Monday 23 March 2015

OwnCloud Adding SSL encryption

I followed the directions from here, except that I had to make one very important addition before creating the certificate.

1. Install openssl and add it to apache:
sudo apt-get install openssl
sudo a2enmod ssl
sudo a2enmod rewrite
2. Make the SSL certificate. IMPORTANT: I had to set an environment variable before creating the certificate to give my server a name, otherwise the OwnCloud desktop client wouldn't accept the certificate.
export CN="owncloud"  ## This is the important environment variable
sudo mkdir -p /etc/apache2/ssl
sudo openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/owncloud.pem -keyout /etc/apache2/ssl/owncloud.key
sudo /etc/init.d/apache2 restart
3. I had to edit the OwnCloud configuration file so that https redirect works. Here is the new file from/etc/apache2/conf-enabled/owncloud.conf:
<VirtualHost IP-address-of-server:80>
ServerName myowndomain.com
ServerAlias www.myowndomain.com

#### Redirect to port 443 ###
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
#### End of Redirection configuration ###

Alias /owncloud /usr/share/owncloud

<Directory /usr/share/owncloud/>
    Options +FollowSymLinks
    AllowOverride All
    <IfVersion < 2.3>
    order allow,deny
    allow from all
    </IfVersion>
    <IfVersion >= 2.3>
    Require all granted
    </IfVersion>
</Directory>

</VirtualHost>

<VirtualHost IP-address-of-server:443>
ServerName myowndomain.com
ServerAlias www.myowndomain.com

####Configuration for SSL #####
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/owncloud.pem
SSLCertificateKeyFile /etc/apache2/ssl/owncloud.key
#### End of SSL Configuration ####

Alias /owncloud /usr/share/owncloud

<Directory /usr/share/owncloud/>
    Options +FollowSymLinks
    AllowOverride All
    <IfVersion < 2.3>
        order allow,deny
        allow from all
    </IfVersion>
    <IfVersion >= 2.3>
        Require all granted
    </IfVersion>
</Directory>

</VirtualHost>
4. Lastly I restarted apache sudo /etc/init.d/apache2 restart and checked to see if the OwnCloud login was now accessible via https and not http.
5. Note that for the desktop and iOS clients, I think I had to give the full address of the server, i.e.https://myowndomain.com/owncloud.

No comments:

Post a Comment