John Galea's Blog

My blog on Gadgets and the like

Owncloud take two … and quickstart guide

I previously looked at the Owncloud template VM and found Owncloud does exactly what I want but hated the way the template was implemented … At the risk of repeating myself I will make this post stand alone by including the intro …

From time to time I need to exchange sensitive files with people like lawyers that themselves don’t have secure file drop faculties. At this point I am uncomfortable dropping anything even remotely sensitive on pretty much any of the clouds. Call it paranoia, call it informed, you choose, but ever since the US passed the CLOUD act back in 2018 which made it easier for governments to get access to your data irrelevant of data residency, I’m more and more concerned about my data. Now personally, I don’t think anything I am doing warrants (pun intended) attention, that’s not really the point. So I decided I would look at self hosted cloud space. Somewhere I can put files and have others easily grab them.

I looked at the Owncloud container but ran into a number of issues that stopped this being my choice. Owncloud has removed the web interface expecting it to be reverse proxied. But I found documentation on how to get NGINX to reverse proxy an Owncloud container, whether on the same container host or not to be unhelpful and I burned a lot of time at this. I’m also a tiny but concerned that the Owncloud container could be fill my container host and compromise all of my other containers. There are ways to contain this, but without a working reverse proxy solution I was dead in the water. I also had issues deploying the So with that I went ahead and followed a guide to installing Owncloud on a dedicated Ubuntu VM. This is the simplest way to implement owncloud. So I installed Ubuntu server, and followed the guide. It actually was pretty complete. There were a few steps left to do, I wanted to secure the front end with SSL, but this was pretty well documented on a number of sites, just google install cert (which I already had) on Apache. Because I was unable to get reverse proxy running I simply port forwarded an externally unused port to this Owncloud server, port 8080. Your going to want to get this all setup, tested and working before you move onto the next step. What you end up with is Ubuntu 18 (which isn’t the most current), Apache, and then Owncloud is installed as a web application inside

Initial setup wizard guides you through choosing a back end SQL server and setting up an initial admin account. At this point you think your done, but the wizard and even other guides fall down at this point and it’s confusing what’s going on. I tried, unsuccessfully to setup a MySQL back end server on a different machine only to discover this is a common issue, but this turned out in my case to be a permissions issue. I had initially set it up with SQLite3 only to discover this has virtually no security, I guess it’s why they don’t recommend it šŸ˜‰ So in the end, give Owncloud your root DBA account and what it will do is create the database, create and account and password and configure Owncloud to use it.

So, here are the next steps to getting Owncloud usable. First up you need to setup the email account for the admin account. This MUST be done and you can’t go further until it is. It’s a simple step, logon to the admin account, admin, settings, general, add your email address and click set.

When you create a new account within Owncloud it send the end user an email to set their initial password. If email isn’t setup this goes no where, the account is created, and you can’t use it. Something that I didn’t find was well explained. So … Next up setup email, settings Admin general and test. You can not get anywhere further until these two steps are done.

It’s important that your end state, reverse proxy, port forward or whatever you choose is up and working at this point, because Owncloud will use how you have logged on to create a URL for an end user to setup their initial password. Especially important for people not on your internal network. At this point I recommend you create an account for yourself to be able to test out what the link end users will get, and follow to set their initial password. I created a group first off I call users. Go to users then Add group. Then

Now your ready to create a user:

There is a way around this, set the email address to yours, create the account, and set the initial password by following the link, later changing their email. Email is also how end users can reset their own passwords.

By default Owncloud holds onto deleted files for a retention period to allow users to change their mind. Expecting end users to clean out their trash bin is optimistic at best. so to get around this you can change the retention period by following this article. Or better yet, you can disable the deleted files app and files are immediately deleted, perfect!

Expanding the drive space should your needs grow can be done in one of two ways, by adding a second drive and changing the mount point by following this article or you can also extend the volume group.

By default files are stored unencrypted in the web path. So a breach of Apache would leave these files vulnerable. I didn’t like that thought so turned on encryption at rest. Files that are take out from under Owncloud are encrypted and useless. Not to say it can’t be unencrypted but it’s going to take some work. To do this you have enable the encryption module then enable server side encryption, but you have to click show disabled apps to see and enable encryption.

It’s always important to backup your main config files, they are: I used this script to back it up:

cp /var/www/owncloud/config/config.php /home/backup/owncloud/config.php
cp /etc/apache2/conf-available/owncloud.conf /home/backup/owncloud/owncloud-conf_date +"%Y%m%d".conf
cp /etc/apache2/sites-available/000-default.conf /home/backup/owncloud/default_conf_date +"%Y%m%d".conf
cp /etc/apache2/ports.conf /home/backup/owncloud/ports_conf_date +"%Y%m%d".conf
mysqldump –user=ownclouduser –password=xxxxxx owncloud > /home/backup/owncloud/owncloud-dbbackup_date +"%Y%m%d".sql

With this I have exactly what I wanted, my needs are quite modest. Even with encryption it takes just 1G of memory and 1 VCPU with little impact to upload speeds, I tested it with a 1G file. I love that Owncloud even preserves the original file date!

December 15, 2020 - Posted by | Uncategorized

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: