├── configs
    ├── cron.conf
    ├── config.php
    └── apache.conf
├── Dockerfile
├── installOwnCloud.sh
└── README.md


/configs/cron.conf:
--------------------------------------------------------------------------------
1 | */15 * * * * http php -f /usr/share/webapps/owncloud/cron.php >> /usr/share/webapps/owncloud/data/cron.log 2>&1
2 | 


--------------------------------------------------------------------------------
/configs/config.php:
--------------------------------------------------------------------------------
1 | <?php
2 | $CONFIG = array (
3 |   'preview_libreoffice_path' => '/usr/bin/libreoffice',
4 |   'memcache.local' => '\OC\Memcache\APCu',
5 | );
6 | 


--------------------------------------------------------------------------------
/configs/apache.conf:
--------------------------------------------------------------------------------
 1 | Alias /${TARGET_SUBDIR} "/usr/share/webapps/owncloud/"
 2 | 
 3 | <Directory /usr/share/webapps/owncloud/>
 4 |   Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
 5 | 
 6 |   # tell apache to serve up an error message if the user tries
 7 |   # to visit TARGET_SUBDIR without https (unless ALLOW_INSECURE is "true")
 8 |   <If "env('ALLOW_INSECURE') != 'true'">
 9 |     SSLRequireSSL
10 |     SSLOptions +StrictRequire
11 |   </If>
12 | 
13 |   Options +FollowSymlinks
14 |   AllowOverride All
15 |   Require all granted
16 | 
17 |  <IfModule mod_dav.c>
18 |   Dav off
19 |  </IfModule>
20 | 
21 |  SetEnv HOME /usr/share/webapps/owncloud
22 |  SetEnv HTTP_HOME /usr/share/webapps/owncloud
23 | 
24 | </Directory>
25 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM greyltc/lamp-aur
 2 | MAINTAINER Grey Christoforo <grey@christoforo.net>
 3 | # Report issues with this to the GitHub project: https://github.com/greyltc/docker-owncloud/issues
 4 | # Say thanks by adding a star or a comment here: https://registry.hub.docker.com/u/l3iggs/owncloud/
 5 | # and/or starring the project on GitHub
 6 | 
 7 | # uncomment this to update the container's mirrorlist
 8 | #RUN get-new-mirrors
 9 | 
10 | # set environmnt variable defaults
11 | ENV TARGET_SUBDIR owncloud
12 | ENV ALLOW_INSECURE false
13 | ENV OC_VERSION '*'
14 | 
15 | # do the install things
16 | ADD installOwnCloud.sh /usr/sbin/install-owncloud
17 | RUN install-owncloud
18 | 
19 | # add our config.php stub
20 | ADD configs/config.php /usr/share/webapps/owncloud/config/config.php
21 | RUN chown http:http /usr/share/webapps/owncloud/config/config.php; \
22 |     chmod 0640 /usr/share/webapps/owncloud/config/config.php
23 | 
24 | # add our cron stub
25 | ADD configs/cron.conf /etc/cron.d/owncloud
26 | 
27 | # add our apache config stub
28 | ADD configs/apache.conf /etc/httpd/conf/extra/owncloud.conf
29 | 
30 | # expose some important directories as volumes
31 | #VOLUME ["/usr/share/webapps/owncloud/data"]
32 | #VOLUME ["/etc/webapps/owncloud/config"]
33 | #VOLUME ["/usr/share/webapps/owncloud/apps"]
34 | 
35 | # place your ssl cert files in here. name them server.key and server.crt
36 | #VOLUME ["/root/sslKeys"]
37 | 
38 | # start the servers, then wait forever
39 | CMD start-servers; sleep infinity
40 | 


--------------------------------------------------------------------------------
/installOwnCloud.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | set -e -u -o pipefail
 3 | 
 4 | # remove info.php (prevents server info leak)
 5 | rm /srv/http/info.php
 6 | 
 7 | # to mount SMB shares: 
 8 | pacman -S --noconfirm --noprogress --needed smbclient
 9 | 
10 | # for video file previews
11 | pacman -S --noconfirm --noprogress --needed ffmpeg
12 | 
13 | # for ssh mounts
14 | pacman -S --noconfirm --noprogress --needed openssh
15 | 
16 | # for document previews
17 | pacman -S --noconfirm --noprogress --needed libreoffice-fresh
18 | 
19 | # for image previews
20 | pacman -S --noconfirm --noprogress --needed imagemagick ghostscript openexr openexr openexr libxml2 librsvg libpng libwebp
21 | 
22 | # not 100% sure what needs this:
23 | pacman -S --noconfirm --noprogress --needed gamin
24 | 
25 | # owncloud itself
26 | su docker -c 'pacaur -m --noprogressbar --noedit --noconfirm owncloud-archive'
27 | pacman -U --noconfirm --needed /home/docker/.cache/pacaur/owncloud-archive/owncloud-archive-${OC_VERSION}-any.pkg.tar
28 | 
29 | # install some apps
30 | pacman -S --noconfirm --noprogress --needed owncloud-app-bookmarks owncloud-app-calendar owncloud-app-contacts owncloud-app-documents
31 | 
32 | # setup Apache for owncloud
33 | cp /etc/webapps/owncloud/apache.example.conf /etc/httpd/conf/extra/owncloud.conf
34 | sed -i 's,Alias /owncloud "/usr/share/webapps/owncloud",Alias /${TARGET_SUBDIR} "/usr/share/webapps/owncloud",g' /etc/httpd/conf/extra/owncloud.conf
35 | sed -i '$a Include conf/extra/owncloud.conf' /etc/httpd/conf/httpd.conf
36 | 
37 | # reduce docker layer size
38 | cleanup-image
39 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | docker-owncloud
  2 | ===============
  3 | __4 June 2016 Update:__ It looks to me like [some major thing just happend to ownCloud](http://fortune.com/2016/06/03/what-happened-to-owncloud/). Apparently a significant number of the core ownCloud devs have jumped ship and started a new cloud thingy called Nextcloud. I've made [a docker container](https://hub.docker.com/r/greyltc/nextcloud/) and [associated github repo](https://github.com/greyltc/docker-nextcloud) just like this one to follow nextcloud too. I'll keep supporting this project along side the new Nextcloud one until I can see a winner.
  4 | 
  5 | Simple to use Docker container with the latest stable ownCloud server release, complete with all the bells and whistles. This project is 100% transparent and trustable, every file in the resulting docker image is traceable and inspectable by following up the docker image depenancy tree which starts with [my Arch Linux base image](https://github.com/greyltc/docker-archlinux).
  6 | 
  7 | Please report any issues or improvement ideas to [the github issue tracker](https://github.com/greyltc/docker-owncloud/issues)  
  8 | Pull requests welcome! Let's work together!
  9 | 
 10 | Say thanks by adding a star [here](https://github.com/greyltc/docker-owncloud/) and/or [here](https://registry.hub.docker.com/u/l3iggs/owncloud/).
 11 | 
 12 | 
 13 | __Check out [the wiki](https://github.com/greyltc/docker-owncloud/wiki)__ for some stuff that I didn't include here because I thought the readme was getting too big. Feel free to add new content to the wiki as you see fit.
 14 | 
 15 | ### Features
 16 | - __NEW FEATURE:__ Try the latest ownCloud daily build by using `l3iggs/owncloud:daily`
 17 |   - Probably you should report any issues you find here to [the official oc issue tracker](https://doc.owncloud.org/server/9.1/developer_manual//bugtracker/)
 18 | - Streamlined [Let's Encrypt](https://letsencrypt.org/) functionality built right in
 19 |   - This will fetch valid, trusted and free SSL certs for your domain and install them into the image!
 20 |   - Hurray for green lock icons!
 21 | - __Superfast__
 22 |   - Uses PHP7 with APCu and Zend OpCache for maximum performance
 23 | - Now with [image version tags](https://hub.docker.com/r/l3iggs/owncloud/tags/) corresponding to OwnCloud release versions
 24 |   - So you won't get unexpectedly upgraded and you can safely stay on an OC version you know is working for you
 25 | - Built in (optional) MySQL database server (faster than sqlite default)
 26 |   - Or specify your own pre-existing database server during setup
 27 | - Web GUI driven initial setup of user/password/database
 28 | - Based on Arch Linux ensuring __everything__ is cutting edge & up to date
 29 | - SSL (HTTPS) encryption works out-of-the-box
 30 |   - Tweaked for maximum security while maintaining compatibility
 31 | - Optionally enable automatic SSL certificate regeneration at runtime for maximum security
 32 |   - Or easily incorporate your own SSL certificates
 33 | - In-browser document viewing and editing ready (.odt, .doc, and .docx)
 34 | - In-browser media viewing ready (pretty much everything I think)
 35 | - Comes complete with all of the official ownCloud apps pre-installed:
 36 |  - Bookmarks
 37 |  - Calendar
 38 |  - Contacts
 39 |  - Documents
 40 |  - Gallery
 41 | - Or install your own 3rd party apps
 42 | 
 43 | ### Usage
 44 | 
 45 | 1. [**Install docker**](https://docs.docker.com/installation/)
 46 | 1. **Download and start the owncloud server instance**  
 47 | 
 48 |   ```
 49 | docker run --name oc -p 80:80 -p 443:443 -d l3iggs/owncloud
 50 | ```
 51 |   __NOTE:__ In case you have an outdated version of `l3iggs/owncloud` you can update it with `docker pull l3iggs/owncloud` before you run the server via the above `docker run...` command
 52 | 1. **Access your ownCloud server**  
 53 | Point your web browser to __https://localhost/owncloud__
 54 | 1. **Setup ownCloud**  
 55 | Follow the on-screen instructions to perform the initial setup of your server.
 56 | 1. **[Optional] Harden security**  
 57 | This image comes complete with a self-signed ssl certificate already built in, so https access is ready to go out of the box. I've provided this pre-generated certificate for convienence and testing purposes only. It affords greatly reduced security (compared to using secret certificates) since the "private" key is not actually private; anyone can download this image and inspect the keys and then decrypt your ownCloud traffic (sniffing your login credentials for example). To make the ssl connection to this ownCloud server secure, you can:  
 58 | (A) provide your own (secret) ssl certificate files  
 59 | (B) use the script provided here to generate new, self-signed certificate files  
 60 | or  
 61 | (C) use the script provided here to fetch (free) certificates for your domain from the [Let's Encrypt project](https://letsencrypt.org/)  
 62 | All of these will provide equal security (since the encryption key will be kept secret) but (B) will result in browser warnings whenever somone visits your site since the web browser will likely not trust your self-generated and self-signed keys.
 63 | 
 64 |   ---
 65 | _For option (A) (providing your own SSL cert files):_  
 66 |   The Apache config file calls out the need for two files here: SSLCertificateFile and SSLCertificateKeyFile. You should have those before you start.
 67 |   Name your certificate file `fullchain.pem` and your key file `privkey.pem` and put them in a directory `~/sslCert` on your host machine, then run (also on your host machine):   
 68 | 
 69 |   ```
 70 | sudo chown -R root ~/sslCert
 71 | sudo chgrp -R root ~/sslCert  
 72 | sudo chmod 400 ~/sslCert/privkey.pem
 73 | ```  
 74 |  Then insert the following into the docker startup command (from step 2. above) between `run` and `--name`:  
 75 | 
 76 |   ```
 77 | -v ~/sslCert:/root/sslKeys
 78 | ```  
 79 | 
 80 |   ---
 81 | _For option (B) (using the built-in script to re-generate your own self-signed ssl certificate):_ 
 82 |   - The image includes a bash script (`/usr/sbin/setup-apache-ssl-key`) that generates new ssl cert files on command (and overwrites the pregenerated ones included in this image). You can use this script to regenerate a new SSL key anytime, on the fly. After starting the docker image as described above, run the following command:  
 83 |   ```
 84 | docker exec -it oc sh -c 'SUBJECT="/C=US/ST=CA/L=CITY/O=ORGANIZATION/OU=UNIT/CN=localhost" DO_SSL_SELF_GENERATION=true setup-apache-ssl-key'  
 85 | ```
 86 |   - To have a new ssl certificate generated automatically _every time_ the image is started, insert the following into the docker startup command (from step 2. above) between `run` and `--name`:  
 87 |   ```
 88 | -e DO_SSL_SELF_GENERATION=true -e SUBJECT=/C=US/ST=CA/L=CITY/O=ORGANIZATION/OU=UNIT/CN=localhost
 89 | ```
 90 |   The `SUBJECT` variable is actually optional here, but I put it in there to show how to change the generated certificate to your liking, especially important if you don't want your certificate to be for `localhost`  
 91 | 
 92 |   ---
 93 | _For option (C) (fetching a free, trusted cert from letsencrypt.org):_  
 94 |   For this to work, __this container must be reachable from the internet by visiting http://your.domain.tld__ (where "your.domain.tld" will obviously be unique to you). In fact, a Let's Encrypt robot will attempt to visit this address via port 80 to read files served up by the apache server in this container during the certificate fetching process to verify your ownership of the domain.  
 95 |   Start the docker image as described above, except you must specify your hostname: add `--hostname=your.domain.tld` between `run` and `--name`. Then once the container is running, issue the following command (substituting your proper email address):  
 96 |   ```
 97 | docker exec -it oc sh -c 'EMAIL=youremail@addre.ss DO_SSL_LETS_ENCRYPT_FETCH=true setup-apache-ssl-key'  
 98 | ```
 99 |   ~30 seconds later you should get a green lock in your browser when visiting your OC server at https://your.domain.tld/owncloud  
100 |   Now save your newly fetched certificate files somewhere safe:
101 |   ```
102 | docker cp oc:/etc/letsencrypt/archive/your.domain.tld ~/letsencryptFor_your.domain.tld
103 | ```
104 |   and next time you use docker to start your OC server container, use option (A) to feed your `.key` and `.crt` files into the image when it starts.  
105 |   __NOTE:__ Let's Encrypt gives you a certificate that's valid for three months, afterwhich it needs to be renewed if you'd like to continue getting green locks in your browser. If you run the above `DO_SSL_LETS_ENCRYPT_FETCH=true setup-apache-ssl-key` command, and then you leave your server running without restarting for three months or longer, your certificate *should* be auto-renewed forever. If you restart the container, you'll probably need to re-issue the `DO_SSL_LETS_ENCRYPT_FETCH=true setup-apache-ssl-key` command again manually if you don't want your certificate to expire three months after you first fetched it.  
106 |   __NOTE #2:__ Let's Encrypt has a strict rate limiting policy; it will only grant 5 certificates / 7 days / domain so be very careful with how often you issue the `DO_SSL_LETS_ENCRYPT_FETCH=true setup-apache-ssl-key` command above
107 | 
108 | 1. **[Optional] Stop the docker-owncloud server instance**
109 | 
110 |   ```
111 | docker stop oc
112 | ```
113 | You can restart the container later with `docker start oc`
114 | 1. **[Optional] Delete the docker-owncloud server instance (after stopping it)**  
115 | 
116 |   ```
117 | docker rm oc #<--WARNING: this will delete anything stored inside the container
118 | ```
119 | 1. **Profit.**
120 | 
121 | ### Updating your ownCloud server in this container
122 | Periodically new ownCloud server versions will be released. You should probably keep your server on whatever the latest stable version is. When a new update is released you'll see a banner appear across the top of the ownCloud web interface indicating that it's time to upgrade.  
123 | You should follow [the official ownCloud instructions](https://doc.owncloud.org/server/9.0/admin_manual/maintenance/update.html) for updating your ownCloud server using the updater app built into this container. You'll need to change the permissions of some files in the container to allow them to be updated. I've tried to make this straightforward by including a script to manage the permissions for you. Before you run the updater app (as described in the official instructions), run `docker exec -it oc sh -c 'set-oc-perms upgrade'`. Then after you've completed the upgrade, set the permissions back to their "safer" default values like this: `docker exec -it oc sh -c 'set-oc-perms runtime'`.
124 | 


--------------------------------------------------------------------------------