« Previous 1 2 3 4 Next »
Ubuntu 16.04 LTS as an ownCloud server
Secure Collaboration
Getting Your Own System
After a manual installation or a "canned" version by the provider, you now have a pristine Ubuntu installation. Besides the basic services, you have no software. In most cases, these "essential services" are restricted to SSH, which allows logins via the remote shell. Your first task now awaits you: SSH login with an SSH key is far safer than using a password. The public part of an SSH key belongs in ~/.ssh/authorized_keys
. You can find instructions online [1] for Linux, Windows, and OS X on how to create an SSH key.
The first round of updates then follow: The basic installation of a distribution is usually only revised every few months. Updates to individual packages are released many times in between. Run
apt-get update apt-get -y dist-upgrade
to install the latest updates after the basic install. This process regularly installs a new operating system kernel on the system, which requires a reboot (with the reboot
command). When the system comes back after the restart, you can start installing ownCloud, and ownCloud needs a web server.
Setting Up Apache
OwnCloud is a PHP application that only works sensibly in conjunction with a web server. Nginx is a possibility, but the combination of Apache and ownCloud is certainly more widespread. Apache in a current version is included in Ubuntu, so you just need to install the apache2 package. However, Apache on Ubuntu is not set up out the box to support SSL for secure connections, which is unacceptable: The transfer of corporate data should be always encrypted.
The good news is that Apache itself is easily extended to include SSL functionality. For this purpose, you need the SSL certificate issued by an SSL Certificate Authority along with the corresponding private key; you should install these files in the /etc/apache2/ssl
that you create with mkdir
, if it does not exist. For simplicity's sake, I am assuming in this example that the certificate is named owncloud.crt
and that owncloud.key
is the matching key. The command
sudo a2enmod ssl && sudo service apache2 restart
enables the SSL module for Apache.
Configuring the SSL Default Page
Next, focus your attention on the /etc/apache2/sites-available/default-ssl.conf
file, where you will find two lines that start with SSLCertificateFile
and SSLCertificateKeyFile
(Figure 1). The entries /etc/apache2/ssl/owncloud.crt
and /etc/apache2/ssl/owncloud.key
are correct for this example. The line that begins with DocumentRoot
needs the value /var/www
. So that the web server knows its name, the ServerName
keyword must be present and must have a correct value (e.g., owncloud.example.com
). If you want the setup to be accessible under alias domains (e.g., storage.example.com
), you need to add a ServerAlias
record. The shared domain must match the SSL certificate you use, because users with SSL-based access will otherwise see a certificate warning. Also, the value for SSLEngine
must be on
. Finally, copy the text in Listing 1 to the file.
Listing 1
Apache Config Addition
<IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" </IfModule>
For each of the keywords mentioned, you have to remove the #
at the beginning of the line if the respective line is commented out; then, type
sudo a2ensite default-ssl.conf sudo a2enmod headers sudo service apache2 restart
to enable the default SSL page, enable the module that allows the modification of HTTP headers in Apache, and restart Apache.
That's it: Apache now has an SSL certificate. By the way, if you have never been through the process of issuing an SSL certificate, you will find instructions online [2]. The referenced article refers to Let's Encrypt, a service that issues free SSL/TLS certificates.
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.