Hi there,
first of all, a short
=== Disclaimer ===
As discussed by DrKK and Joshua Parker Ruehlig, installing Owncloud via the PBI Plugin system is neither the most performant nor the most secure way on getting OwnCloud on your Freenas-powered device. If you expect to have many users or simply value performance, go ahead and check out these excellent guides.
Also, I am going to mention several companies and projects / products in this guide. I am an independent, professional web developer with no affiliation or connection in any way, shape or form with these companies and products. There are alternatives out there to all of them, just as there are alternatives to OwnCloud - these are just my personal recommendation and/or preferences.
=== Preface ===
That said, installing OwnCloud via PBI is probably the fastest and easiest way and just gets the job done, but it still lacks an easy way to get your own (self-signed or officially signed) SSL Certs in there. This is why I am writing this guide (and also, to come back here and redo the steps myself... ;-)). Feedback is, as always, highly appreciated, so feel free to come back here and let me know if this helped or not!
This guide is split into 3 parts: Installing the PBI, getting the certificate files and putting them on the server.
=== Prerequisites ===
Before you start, make sure you meet the following prerequisites:
- Basic Unix knowledge: You should feel okay to use the shell (don't worry, every command is explained).
- Port forwarding: You should be able to forward port 80, at least temporarily, so your owncloud installation is available from outside your home network. To test it, you could use your cell phone as long as it's not connected to your wifi ;-).
- DNS: Most of you are probably going to expose the installation to the internet. If you have a static IP address, you can use that, but a name server entry is much more comfortable. I use duckdns.org as dynamic DNS Hoster due to my dynamic IP Address.
This guide was written with FreeNAS-9.10-STABLE-201605021851 and ownCloud 9.0.1 PBI. Other versions should work too, but I have not tested them - if you run into troubles, leave a comment and/or send me a PM. Especially the apache2 folder is subject to change once it gets updated - I'll try to add notes to this guide if I become aware of this.
=== Important directories ===
Apache2 root directory: /usr/pbi/owncloud-amd64/www/owncloud/
ACME-Challenge directory: /usr/pbi/owncloud-amd64/www/owncloud/.well-known/acme-challenge
Owncloud installation directory: /usr/local/www/owncloud (not needed for this guide, just for the sake of completeness)
Owncloud data directory: /media
=== Installing OwnCloud using the PBI method ===
1) Head over to the plugins tab and install the owncloud plugin - this should be quite hassle-free.
2) If you want to store your data onto another device (not inside the jail, eg. an external Hard Drive), do this before you start the jail for the first time:
2a) Go to jails, owncloud_1, Storage and mount the folder you want to use to the jails /media folder. Double check if the "Mounted?" Checkbox is ticked.
3) Start the plugin, and complete the installation by providing your credentials. There is probably a warning stating that the certificate is invalid - fixing this is the whole point of this guide ;-)
=== Getting the Certs to use letsencrypt ===
There are many ways to get a valid SSL Certificate (eg. StartSSL). For this guide, I'll stick to letsencrypt - to be exact, I'm using https://zerossl.com's Certificate Wizard, an alternative web-based letsencrypt client. A full list of can be found at https://github.com/certbot/certbot/wiki/Links . Regardless of what method you use, if you end up with a valid .crt and a .key file, you should be ready for the third part of this guide.
4) Head over to https://zerossl.com/free-ssl/#crt and enter the domains which you'll want to use (eg. http://myownlittlecloud.com ) and hit next (twice) to get the CSR and the letsencrypt key file. This is not the .key file you'll put on your server - this one is used to renew the certificates. You should absolutely save those two files and keep them in a safe place - and keep a copy outside of your owncloud... ;-)
5) Next up is the domain verification process. This is needed to prove that you actually really own the domain you try to get the certificate for, which includes you getting the ACME challenge file on your server. SSH into your owncloud jail or go to Jails Tab (the one on the top, not the sidebar), select "owncloud_1" and open the Shell (on the bottom).
6) cd into the apache2's root directory:
12) Download and save the files provided by zerossl in a safe place, and rename them to server.key and server.crt. Congrats, you have received the officially signed ssl certificate files!
=== Getting the files to the server ===
13) Backup the server.key and the server.crt file - just in case:
15) Close the shell, restart the jail and enjoy :) Don't forget, feedback is appreciated!
first of all, a short
=== Disclaimer ===
As discussed by DrKK and Joshua Parker Ruehlig, installing Owncloud via the PBI Plugin system is neither the most performant nor the most secure way on getting OwnCloud on your Freenas-powered device. If you expect to have many users or simply value performance, go ahead and check out these excellent guides.
Also, I am going to mention several companies and projects / products in this guide. I am an independent, professional web developer with no affiliation or connection in any way, shape or form with these companies and products. There are alternatives out there to all of them, just as there are alternatives to OwnCloud - these are just my personal recommendation and/or preferences.
=== Preface ===
That said, installing OwnCloud via PBI is probably the fastest and easiest way and just gets the job done, but it still lacks an easy way to get your own (self-signed or officially signed) SSL Certs in there. This is why I am writing this guide (and also, to come back here and redo the steps myself... ;-)). Feedback is, as always, highly appreciated, so feel free to come back here and let me know if this helped or not!
This guide is split into 3 parts: Installing the PBI, getting the certificate files and putting them on the server.
=== Prerequisites ===
Before you start, make sure you meet the following prerequisites:
- Basic Unix knowledge: You should feel okay to use the shell (don't worry, every command is explained).
- Port forwarding: You should be able to forward port 80, at least temporarily, so your owncloud installation is available from outside your home network. To test it, you could use your cell phone as long as it's not connected to your wifi ;-).
- DNS: Most of you are probably going to expose the installation to the internet. If you have a static IP address, you can use that, but a name server entry is much more comfortable. I use duckdns.org as dynamic DNS Hoster due to my dynamic IP Address.
This guide was written with FreeNAS-9.10-STABLE-201605021851 and ownCloud 9.0.1 PBI. Other versions should work too, but I have not tested them - if you run into troubles, leave a comment and/or send me a PM. Especially the apache2 folder is subject to change once it gets updated - I'll try to add notes to this guide if I become aware of this.
=== Important directories ===
Apache2 root directory: /usr/pbi/owncloud-amd64/www/owncloud/
ACME-Challenge directory: /usr/pbi/owncloud-amd64/www/owncloud/.well-known/acme-challenge
Owncloud installation directory: /usr/local/www/owncloud (not needed for this guide, just for the sake of completeness)
Owncloud data directory: /media
=== Installing OwnCloud using the PBI method ===
1) Head over to the plugins tab and install the owncloud plugin - this should be quite hassle-free.
2) If you want to store your data onto another device (not inside the jail, eg. an external Hard Drive), do this before you start the jail for the first time:
2a) Go to jails, owncloud_1, Storage and mount the folder you want to use to the jails /media folder. Double check if the "Mounted?" Checkbox is ticked.
3) Start the plugin, and complete the installation by providing your credentials. There is probably a warning stating that the certificate is invalid - fixing this is the whole point of this guide ;-)
=== Getting the Certs to use letsencrypt ===
There are many ways to get a valid SSL Certificate (eg. StartSSL). For this guide, I'll stick to letsencrypt - to be exact, I'm using https://zerossl.com's Certificate Wizard, an alternative web-based letsencrypt client. A full list of can be found at https://github.com/certbot/certbot/wiki/Links . Regardless of what method you use, if you end up with a valid .crt and a .key file, you should be ready for the third part of this guide.
4) Head over to https://zerossl.com/free-ssl/#crt and enter the domains which you'll want to use (eg. http://myownlittlecloud.com ) and hit next (twice) to get the CSR and the letsencrypt key file. This is not the .key file you'll put on your server - this one is used to renew the certificates. You should absolutely save those two files and keep them in a safe place - and keep a copy outside of your owncloud... ;-)
5) Next up is the domain verification process. This is needed to prove that you actually really own the domain you try to get the certificate for, which includes you getting the ACME challenge file on your server. SSH into your owncloud jail or go to Jails Tab (the one on the top, not the sidebar), select "owncloud_1" and open the Shell (on the bottom).
6) cd into the apache2's root directory:
cd /usr/pbi/owncloud-amd64/www/owncloud/
7) create the directories for the ACME Challenge:
mkdir -p .well-known/acme-challenge
8) Change owner to the webserver's user and set permissions, so the webserver can actually serve the ACME-Challenge file:
chmod 666 .well-known/acme-challenge/
chmod 666 .well-known/
chown www .well-known/acme-challenge/
chown www .well-known/
9) Change into the newly created directories:chmod 666 .well-known/
chown www .well-known/acme-challenge/
chown www .well-known/
cd .well-known/acme-challenge
10) create the ACME-Challenge file (replace *content* and *filename* with the ones provided by zersossl, but keep the "" around the content):
echo "*ACME-CONTENT*" > *filename*
11) Make sure the files are available by clicking on the filename on zerossl, than hit next. If the check fails, you'll have to remove the file and create it anew as the filename and it's content will have changed. (rm *filename*, than go back to step 10).
12) Download and save the files provided by zerossl in a safe place, and rename them to server.key and server.crt. Congrats, you have received the officially signed ssl certificate files!
=== Getting the files to the server ===
13) Backup the server.key and the server.crt file - just in case:
cd /usr/pbi/owncloud-amd64/etc/apache24
cp server.key server.key.bak
cp server.crt server.crt.bak
14) Replace the files with the .txt files you just received. If you have not set up ssh to your jail yet, you can upload them to your owncloud installation and copy them from the shell:cp server.key server.key.bak
cp server.crt server.crt.bak
cp /media/*username*/files/*path/to/certificate*/server.crt /usr/pbi/owncloud-amd64/etc/apache24/server.crt
cp /media/*username*/files/*path/to/certificate*/server.key /usr/pbi/owncloud-amd64/etc/apache24/server.key
cp /media/*username*/files/*path/to/certificate*/server.key /usr/pbi/owncloud-amd64/etc/apache24/server.key
15) Close the shell, restart the jail and enjoy :) Don't forget, feedback is appreciated!
Last edited: