Running Owncloud w/ SSL in a Raspberry Pi Docker Container

Introduction

This document describes how to build a docker container to run Owncloud on a Raspberry Pi (running Raspbian Jessie). I chose MariaDB as the Owncloud database and Let’s Encrypt to enable SSL.

 

Installing Docker and Docker Compose

Docker can be installed easily using the following command:
# curl -sSL get.docker.com | sh

As we will use 2 containers for this Owncloud setup, we also need docker-compose in order to start all services using one single command.
To install docker-compose on Raspbian, use the following commands:
$ sudo apt-get install python-pip -y
$ sudo pip install docker-compose

Note: Many images in the Docker Hub are for x86 Linux systems. You need to look for images which are built for Raspberry Pi (ARM). Usually, these images have a name which begins with “rpi-” or “armhf-“.

You can find some ports on the following repository: https://hub.docker.com/u/hypriot/

 

Method

To build Docker images for Raspberry Pi, I download the Dockerfile of official images from the Docker Hub and modify them to change at least the base operating system (which is a x86 Linux for official images) and the packages. For these containers, I chose Raspbian Jessie as the operating system using the image “resin/rpi-raspbian:jessie”.

If you want to run these containers on your Raspberry Pi, you can either pull the images from my Docker hub repository (blepiolot/rpi-mariadb, blepiolot/rpi-apache-php and rpi-owncloud) or rebuild the images using the Dockerfiles provided below.

 

MariaDB Container

Customize the official Dockerfile for Raspberry

Download “Dockerfile” and “docker-entrypoint.sh” from “https://github.com/docker-library/mariadb/tree/master/10.0” (link from https://hub.docker.com/_/mariadb for different versions of MariaDB).
You can also download the Github repository (https://github.com/docker-library/mariadb/archive/master.zip)

docker-entreypoint.sh must be executable:
$ chmod +x docker-entrypoint.sh

Edit the Dockerfile:
– Change the base image: FROM resin/rpi-raspbian:jessie
– Comment the lines that concern the percona repository declaration (around line 68)
– Set the minor version to install: ENV MARIADB_VERSION 10.0.29-0+deb8u1
(apt-cache showpkg mariadb-server => 10.0.32-0+deb8u1)
– After the declaration of MARIADB_VERSION, comment the insertion of the mariadb repository (around line 79)
– Remove the installation of “percona” and “socat” packages (around line 98)

Click here to download the Dockerfile.

Building

# docker build -t blepiolot/rpi-mariadb .
# docker tag 776f42dadb1e blepiolot/rpi-mariadb:10.0.32

 

Apache/PHP Container

Customize the official Dockerfile for Raspberry

Download the Github repository of the official PHP Docker image: https://github.com/docker-library/php/archive/master.zip (you can also find the links for different versions of PHP from https://hub.docker.com/_/php/)

Unzip master.zip in the folder from which you want to build the image.

$ unzip master.zip
$ cp php-master/7.1/jessie/apache/Dockerfile .
$ cp php-master/7.1/jessie/apache/docker-php-* .
$ cp php-master/7.1/jessie/apache/apache2-foreground .
$ chmod +x docker-php-source

Edit the Dockerfile:
– Change the base image: FROM resin/rpi-raspbian:jessie

Click here to download the Dockerfile.

Building

# docker build -t blepiolot/rpi-apache-php .
# docker tag 5801f0154498 blepiolot/rpi-apache-php:7.1.13

(This build requires a lot of memory, I had to shutdown other docker containers and Kodi to compile it)

 

Owncloud Container

Download the Github repository of the official Owncloud Docker image: https://github.com/docker-library/owncloud/archive/master.zip (you can also find the links for different versions of Owncloud from https://hub.docker.com/_/owncloud/)

Unzip master.zip in the folder from which you want to build the image.

$ unzip master.zip
$ cp owncloud-master/10.0/apache/Dockerfile .
$ cp owncloud-master/10.0/apache/docker-entrypoint.sh .

Edit the Dockerfile:
– Change the base image: FROM blepiolot/rpi-apache-php:latest
– Add the installation of package vim (around line 19)
– Add the timezone declaration

RUN echo “TZ=’Europe/Paris’; export TZ” > /etc/profile

– Enable Apache SSL module (a2enmod ssl)

RUN set -ex; \
a2enmod rewrite; \
a2enmod ssl;

– Add packages to issue “Let’s Encrypt” certificates

RUN set -ex ; \
echo “deb http://ftp.debian.org/debian jessie-backports main” > /etc/apt/sources.list.d/backport.list; \
apt-key adv –keyserver ha.pool.sks-keyservers.net –recv-keys 8B48AD6246925553; \
apt-key adv –keyserver ha.pool.sks-keyservers.net –recv-keys 7638D0442B90D010; \
apt-get update; \
apt-get install python-certbot-apache -t jessie-backports;

– Add a volume for Apache and let’s encrypt configuration

VOLUME /etc/apache2
VOLUME /etc/letsencrypt

Click here to download the Dockerfile

Building

# docker build -t blepiolot/rpi-owncloud .
# docker tag 52b0c507203f blepiolot/rpi-owncloud:10.0.4

 

Using Docker Compose to run Owncloud with MariaDB

Create the “docker-compose.yml” file:

# ownCloud with MariaDB/MySQL
version: ‘2’

services:

owncloud:

image: blepiolot/rpi-owncloud:latest
container_name: owncloud-01
ports:

– 80:80
– 443:443

volumes:

– html-volume:/var/www/html
– apache2-conf-volume:/etc/apache2
– letsencrypt-conf-volume:/etc/letsencrypt

depends_on:

– mysql

mysql:

image: blepiolot/rpi-mariadb:latest
container_name: mariadb-01
volumes:

– db-volume:/var/lib/mysql

environment:

MYSQL_ROOT_PASSWORD: <Choose you own password>

volumes:

html-volume:
apache2-conf-volume:
letsencrypt-conf-volume:
db-volume:

Click here¬†to download the “docker-compose.yml” file

 

Run the images with docker-compose

Go to the directory where the “docker-compose.yml” is and run the following command:
# docker-compose up -d

 

Enable SSL

Once the containers are up, perform the following actions to complete the setup and enable SSL:

  1. Set the ServerName
    Open a shell in the container:
    root@hostname:/home/root# docker exec -it owncloud-01 /bin/bashroot@c48d0c3e2e8e:/var/www/html# vi /etc/apache2/sites-enabled/000-default.conf
    # Add the following directive to set the hostname of your owncloud server
    ServerName <Replace with the FQDN of your owncloud server>

    Note that a DNS entry for this FQDN must exist.

  2. Issue the let’s encrypt certificate and enable SSL
    Open a shell in the container:
    root@hostname:/home/root# docker exec -it owncloud-01 /bin/bashroot@c48d0c3e2e8e:/var/www/html#certbot –authenticator webroot –webroot-path /var/www/html –installer apache -d <Replace with the FQDN of your owncloud server>
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
    cancel): <Enter you email>
    Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org——————————————————————————-
    Please read the Terms of Service at
    https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
    agree in order to register with the ACME server at
    https://acme-v01.api.letsencrypt.org/directory
    ——————————————————————————-
    (A)gree/(C)ancel: A
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for <FQDN of your owncloud server>
    Using the webroot path /var/www/html for all unmatched domains.
    Waiting for verification…
    Cleaning up challenges
    Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
    Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
    Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
    Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf
    Rollback checkpoint is empty (no changes made?)Please choose whether HTTPS access is required or optional.
    ——————————————————————————-
    1: Easy – Allow both HTTP and HTTPS access to these sites
    2: Secure – Make all requests redirect to secure HTTPS access
    ——————————————————————————-
    Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
    Redirecting vhost in /etc/apache2/sites-available/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf——————————————————————————-
    Congratulations! You have successfully enabled https://<FQDN of your owncloud server>root@d62613fd29f4:/var/www/html#

 

Configure owncloud

Using a browser, connect to your owncloud server: https://<FQDN of your owncloud server>
You should reach the configuration page of Owncloud.

Choose an administrator name and password:

Deploy Storage and Database and click on “MySQL/MariaDB” for the database.
Enter the required information to connect the the MariaDB database and choose a name for the owncloud database (dbowncloud in this example):

Note that the MariaDB administrator (root in this case) is only used to connect to MariaDB in order to create the owncloud database and a dedicated MariaDB administrator. After these operations are completed, Owncloud is only using the MariaDB administrator it created (and not root).

Click on “Finish Setup”

You can refer to https://doc.owncloud.org/server/10.0/admin_manual/installation/installation_wizard.html#the-installation-wizard if you want more information regarding the installation wizard.

You can now connect with the administrator account and configure other owncloud users and parameters.

Enjoy !

Running Owncloud w/ SSL in a Raspberry Pi Docker Container

Leave a Reply

Your email address will not be published. Required fields are marked *