Public | Automated Build

Last pushed: 2 years ago
Short Description
owncloud headless installable
Full Description

Docker OwnCloud Container (marvambass/owncloud)

maintained by MarvAmBass

FAQ - All you need to know about the marvambass Containers

What is it

This Dockerfile (available as marvambass/owncloud) gives you a completly secure owncloud.

It's based on the marvambass/nginx-ssl-php Image

View in Docker Registry marvambass/owncloud

View in GitHub MarvAmBass/docker-owncloud

Environment variables and defaults

For Headless installation required

OwnCloud Install Settings

  • OWNCLOUD_DO_NOT_INITIALIZE
    • not set by default - it set with any value, initialization process is skipped

OwnCloud Database Settings

  • OWNCLOUD_MYSQL_USER
    • no default - if null it will use sqlite
  • OWNCLOUD_MYSQL_PASSWORD
    • no default - if null it will use sqlite
  • OWNCLOUD_MYSQL_HOST
    • default: mysql
  • OWNCLOUD_MYSQL_PORT
    • default: 3306 - if you use a different mysql port change it
  • OWNCLOUD_MYSQL_DBNAME
    • default: owncloud

OwnCloud Admin Settings

  • OWNCLOUD_ADMIN
    • default: admin - the name of the admin user
  • OWNCLOUD_ADMIN_PASSWORD
    • default: <randomly generated 10 characters> - the password for the admin user

OwnCloud Site Settings

  • OWNCLOUD_RELATIVE_URL_ROOT
    • default: / - you can chance that to whatever you want/need
  • OWNCLOUD_HSTS_HEADERS_ENABLE
    • default: not set - if set to any value the HTTP Strict Transport Security will be activated on SSL Channel
  • OWNCLOUD_HSTS_HEADERS_ENABLE_NO_SUBDOMAINS
    • default: not set - if set together with OWNCLOUD_HSTS_HEADERS_ENABLE and set to any value the HTTP Strict Transport Security will be deactivated on subdomains

Inherited Variables

Using the marvambass/owncloud Container

First you need a running MySQL Container (you could use: marvambass/mysql).

You need to --link your mysql container to marvambass/owncloud with the name mysql

docker run -d -p 443:443 --link mysql:mysql --name owncloud marvambass/owncloud

Fail2ban

You can use Fail2ban to block bruteforce password attacks.

In order to use Fail2ban you need to make your owncloud.log available on the outside.
This may be the regular case if you mapped /owncloud/data to the outside.

Fail2ban Filter

Now we need to create a new Fail2ban Filter to recognise bruteforce attacks on owncloud.
There are two kinds of Filters needed, which depends on your configuration.

owncloud is directly available

/etc/fail2ban/filter.d/docker-owncloud-direct.conf

[Definition]
failregex={.*Login failed:.*IP: '<HOST>',.*"}
ignoreregex =

owncloud is behind reverse proxy

/etc/fail2ban/filter.d/docker-owncloud-proxied.conf

[Definition]
failregex={.*Login failed:.*X-Forwarded-For: '<HOST>'.*"}
ignoreregex =

Fail2ban Jail Config

/etc/fail2ban/jail.d/docker-owncloud.conf

[docker-owncloud-direct]
enabled = false
port    = http,https
filter  = docker-owncloud-direct
logpath = /var/docker-owncloud/data/owncloud.log
maxretry = 3

[docker-owncloud-proxied]
enabled = false
port    = http,https
filter  = docker-owncloud-proxied
logpath = /var/docker-owncloud/data/owncloud.log
maxretry = 3

Just enable the suitable rule, check if the logpath is right you may also change maxretry and port to your needs.

Restart Fail2ban and that's all!

Docker Pull Command
Owner
marvambass
Source Repository

Comments (0)