ownCloud is great. It’s basically like Dropbox, but with one huge difference: you host the software and data yourself. This gives you complete control over your stuff, and now that VPSs and even dedicated servers are getting cheaper and cheaper, the setup is more affordable than ever. For example, the French hosting company Online.net offers a small dedicated server with 500 GB HDD for just 5€/month (excl. tax).
The files on your ownCloud server can be accessed through a web browser, but ownCloud also provides automatically syncing desktop clients for Mac, Linux and Windows. In addition to that, there are official clients for iOS and Android as well. Read more about ownCloud’s features here.
In this tutorial I will go through the complete setup of ownCloud on a Debian (7.0, x64) VPS. It will use a self-signed SSL certificate to secure file transmission, but it will also encrypt ownCloud files locally. The VPS in the example is from DigitalOcean with the hostname owncloud.turunen.pro.
First, you will have to obtain ownCloud’s release key. After you have downloaded and added the key, the file can be erased from /tmp. Please note that all commands will be run as root.
$ wget -P /tmp/ http://download.opensuse.org/repositories/isv:ownCloud:community/Debian_7.0/Release.key $ apt-key add - < /tmp/Release.key $ rm /tmp/Release.key
Add ownCloud repository to the apt source list, update package lists, and install ownCloud with all its dependencies. The MySQL installer will ask for a root password, so choose a strong one and store it someplace safe.
$ echo 'deb http://download.opensuse.org/repositories/isv:/ownCloud:/community/Debian_7.0/ /'; >> /etc/apt/sources.list.d/owncloud.list
$ apt-get update $ apt-get install owncloud
To setup MySQL, type in the following commands. You don’t have to change the root password as you just set it, but for the other questions press Y.
$ mysql_install_db $ mysql_secure_installation
Log in to MySQL and create a database for ownCloud.
$ mysql -u root -p
CREATE DATABASE owncloud;
Create a user for ownCloud and grant it full access to the ownCloud database. Then exit the MySQL prompt.
GRANT ALL ON owncloud.** to 'owncloud'@'localhost' IDENTIFIED BY 'insert_password_here'; exit
Setting up SSL
Enable Apache’s SSL module and create a directory for the certificate.
$ a2enmod ssl $ mkdir /etc/apache2/ssl
Create the certificate.
$ openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/owncloud.pem -newkey rsa:2048 -keyout /etc/apache2/ssl/owncloud.key
If, for some reason, you would like to use a bigger key, modify rsa:2048 in the command to rsa:4096. I’d argue that a key length of 2048 bits is sufficient enough for this purpose — at least for the time being. Keep in mind that 4096 bits is tough on the CPU and makes communication slower.
If you want your cert to be valid for a custom number of days, modify the -days argument.
You will be prompted for some info for the certificate.
Open up ownCloud’s Apache configuration file.
$ vim /etc/apache2/conf.d/owncloud.conf
Replace all text inside with following lines:
<VirtualHost **:80> DocumentRoot /var/www/owncloud/ <Directory /var/www/owncloud> Options FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> </VirtualHost> <VirtualHost **:443> SSLEngine on SSLCertificateFile /etc/apache2/ssl/owncloud.pem SSLCertificateKeyFile /etc/apache2/ssl/owncloud.key DocumentRoot /var/www/owncloud/ <Directory /var/www/owncloud> Options FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> </VirtualHost>
Set UTF-8 as default charset in php.ini
This step is completely optional, but if skipped, ownCloud will keep bugging you about the default charset.
$ vim /etc/php5/apache2/php.ini
Find this line and uncomment it.
;default_charset = "UTF-8"
Finally, restart Apache.
$ service apache2 restart
Head to https://yourhostname. In my case the URL is https://owncloud.turunen.pro
Your browser will complain about the self-signed certificate. This is supposed to happen, so just confirm and continue. If you don’t want to see the dialog again, just store the exception permanently.
Type in your desired username and password and click on Storage & database. Select MySQL and fill in your MySQL details; username, password, and database name. Click Finish setup.
Click on your name on the upper right corner and select Admin. In the security settings put a check on Enforce HTTPS. This will ensure that http requests will be redirected to https and all communication with your ownCloud server will be done over a secure connection.
Final step: enabling local file encryption. From the upper left corner click on the down arrow and select Apps. From the side bar select Not enabled. Find Server-side Encryption from the list and click Enable.
Log out from ownCloud and log back in. All files will now be encrypted when stored.
That’s it. You now have a fully functioning and secure cloud storage server that YOU control.
I hope you found this tutorial useful. Leave a comment below if you have any questions! You may also tweet me @eeturunen.