Docker image for ownCloud with security in mind.
The build instructions are tracked on GitHub. Automated builds are hosted on Docker Hub.
- It is directly based on Debian stable. No additional image layers which blow up the total image size and might by a security risk.
- Uses nginx as webserver.
- Hardened TLS configuration.
- Generates unique Diffie Hellman parameters to mitigate precomputation based attacks on common parameters. Refs: Guide to Deploying Diffie-Hellman for TLS. Thanks to @FreekKalter for implementing.
- Local caching enabled by default (APCu). See https://owncloud.org/blog/making-owncloud-faster-through-caching/
- Installs the ownCloud tarball directly from https://owncloud.org/ and it securely verifies the GPG signature.
- Makes installing of 3party apps easy and keeps them across updates.
- The
occcommand can be used just by typingdocker exec -ti $owncloud_container_name occ. - ownCloud can only be updated by redeploying the container. No update via the web interface is possible. The ownCloud installation is fully contained in the container and not made persistent. This allows to make the ownCloud installation write protected for the Webserver and PHP which run as
www-data.
You have two options to get the image:
- Build it yourself with
make build. - Download it via
docker pull jchaney/owncloud(automated build).
Checkout the Makefile for an example or just run make owncloud which will setup a ownCloud container instance (called "owncloud"). After that, just head over to http://localhost/ and give it a try. You can now create an admin account. For testing purposes you can use SQLite (but remember to use a real database in production).
Setup a separate container running your database server and link it to the ownCloud container.
For running in production, you need to provide a TLS key and certificate. The
Makefile defaults to /etc/ssl/private/ssl-cert-snakeoil.key and
/etc/ssl/certs/ssl-cert-snakeoil.pem. Make sure those files exist or extend
the Makefile (you can include this Makefile and overwrite some variables in
your own Makefile). To generate self signed once you can run the following command:
make-ssl-cert generate-default-snakeoilTo setup ownCloud with MariaDB as backend, just run:
make owncloud-productionIn the initial ownCloud setup, you need to supply the database user, password, database name and database host which you can look up via:
make owncloud-mariadb-get-pwThat should be it 😄
It is recommended to rebuild/pull this image on a regular basis and redeploy your ownCloud container(s) to get the latest security fixes.
Note that ownCloud version jumps are uploaded to the latest tag of this image once they are tested. You might want to watch this repository to see when this happens.
Once the ownCloud image is up-to-date, just run:
make owncloud-productionto update your container. If you don’t use the Makefile you will need to update the database of ownCloud via the web interface or via occ.
Just write the command(s) needed to install apps in a configuration file and mount it in the container.
--volume "/path/on/host/to/3party_apps.conf:/owncloud/3party_apps.conf:ro" \
Checkout the example configuration and the script which does the work for details.
You can also run this image with docker-compose. First you need to declare all env variables since docker-compose does not support (yet) default variables.
# Where to store data and database ?
export docker_owncloud_permanent_storage="~/owncloud_data"
# SSL Certificates to use.
export docker_owncloud_ssl_cert="../certs/cloud.cert"
export docker_owncloud_ssl_key="../certs/cloud.key"
# Servername
export docker_owncloud_servername="localhost"
export docker_owncloud_http_port="80"
export docker_owncloud_https_port="443"
export docker_owncloud_in_root_path="1"
export docker_owncloud_mariadb_root_password=$(pwgen --secure 40 1)
export docker_owncloud_mariadb_user_password=$(pwgen --secure 40 1)
export image_owncloud="jchaney/owncloud"
export image_mariadb="mysql"
Then :
docker-compose upThat's all !
-
official docker repository for ownCloud
Uses Apache as webserver and is based on the official Docker PHP image.
-
Uses Apache as webserver and is based on a self build LAMP stack based on Arch Linux.
-
Ansible role to install and manage ownCloud instances
Automation framework for setting up ownCloud on any Debian based system. This offers much more flexibility and is not limited to Docker. So you can setup a ownCloud instance in a KVM virtual machine and/or a LXC container for example.
This role is part of the DebOps project which allows you to automate all the steps mentioned above (setting up a Hypervisor host with support for KVM and/or LXC, setting up the virtual machine/container and installing Webserver/PHP/Database and finally ownCloud).
The real fun with this approach begins when you manage multiple instances because Ansible and this role allow you to run actions like ownCloud updates or enabling apps or the like on all your instances automatically.
The current maintainer is Robin ypid Schneider.
List of previous maintainers:
-
If you get "Command not found" for any of the programs used then install it (make sure you know what you are doing).
Your distribution packages: You should find missing dependencies from the errors yourself. It's your machine, you're supposed to know it.
Ref: https://bb.osmocom.org/trac/wiki/PreliminaryRequirements#Generalknowledge
This project is distributed under GNU Affero General Public License, Version 3.