Saturday, June 15, 2019

Docker: Owncloud

Owncloud in docker

First we need to download owncloud.
docker pull owncloud
docker run -d -p 8080:80 -p 443:443 --name owncloud owncloud

Time to allow owncloud being accessible by outside.
docker ps
docker exec -it <your container> bash
$ apt-get update
$ apt-get install nano

$ nano config/config.php


  'trusted_domains' =>
  array (
    0 => '127.0.0.1',
    1 => '<>',
  ),
where <> should be something like blahblah.chickenkiller.com

Now let's create our ssl keys
Step 1
mkdir /etc/apache2/ssl
openssl dhparam -dsaparam -out /etc/apache2/ssl/dh4096.pem 4096


Your keys
Step 2
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/apache2/ssl/owncloud.key -out /etc/apache2/ssl/owncloud.crt

If you want a certificate from certbot and let's encrypt.
apt-get update
apt-get install software-properties-common
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install certbot python-certbot-apache 
Say no to redirect in case you don't use the parameter certonly. We will do it in step 5
certbot --apache certonly
cp /etc/letsencrypt/live//privkey.pem /etc/apache2/ssl
cp /etc/letsencrypt/live//fullchain.pem /etc/apache2/ssl

Step 3 pick the right key and chain from 
nano /etc/apache2/sites-available/default-ssl.conf
#ServerName :443
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/owncloud.crt (or fullchain.pem )
SSLCertificateKeyFile /etc/apache2/ssl/owncloud.key (or privkey.pem)
SSLOpenSSLConfCmd DHParameters /etc/apache2/ssl/dh4096.pem (Ignore this if done with certbot)
Include /etc/apache2/ssl/options-ssl-apache.conf 

Step 4
a2ensite default-ssl
a2enmod ssl
Step 5 (change the host name and the port)
nano /etc/apache2/sites-available/000-default.conf
Add redirect "/" https://:
Step 6
service apache2 restart

 =============================
Options-ssl-apache.conf
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.

SSLEngine on

# Intermediate configuration, tweak to your needs
SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256$
SSLHonorCipherOrder     on
SSLCompression          off

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common

#CustomLog /var/log/apache2/access.log vhost_combined
#LogLevel warn
#ErrorLog /var/log/apache2/error.log

# Always ensure Cookies have "Secure" set (JAH 2012/1)
#Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"


==================================

Plex

nano /etc/fstab
UUID= /mnt/Data ntfs-3g defaults,auto,rw,nofail,x-systemd.device-timeout=4,big_writes,async,noatime,nodiratime 0 1
docker run \
-d \
--name plex \
--network=host \
-e TZ="Europe\Brussels" \
-e PLEX_CLAIM="claim-<>" \
-v /home/plex:/config \
-v /home/plex/transcode:/transcode \
-v /mnt/Data:/data -e PLEX_UID=1000 -e PLEX_GID=1000\
-v /mnt/Data/Music/:/data/music \
-v /mnt/Data/Movies/:/data/movies \
linuxserver/plex
(problems with access to folders of mounted data...? PLEX_UID? )

Startup
nano /etc/rc.local
(before exit 0 add this )
docker start owncloud
java -jar "/home/pi/JDownloader.v2.0/JDownloader.jar" &
Posted by Nick at 12:54 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)