc.d -f apparmor remove
sudo service apparmor stop

Running the docker container with the latest v9 build now works for me.

mcbadass
a year ago

I'm having an issue with the latest version (9.0.0.1 I think) that won't allow me to change the upload file size from the Admin control panel. Is this an issue with the php.ini config or something within Owncloud itself?

jistax
2 years ago

Love your work with the letsEncrypt!
Tried to get it to work with the official owncloud docker-box but without success so i got really happy when a saw that you made one! Looking forward for a "real" one :)