You are not logged in.
I am trying to set up OwnCloud for use on my server. I have gotten it to work with Apache, but I am having problems configuring it to use SSL/TLS instead of plain HTTP.
I followed the SSL part on ArchWiki/LAMP Server and the OwnCloud setup on ArchWiki/OwnCloud.
Here are the relevant parts from my httpd.conf
Listen 443
LoadModule php5_module modules/libphp5.so
Include conf/extra/php5_module.conf
<IfModule mod_alias.c>
Alias /cloud /usr/share/webapps/owncloud/
</IfModule>
# This is from extra/owncloud.conf
<Directory /usr/share/webapps/owncloud>
Options FollowSymLinks
Order allow,deny
AllowOverride All
Allow from all
php_admin_value open_basedir "/srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/:/usr/share/webapps/owncloud/:/etc/webapps/owncloud"
</Directory>
<VirtualHost *:443>
ServerName cloud.mydomain.com
SSLEngine On
SSLCertificateFile /etc/httpd/conf/server.crt
SSLCertificateKeyFile /etc/httpd/conf/server.key
SSLCipherSuite HIGH:!aNULL:!MD5
SSLProtocol TLSv1.2 # My browser supports the allowed ciphers and TLS 1.2
DocumentRoot /usr/share/webapps/owncloud
</VirtualHost>I can still access OwnCloud and login at localhost/cloud or mydomain.com/cloud, but when I go to the admin panel it notifies me that I am using HTTP, HTTPS.
I have spent hours trying to figure out what is missing, any help would be appreciated.
Last edited by subraizada3 (2014-02-20 22:01:48)
Offline
Bump?
Offline
Here is what I am using. You can set owncloud to use https from and admin options after it's working well in normal http. https will work if your ssl is configured correctly in apache
let me know if you want to compare other config files. The whole <VirtualHost *:80> is not required if you only use yourservername.com/owncloud
<IfModule mod_alias.c>
Alias /owncloud /usr/share/webapps/owncloud/
</IfModule>
<Directory /usr/share/webapps/owncloud/>
Options FollowSymlinks
Order allow,deny
AllowOverride all
allow from all
php_admin_value open_basedir "/srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/owncloud/:/etc/webapps/owncloud"
</Directory>
<VirtualHost *:80>
ServerAdmin dan@yourserver.com
DocumentRoot /usr/share/webapps/owncloud
ServerName owncloud.yourserver.com
ErrorLog logs/owncloud.yourserver.info-error_log
CustomLog logs/owncloud.yourserver.info-access_log common
</VirtualHost>
Last edited by dan457 (2014-02-19 19:30:19)
Offline
If I can do it without the VirtualHost, that would be great. So now the problem is that I just can't get HTTPS working in Apache.
Here's my httpd.conf (without all the LoadModules)
ServerRoot "/etc/httpd"
Listen 80
Listen 443
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User http
Group http
</IfModule>
</IfModule>
################################################################################
# Options for default host
################################################################################
ServerAdmin xxxxx
ServerName xxxxx
DocumentRoot "/srv/http"
# Don't show apache version
ServerSignature Off
ServerTokens Prod
# Restrictive access to the default server
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory "/srv/http">
# Options is a combination of
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
Options Indexes FollowSymLinks
# What can be placed in .htaccess files?
# All, None, or combination of Options, FileInfo, AuthConfig, Limit
AllowOverride None
# Who can get stuff from the server?
Order allow,deny
Allow from all
</Directory>
# Which file to display if a directory is requested?
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
# Don't let people see .htaccess or .htpasswd files
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
# From extra/httpd-default.conf
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
UseCanonicalName Off
HostnameLookups Off
AccessFileName .htaccess # But it's still disabled
################################################################################
# Logging stuff
################################################################################
# Location of error log
ErrorLog "/var/log/httpd/error_log"
# Verboseness of log: debug, info, notice, warn, error, crit, alarm, emerg.
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "/var/log/httpd/access_log" common
</IfModule>
################################################################################
# MIME Types
################################################################################
DefaultType text/plain
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
# Guess MIME from file contents
MIMEMagicFile conf/magic
################################################################################
# Supplemental Includes
################################################################################
# Multi-language error messages
Include conf/extra/httpd-multilang-errordoc.conf
# Fancy directory listings
Include conf/extra/httpd-autoindex.conf
# Language settings
Include conf/extra/httpd-languages.conf
# User home directories
Include conf/extra/httpd-userdir.conf
################################################################################
# SSL/TLS stuff
################################################################################
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
SSLEngine On
SSLCertificateFile /etc/httpd/conf/server.crt
SSLCertificateKeyFile /etc/httpd/conf/server.key
SSLCipherSuite HIGH:!aNULL:!MD5
SSLProtocol TLSv1.2
################################################################################
# OwnCloud
################################################################################
# PHP dependency
LoadModule php5_module modules/libphp5.so
<IfModule dir_module>
<IfModule php5_module>
DirectoryIndex index.php index.html
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
</IfModule>
</IfModule>
# OwnCloud
<IfModule mod_alias.c>
Alias /cloud /usr/share/webapps/owncloud/
</IfModule>
<Directory /usr/share/webapps/owncloud>
Options FollowSymLinks
Order allow,deny
AllowOverride All
Allow from all
php_admin_value open_basedir "/srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/:/usr/share/webapps/owncloud/:/etc/webapps/owncloud"
</Directory>server.crt and server.key were generated as stated on ArchWiki -> LAMP -> SSL
Last edited by subraizada3 (2022-01-28 05:39:09)
Offline
I didn't put everything in httpd.conf like you did, I did put these in httpd.conf and of course uncommented the required extentions. It is simpler to do it this way, particularly if you install other sites later, like phpMyAdmin for example.
Added to the bottom of my httpd.conf:
LoadModule php5_module modules/libphp5.so
Include conf/extra/php5_module.conf # Enable PHP
Include conf/extra/httpd-ssl.conf # Enable SSL, you will have to edit this file
Include conf/extra/owncloud.conf # Enable owncloud
Remove everything below # SSL/TLS stuff from your httpd.conf and add the above lines minus the #comments. Then create this file:
/etc/httpd/conf/extra/owncloud.conf
and put only this inside it:
<IfModule mod_alias.c>
Alias /cloud /usr/share/webapps/owncloud/
</IfModule>
<Directory /usr/share/webapps/owncloud/>
Options FollowSymlinks
Order allow,deny
AllowOverride all
allow from all
php_admin_value open_basedir "/srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/owncloud/:/etc/webapps/owncloud"
</Directory>
If you want to force SSL, you can just set than from within owncloud when your logged in as an administrator. (after checking that it's working of course)
And I recomend moving your data directory, if you are like most and only have a small root.
edit /etc/webapps/owncloud/config/config.php
find line with:
'datadirectory' =>
For example I use this as my /home partition is huge :
'datadirectory' => '/home/owncloud/data',
make sure user http can write to it.
Last edited by dan457 (2014-02-20 06:44:50)
Offline
It works!
I removed all the OwnCloud stuff in the httpd.conf, Included httpd-ssl.conf, and made the Alias/Directory only owncloud.conf
Now the only problem is that I need to explicitly specify https:// when going to the website, but that's for another thread.
Offline
You don't need to specify https, you can force SSL as an option in your owncloud admin settings
Last edited by dan457 (2014-02-21 01:32:50)
Offline