Deploy a Secure Instance of Owncloud 6 With Docker

I’ve recently bought a new storage server and one of the first softwares I needed is Owncloud. Owncloud provides universal access to your files via the web, your computer and your mobile devices. It’s very similar to dropbox.

Docker allows us to easily create lightweight, portable, self-sufficient containers from any application. If you are not familiar with it, I suggest you read the Docker Getting Started.

Requirements

  • A Linux Machine: I use Ubuntu Precise 12.04. You can also setup a simple vm using vagrant.

  • Docker. Note that if you want to use Ubuntu Precise, you’ll need to install a 3.8 kernel. Just follow the installation instructions of the official docker documentation.

  • Git

Step 1

Pull our base image.

1
sudo docker pull ubuntu:12.04

Step 2

Clone my docker repository, which contains the following files:

  • service/owncloud_ssl: main directory for the owncloud ssl image
  • service/owncloud_ssl/Dockerfile: docker file to build the image
  • service/owncloud_ssl/site-owncloud: nginx site configuration to serve the app.
  • service/owncloud_ssl/start.sh: entrypoint for our container, which starts the application
1
2
git clone https://github.com/aboudreault/docker.git
cd docker/service/owncloud_ssl

Step 3

Edit the Dockerfile configuration. Open ‘service/owncloud_ssl/Dockerfile’ file with your editor. There is two config options:

  • APP_DATA: this is the default owncloud value. You don’t have to modify this really.
  • SSL_SUBJ: this is the information required for the SSL Certification generation. Modify this with your own info.

If your server has only one disk partition, you can simply comment the line 30 (VOLUME [“…”]) of the Dockerfile and go to step 4.

In my case, my storage server has two partitions, / with 20G and /mnt/data with 500G. Obviously, I want to use the bigger partition for my owncloud instance. This can be done easily with a docker volume. For now, the only thing we need is to create the directory that will be used for the docker volume.

1
sudo mkdir /mnt/data/owncloud

Step 4

Edit the nginx site configuration. Basically, you only need to modify the server_name with your own site url. Open ‘service/owncloud_ssl/site-owncloud’ file with your editor and modify the line 3: server_name files.alanb.ca;. You can comment that line if you don’t have a specific url yet.

Step 5

Build your docker image. I assume you are already in the service/owncloud_ssl/ directory.

1
sudo docker build --rm -t owncloud_ssl .

Step 6

Deploy your instance!

If you don’t need a docker volume:

1
sudo docker run -P -d -t owncloud_ssl

If you need a docker volume:

1
sudo docker run -P -d -v /mnt/data/owncloud:/var/www/owncloud/data -t owncloud_ssl

You’re instance should now be running. You can verify this with:

1
sudo docker ps

The above command also tells you what is the container id of your instance and what port of your main machine has been mapped to the container port 443. You can get more information about the container with the inspect command (ports, ip address, volume, etc.):

1
sudo docker inspect <container_id>

Step 7

Access your application. You can quickly test your instance using wget. You’ll need to know the host port that is mapped to the container port 443.

1
wget https://localhost:<mapped_port>

At this step, it’s up to you how you want to expose your application. Some options:

  • If you have many public ip addresses, you can simply use iptables to forward the ip/port (443) traffic directly to the container.

  • You can setup a ssl nginx proxy that listen port 443 on the main machine that will take care to pass the requests to the container.

  • If you use vagrant, check the documentation to forward a port.

  • In my case, I’ve created a basic haproxy instance with docker. If you are interested, you might want to take a look at it in my repository.

I hope this helped you to get started.

Comments