Updating an Owncloud instance running in docker

Introduction

Now that we have a Owncloud server up and running, we have to apply security fixes when they are published in order to avoid nasty surprises.
To update a container, it’s better to create a new image based on updated software components rather than applying updates inside a running container. In this post, I describe how to update a Owncloud server running in a Raspberry Pi docker container.

Upgrade process

Before starting the upgrade process, check the supported upgrade path on Owncloud web site.
For version 10, you can have a look to https://doc.owncloud.org/server/10.0/admin_manual/maintenance/upgrade.html.

In my Owncloud deployment, I use 2 containers:
– 1 container with Owncloud, Apache 2 and PHP
– 1 container with MariaDB database
You can upgrade both simultaneously or upgrade each one independently.

 

Upgrading MariaDB Container

If you want to use an updated version of the MariaDB image:

1. Stop the Owncloud container: $ docker stop owncloud-01
2. Stop the current MariaDB container: $ docker stop mariadb-01
3. Pull the latest version of MariaDB from my docker repository: $ docker pull blepiolot/rpi-mariadb:latest
4. Launch the containers using docker-compose: $ docker-compose up -d

Check that Owncloud is still working properly.

 

Upgrading PHP Version

If you pull a owncloud image which contains a major version which is different from your current owncloud image, the container will fail to start as it Apache won’t find the correct php library.

For instance, if the previous image was using PHP 5 and the new one is using PHP 7, you have to modify the Apache 2 configuration in order to load the correct PHP module.
Modify the volume from the docker host (you have to be root):

# cd /var/lib/docker/volumes/owncloud_apache2-conf-volume/_data/mods-enabled
# rm php5.load
# cd ../mods-available
# mv php5.load php7.load
# vi php7.load

# Replace 5 by 7 as follows:
LoadModule php7_module /usr/lib/apache2/modules/libphp7.so

# cd ../mods-enabled
# ln -s ../mods-available/php7.load php7.load

 

Upgrading Owncloud version:

1. Stop the current Owncloud container: $ docker stop owncloud-01
2. Remove everything in /var/www/html of Owncloud volume, except “config/” and “data/”
(Modify the volume from the docker host as root)
3. Pull the latest version of Owncloud from my docker repository: $ docker pull blepiolot/rpi-owncloud:latest
4. Start the new Owncloud container using docker-compose: $ docker-compose up -d
5. Open a shell in the Owncloud container to perform the manual update (see detailed procedure below)

 

Detailed procedure

I use the manual upgrade method which is described on Owncloud web site: https://doc.owncloud.org/server/10.0/admin_manual/maintenance/manual_upgrade.html#manual-owncloud-upgrade


Stop the owncloud container (version to upgrade)

# docker stop owncloud-01
owncloud-01
#


Backup Existing installation

Backup Owncloud web root to another location (/backup/owncloud for instance)
Copy the files from the docker host as root :
# cp -r /var/lib/docker/volumes/owncloud_html-volume/_data/* /backup/owncloud

Backup the MariaDB database
Open a shell in the Owncloud container:
# docker exec -it mariadb-01 /bin/bash
# mysqldump <Name you chose for your database> > /var/lib/mysql/backup/backup-owncloud.sql


Delete Owncloud application files
Delete the files from the docker host as root.
Delete all files and folders in “/var/lib/docker/volumes/owncloud_html-volume/_data” except “data/” and “config/”


Start the container and start the upgrade

Change directory to the folder containing the docker-compose.yml file:
# docker-compose up -d

Open a shell in the Owncloud container:
# docker exec -it owncloud-01 /bin/bash

Switch to user www-data:
root@eabf673d96f8:/var/www/html# runuser – www-data -s /bin/bash

Launch Owncloud upgrade:
-bash-4.3$ php occ upgrade
The process control (PCNTL) extensions are required in case you want to interrupt long running commands – see http://php.net/manual/en/book.pcntl.php
ownCloud or one of the apps require upgrade – only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
2018-01-11T22:56:06+00:00 Set log level to debug
2018-01-11T22:56:06+00:00 Turned on maintenance mode
2018-01-11T22:56:06+00:00 Repair step: Repair MySQL database engine
2018-01-11T22:56:06+00:00 Repair step: Repair MySQL collation
2018-01-11T22:56:07+00:00 Repair info: All tables already have the correct collation -> nothing to do
2018-01-11T22:56:07+00:00 Repair step: Repair SQLite autoincrement
2018-01-11T22:56:07+00:00 Repair step: Repair duplicate entries in oc_lucene_status
2018-01-11T22:56:07+00:00 Repair info: lucene_status table does not exist -> nothing to do
2018-01-11T22:56:07+00:00 Repair step: Upgrade app code from the marketplace


2018-01-11T22:59:12+00:00 Repair info: 0 tags with no entries have been removed.
2018-01-11T22:59:12+00:00 Repair step: Drop old database tables
2018-01-11T22:59:12+00:00 Drop old database tables
2018-01-11T22:59:12+00:00
2018-01-11T22:59:12+00:00 Done
28/28 [============================] 100%2018-01-11T22:59:12+00:00
2018-01-11T22:59:12+00:00 Repair step: Drop old background jobs
2018-01-11T22:59:12+00:00 Repair step: Remove getetag entries in properties table
2018-01-11T22:59:12+00:00 Repair info: Removed 0 unneeded “{DAV:}getetag” entries from properties table.
2018-01-11T22:59:12+00:00 Repair step: Repair outdated OCS IDs
2018-01-11T22:59:12+00:00 Repair step: Repair invalid shares
2018-01-11T22:59:12+00:00 Repair step: Remove old share propagation app entries
2018-01-11T22:59:12+00:00 Repair step: Move user avatars outside the homes to the new location
2018-01-11T22:59:12+00:00 Move user avatars outside the homes to the new location
2018-01-11T22:59:13+00:00 Done
3/3 [============================] 100%2018-01-11T22:59:13+00:00
2018-01-11T22:59:13+00:00 Repair step: Remove shares of a users root folder
2018-01-11T22:59:13+00:00 Repair step: Repair unmerged shares
2018-01-11T22:59:13+00:00 Starting code integrity check…
2018-01-11T23:00:25+00:00 Finished code integrity check
2018-01-11T23:00:25+00:00 Update successful
2018-01-11T23:00:25+00:00 Turned off maintenance mode
2018-01-11T23:00:25+00:00 Reset log level
-bash-4.3$

Connect to owncloud and check that the instance is still working properly.

 

Note about let’s encrypt:
In my first version of owncloud image, the /etc/letsencrypt folder was not declared as a volume. As a consequence, certificates were lost when you upgraded the Owncloud image. In this case, the Owncloud container will close immediatly as Apache will fail to start (failing to load the certificate and private key).

To solve this issue:

Remove the SSL configuration
# cd /var/lib/docker/volumes/owncloud_apache2-conf-volume/_data/sites-enabled
# rm 000-default-le-ssl.conf

Start the Owncloud container:

Change directory to the folder containing the docker-compose.yml file:
# docker-compose up -d

Open a shell in the Owncloud container:
# docker exec -it owncloud-01 /bin/bash

Remove the redirection from http to https:
root@a33841fb9af2:/etc/apache2/sites-enabled# vi 000-default.conf

Comment the 3 lines that configure http to https redirection (lines beginning with rewrite*)

Restart the container and issue a new certificate using “certbot” as described in my previous post.

Updating an Owncloud instance running in docker

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.