How to configure self signed SSL certificate in owncloud Ubuntu
Before directly jumping into this tutorial you must have running owncloud server in your system.
I have written it in my previous post,you can learn how to from this link https://sharadchhetri.com/2013/05/15/installing-owncloud-in-ubuntu-13-04/
In this tutorial we will learn how to configure self signed ssl certificate in owncloud.
The method is applied to apache2 no matter it is Debian or Ubuntu.If still you have any doubt leave the comment.
To configure the Self Signed Certificate follow the given below steps.
Step(1) Install openssl in server as we have already running owncloud hence installing of apache2 is not required.
$ sudo apt-get install openssl
Step(2) Enable the ssl and rewrite module in apache2
$sudo su - #a2enmod ssl #a2enmod rewrite
Step(3): Create a ssl directory inside /etc/apache2
# mkdir -p /etc/apache2/ssl
Step(4): Create self signed ssl certificate. And fill information which it will ask.
openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/owncloud.pem -keyout /etc/apache2/ssl/owncloud.key
Now we will configure the owncloud.conf file.
Step (5): Edit the owncloud.conf file
In owncloud.conf file I redirect port 80 request to port 443.
Configured the SSL engine and its key path. And the DocumentRoot parameter is also used.
Note: In the below given configuration I am using IP based Virtual Hosting in apache. If you have DNS configured you can set it as name based configuration also.
Replace 192.168.1.34 with you server IP address
vi /etc/apache2/conf.d/owncloud.confRewriteEngine on ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] SSLEngine on SSLCertificateFile /etc/apache2/ssl/owncloud.pem SSLCertificateKeyFile /etc/apache2/ssl/owncloud.key DocumentRoot /var/www/owncloud/ AllowOverride All order allow,deny Allow from all
Step (6) Restart the apache2.
service apache2 restart
Step(7) Open the webbrowser and type the url of owncloud you will see it by defualt goes to https.
If you want both http and https then remove the redirection at para of “VirtualHost *:80 …. </VirtualHost> “
Hello. Thank you for a fine tutorial. I have been unable to get the login to complete since creating the cert and installing SSL. I hope that you might have some time to look at this and offer insight.
Apache log:
[ssl:info] [pid 14924] (70007)The timeout specified has expired: [client 192.168.1.1:55108] AH01991: SSL input filter read failed.
[ssl:debug] [pid 14924] ssl_engine_io.c(1003): [client 192.168.1.1:55108] AH02001: Connection closed to child 7 with standard shutdown (server sedonaserver.homelinux.org:443)
Owncloud Log:
{“reqId”:”8d766b2b76e891c682a633331f79b4d7″,”remoteAddr”:”192.168.1.1″,”app”:”PHP”,”message”:”session_write_close(): open(/var/lib/php5/sess_9pr9bp43f4k73plteud4jae5t0, O_RDWR) failed: Permission denied (13) at /var/www/owncloud/lib/private/session/internal.php#77″,”level”:3,”time”:”2015-05-14T19:09:17+00:00″}
{“reqId”:”8d766b2b76e891c682a633331f79b4d7″,”remoteAddr”:”192.168.1.1″,”app”:”PHP”,”message”:”session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php5) at /var/www/owncloud/lib/private/session/internal.php
Having exhausted (I think) the Apache and SSL avenues, the problem seems to be the location of the session. I’ve ensure that /var/lib/php5 is writable by www-data, and I extended timeouts on apache to see identify the problem. Apache waits until the session times out and I get the errors above.
Here’s what the directory looks like when there’s a session:
root@SedonaServer:/var/lib/php5# ls -l
total 8
drwxrwxrwx 5 root root 4096 Sep 24 2014 modules
———- 1 www-data www-data 297 May 14 15:44 sess_ogk54ra7d6daqtf98c5l3dkda6
The session file contents:
SID_CREATED|i:1431636282;LAST_ACTIVITY|i:1431636282;OC_Version_Timestamp|i:1429819239;OC_Version|a:4:{i:0;i:8;i:1;i:0;i:2;i:3;i:3;i:4;}OC_VersionString|s:5:”8.0.3″;OC_Channel|s:6:”stable”;OC_Build|s:66:”2015-04-23T19:59:50+00:00 3f2069bd66669414d529cbdf2208635f27c85288″;checkServe$kServer_succeeded|b:1;
Hi Mark,
Just curious to know, if your server has any proxy setup in apache.
Regards
Sharad
by typing owncloud.example.com in browser
am seeing this error
—->>>>>You are accessing the server from an untrusted domain.
Please contact your administrator. If you are an administrator of this instance, configure the “trusted_domain” setting in config/config.php. An example configuration is provided in config/config.sample.php. <———————————-
but i cant find any "config.php" file
why its so????
somebody please help me…..
Hello Vaishakh,
Kindly share your configuration details . Example.com must be replaced with your actual domain name. I suggest you to read about IP based and name based virtual hosting in apache
Regards
Sharad
Hello Vaishakh,
Today I luckily stuck with same issue .
I have resolved this problem. You can read about the solution from this post
https://sharadchhetri.com/2014/07/21/owncloud-error-accessing-server-untrusted-domain/
Great tutorial and it worked for me first time, thank you kindly!
I have an interesting issue though. I updated my version of php to v5.4 or higher for a mail related app and had to change my apache sites-available example.com file to example.com.conf. to make the virtual host work again.
Now https://example.com does not work.
I get the following in the browser:
Index of
/Name Last modified Size Description
Apache/2.4.9 (Ubuntu) Server at example.com Port 443
Could you help?
Thanks again.
Hello Demian,
Check the DocumentRoot value you have set in apache configuration file.
Give the DocumentRoot , is it /var/www or /var/www/html , check in your system and then check same in apache config file.
Hope it will work.
Regards
Sharad
thank you! that sorted it!
Awesome. I appreciate , you came back and given the positive feedback. It helps many reader in this type of problem.
Thanks and Regards
Sharad
Hello Ramiro,
Thankyou for appreciating the tutorial.
Newbies are always welcome to ask question because they are in learning from scratch.
Setting Name Based Virtual Host require DNS name like sharadchhetri.com . It is DNS concept. You must have some domain name purchased from any domain registerar , eg. godaddy.com , namecheap.com ,bluehost.com etc.
You will get a DNS panel for your domain name.
Create a host record ,pointing to your server IP Address where you have installed owncloud.
After setting Host Record in DNS server panel , follow step 7, at section “Name based Virtual Hosting” from this tutorial.
This is all settings we do for public live servers.
Hi Sharad, thanks for the amazing tutorial (i followed the one on youtube) . Really appreciate it 🙂 . anyway I’m stuck a step 5 . have some questions for you :
1. i have setted up a Static ip with a dns-nameservers in the /etc/network/interfaces . now, in this step (5) you talked about “In the below given configuration I am using IP based Virtual Hosting in apache. If you have DNS configured you can set it as name based configuration also.” i have setted dns (i think ) so, what i’ll have to change in this code ?
2. i usually work from Putty on my windows to configure stuff. when i connect to server i usually use port 22. do i have to change port 80 to 22 in this code ?
sorry if the answer is going seem obvious for you. i’m a newbie in handling servers and i still have many things to learn. your tutorial is giving me the opportunity to learn a lot of things. 🙂
It has been a successful SSL / Https, now I can get my name and https server via web, but now does not work via webdav client, and check the configuration files but can not find anything unusual, which is my error? before the https implemntar worked perfect, you kindly help me please
thank you very much
Hello Christian,
Have you got any error number ?
You are connecting from which Operating System (Windows or Linux)
If you can show me the screenshot, it will be easy to troubleshoot.
Also check the owncloud.log , default location is /var/log/owncloud.log
Regards
Sharad
In your step 5 above, you missed directory in your Directory directive (right term?). I have changed it to /var/www/owncloud> to fix it:-). Now I learn so much about apache (more than I would like to:-).
———–
AllowOverride All
order allow,deny
Allow from all
———–
Thanks Jun,
I even learned from your comments.And I appreciate all my my blog readers,who give comments because it motivate me to write useful article.
When I created this document,I have done this practical in Ubuntu 12.04 LTS
Lesson I learned from your comments
(1) Now it is time to write document for Ubuntu 13.10 .Because 13.10 has Apache 2.4 version,in which some new terms we are using.
(2) I should also consider LAMP/XAMP in Linux system,because most of the developers do practice on it.I used to avoid writing on lamp/xamp. Soon in my blog ,our readers will see useful tips/tricks/HowTo on lamp/xamp tutorial.Oh yes,owncloud in lamp will be included.
Thanks Jun,you rocks! . I am very happy because you troubleshooted yourself and you gained knowledge. Sometimes it is difficult to guide some user and at that time I really feel bad because I am seriously working on the question.
Thanks and Regards
Sharad
I finally figured out about ssl part on the owncloud server side. Still need to figure out how to get ownclient to sync (owncloud learning curve).
However, my system complained about RewiteEngine part for 80 access in your owncloud.conf (ubuntu 13.10, with LAMP server installed from repository). I remove the virtual host on 80 from your owncloud.conf and it seems to work as I want (allow both 80 and 443 as I may just use 80 while on my local LAN).
Thank you!
Jun
—————–
vi /etc/apache2/conf.d/owncloud.conf
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/owncloud.pem
SSLCertificateKeyFile /etc/apache2/ssl/owncloud.key
DocumentRoot /var/www/owncloud/
AllowOverride All
order allow,deny
Allow from all
—————————-
Thank you for the link. This is my test setup. I have not yet been able to setup desktop sync client for owncloud. It seems to me that the https setup is totally screwed up. I will have to reinstall owncloud server. By the way, there seems to be typo in your owncloud.conf at the end, the system complained about syntax error at directory direction(?).
I do have a question for you if you don’t mind: can I setup owncloud for both 80 and 443 access? have you tried their desktop client whether they can sync without ssl connection?
Thank you for your time!
Thanks,
Jun
yes,you can setup for both 80 and 443 access. remove redirection to 443 port in virtual host port 80 section
can you share /etc/apache2/conf.d/owncloud.conf this file,I would like to check syntax error
I found your tutorial because my setup messed up:-(. I just installed owncloud server 6 and tried to configure it to work with owncloud desktop client 1.5. I followed another tutorial and seemed to have server set up ok, but the client won’t connect. It seems to indicate the certificate not trusted because I do not have a public certificate. I will only use the server on LAN with VPN, I figure that’s sufficient without ssl, but the client won’t connect, so I have to try set up https access.
The other tutorial I followed has quite some different settings than yours. I’m going to try your method, but I need to clean up a little bit first. I wonder if your method should work for server 6.0? I don’t know much apache server at all, that’s why I got the certificate part messed up. Thank you!
Thanks,
Jun
Hello Jun,
Suggest you to first test the settings in test server. I usually do this practice. You can use virtual box or vmware for this.
I have read about this long back ago,one of our blog reader raised a question in owncloud forum about this .I hope this link will help you.
I am using the https in production with client and it is pretty much working fine.
Let me know your feedback, I am interested to solve your problem.
Regards
Sharad