Enabling HTTPS access to OwnCloud

This document can be used for Owncloud Ver 8 and Ubuntu Server 14.04.

If you are running owncloud and have it facing the public internet, you should really be enforcing https communication. Even if it is internal only, enforcing https is a good idea. Since owncloud runs on top of apache2, enabling https is pretty easy. There are lots of tutorials available for this. I have added this here for easy reference.

To start, you need to have a cert issued from a known authority or you create a self signed cert. If you plan on using WebDAV with IOS, I have found that a cert from a known authority works where a self signed certs cause issues. You can thank apple for that.

Since we are using certs, you need openssl modules if you don’t already have it installed.

You should have a public cert, private key, and a root-CA from the issuing Authority.
Copy your public cert PEM file into /etc/ssl/certs/my-public-cert.pem
Copy your private key file into /etc/ssl/private/my-private-key.key
Copy your CertAuth-Rootca.crt file into /usr/local/share/ca-certificates

This command will read in the Root-CA Cert and add it to the trusted list for this server.

sudo update-ca-certificates

Note: For some installations, you need to use “sudo dpkg-reconfigure ca-certificates” instead which calls update-ca-certificates

Now that the CA is trusted, enable the needed apache plugins:

a2enmod rewrite && a2enmod headers && a2enmod ssl

Create an apache virtual host:

nano /etc/apache2/conf-available/owncloud-ssl.conf

Add the following to the new file.   This will forward requests from port http port 80 to https port 443 ensuring all communication is encrypted.    The virtual host 443 is setup with the certificates specified.   The mod_headers is an best practices entry from owncloud for a more secure server.

<VirtualHost *:80>
    RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>
<VirtualHost *:443>
    ServerName 127.0.0.1
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/my-public-cert.pem
    SSLCertificateKeyFile /etc/ssl/private/my-private-key.key
    DocumentRoot /var/www/owncloud

    <IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
    </IfModule>
</VirtualHost>

Next we enable the new conf file:

a2enconf owncloud-ssl.conf

Restart apache:.conf

sudo service apache2 restart

Now access owncloud over https://servername . Notice “/owncloud” is not requried in the URL because of the Document Root entry in the conf we added to apache. Navigate to the Admin page and enable the “Enforce HTTPS” option. Enforce HTTPS can only be enabled while accessing the page via https.

HTTPS Enforcement on OwnCloud

HTTPS Enforcement on OwnCloud

All clients can now use https://servername to access the cloud. Http access is no longer available for clients making the server more secure.

NOTE: Some people have complained that this tutorial broke their apache config. If you have a problem, just remove the owncloud-ssl that we create here from enabled conf files in apache. Please make sure you understand what this config does before you put in into a production machine.

Tagged , , , . Bookmark the permalink.

10 Responses to Enabling HTTPS access to OwnCloud

  1. Modish_Maverick says:

    Could you add a step including how to create a self-signed certificate in case someone isn’t aware that this is necessary?
    I caught it only because I have done this setup once before and recognized the error that my terminal returned.

  2. Erwin says:

    In your VirtualHost script you end your script with;

    >

    There is one > to many in this piece of config.
    Besides that it’s working perfectly.
    Thanks!

  3. do anybody know how to get rid of the welcome screen and having problems redirecting from 80 to 443.

  4. mike says:

    There’s nothing wrong with this config. I’ve used it many times. If you try to incorporate this into an existing apache and do not fully understand the config options…. well that’s a different story. Why not post the config and I’ll see if I can help. But don’t complain if you apply code into another config without understanding how it will impact what you already have.

  5. Adrian Wright says:

    Hi Mike,
    I have ‘owncloud’ up and running on my Raspberry Pi 3 and seems to be working well. I am going in using an IP address i have registered with no-ip.com using http.
    I am trying to convert it to https but i seem to have go suck at the line,
    ‘a2enmod rewrite && a2enmod headers && a2enmod ssl’
    I have tried with and without ‘sudo’ but no luck.
    I get the response ‘Module rewite does not exist!’
    Can you hel please.

    • mike says:

      Hi Adrian, I hope this is just a typo: ‘Module rewite does not exist!’. It’s rewrite, not rewite. If you installed apache from public repos, a2enmod rewrite should be avilable.

  6. hunter says:

    Can someone post how to fix this? This tutorial broke my apache2…

Leave a Reply

Your email address will not be published. Required fields are marked *

Solve : *
17 − 8 =