Self-host an OwnCloud container to manage your files. Integrate with onlyoffice for cloud documentation

OwnCloud: your private, shareable file storage cloud

Containers Apr 26, 2022

Cloud access to your files, like Google Drive, Box, One Drive, Dropbox... there are more... has become big business recently. It's something which allows us to access our documents wherever we are, on almost any platform. While I believe they still have a place for most home users (and also businesses) I'd like to offer an alternative.

For those of us with the time and inclination, there's a good range of self-hosted options to choose from, allowing us to create and manage our own cloud storage without needing to rely on the big boys.

There are some criteria we require in choosing our self-hosted cloud storage:

  1. It's available as a docker image, and still has active support from the developers
  2. It allows for multiple users, both admin and regular
  3. It can be self-hosted, and can be accessed via reverse proxy
  4. It has good security options, such as 2FA
  5. It offers file encryption
  6. It has a supported phone app
  7. It supports public, shareable links (for when you just have to share that funny photo with someone who isn't a user)
  8. At its core, it's a document storage solution

In my mind, there are two applications which cover all of the above: ownCloud, and Nextcloud. The latter is an offshoot of the former, and supposedly more developed. It definitely provides more options for integrations, plugins and varied functionality. However it's also (in my experience) a bigger resource hog, and did not play well during a container migration. Feel free to try Nextcloud, I know those who swear by it. Try ownCloud, see how they compare. Personally, I don't need all the bells and whistles which Nextcloud tries to add, so today I'll talk you through ownCloud.

We will cover: the server installation via docker; initial setup steps once you've accessed your ownCloud instance; installing the Windows sync tool; installing ownCloud for Android (which is practically the same as for iPhone).

💡
The following instructions assume a certain level of competency with Docker, SSH/command line OR creating stacks with Portainer, and a working knowledge of setting up reverse proxies (for internet access to your cloud container). It also assumes you have your own fully qualified domain name (FQDN) such as yourdomain.com

Prepping your system

This process will install three containers - ownCloud, MariaDB, and Redis. Let's prep our file system:

  1. Navigate to the directory where you store your container config and persistent folders, and create one called owncloud (lowercase is important, and will continue to be so throughout this walkthrough)
  2. Inside your owncloud folder, create three more called db, files and redis
  3. Still inside the owncloud folder, create a file called docker-compose.yml
  4. Make sure you know the IP address of your host machine (NAS, Raspberry Pi, whatever it is). On linux based systems you can do this from the command line by typing in ifconfig and finding the correct network adapter. On windows machines, open up a command prompt or terminal and the command is ipconfig
  5. SSH into your machine, and create a docker network for your ownCloud instance by typing sudo docker network create owncloud. Again, the letters are case sensitive

Creating your containers

We can now get on with the business of creating the containers.

  • Navigate to and open the docker-compose.yml file we created in step 2 above (use whichever method you're most comfortable with, SSH and vim, SMB via windows, whatever)
  • Copy paste the following, and then make sure to pay attention to the parts that need to be changed:
#########NETWORKS#########
networks:
  owncloud:
    external: true
#########NETWORKS#########
services:
  owncloud:
    image: owncloud/server:latest
    container_name: owncloud
    restart: unless-stopped
    ports:
      - 8080:8080 #change before the ':' if necessary
    depends_on:
      - oc-db #makes sure the database is up before running owncloud
      - oc-redis #same as above
    environment:
      - OWNCLOUD_DOMAIN=123.456.789.9:8080 #change to your host IP and port above
      - OWNCLOUD_TRUSTED_DOMAINS=123.456.789.9 #change to match the IP ONLY above (do not include the port)
      - OWNCLOUD_DB_TYPE=mysql
      - OWNCLOUD_DB_NAME=owncloudDB
      - OWNCLOUD_DB_USERNAME=#choose a username (1)
      - OWNCLOUD_DB_PASSWORD=#enter a strong password (1)
      - OWNCLOUD_DB_HOST=oc-db
      - OWNCLOUD_ADMIN_USERNAME=#choose a username (2)
      - OWNCLOUD_ADMIN_PASSWORD=#choose a strong password (2)
      - OWNCLOUD_MYSQL_UTF8MB4=true
      - OWNCLOUD_REDIS_ENABLED=true
      - OWNCLOUD_REDIS_HOST=oc-redis
    healthcheck:
      test: ["CMD", "/usr/bin/healthcheck"]
      interval: 30s
      timeout: 10s
      retries: 5
    volumes:
      - /path/to/your/owncloud/files:/mnt/data
    networks:
      - owncloud

  oc-db:
    image: mariadb:10.5
    container_name: owncloud_db
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=#choose a strong password
      - MYSQL_USER=#the same as username (1) above
      - MYSQL_PASSWORD=#the same as password (1) above
      - MYSQL_DATABASE=owncloudDB
    command: ["--max-allowed-packet=128M", "--innodb-log-file-size=64M"]
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-u", "root", "--password=${MYSQLROOTPWD}"]
      interval: 10s
      timeout: 5s
      retries: 5
    volumes:
      - /path/to/your/owncloud/db:/var/lib/mysql
    networks:
      - owncloud

  oc-redis:
    image: redis:6
    container_name: owncloud_redis
    restart: unless-stopped
    command: ["--databases", "1"]
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5
    volumes:
      - /path/to/your/owncloud/redis:/data
    networks:
      - owncloud
copy paste and make any changes necessary

Some things to change above:

  • If you change the owncloud port mapping, make sure you reflect this in the OWNCLOUD_DOMAIN
  • Set your host machine's IP address as the OWNCLOUD_DOMAIN, followed by the owncloud published port (the number before the : specified in the ports block)
  • If you plan on using multiple domains to access your OwnCloud instance (such as locally via IP, but also via a personal domain such as owncloud.yourcooldomain.com with a reverse proxy) then you must add each trusted domain as comma separated without whitespace, i.e. - OWNCLOUD_TRUSTED_DOMAINS=123.456.789.9,owncloud.mycooldomain.com
  • Make sure to set usernames and strong passwords where specified
  • Make sure to change your volume paths to those which were created on your host machine
💡
Pay close attention to the usernames and passwords which need to be the same between the owncloud container and the oc-db container

Once you're happy you have the right information included, it's time to create the containers:

  • Log in to your host machine via SSH
  • Navigate to the directory which holds your docker-compose.yml file
  • Type the following command:
sudo docker-compose -p "owncloud" up -d
the -p flag allows us to name our stack
  • Watch the CLI window as it downloads the images and creates the containers - the actual owncloud container will be created last
or copy/paste the above stack to Portainer and hit the blue 'Deploy the stack' button after making the relevant changes

All being well, you should now have the three containers created.


Accessing OwnCloud

In your browser's address bar, enter serverIP:8080 (if you changed the port mapping in the compose above, you need to use whatever port you specified here as well).

You should be shown the following screen:

Ctrl+click to enlarge in a new tab

Enter the the username and password you set above for OWNCLOUD_ADMIN_USERNAME and OWNCLOUD_ADMIN_PASSWORD and you should be logged in, with the screen changing to something similar to this:

Ctrl+click to enlarge in a new tab
  1. This button opens a small drop-down menu where you can select things like admin settings
  2. This hamburger/3-line menu button is where you will access the different apps or add-ons you may integrate, such as a calendar or a music player. It's also where you will be able to find the 'Market' app, which is where you can browse the official integrations available to you
  3. Clicking + allows you to add files or folders, or upload

The following can all be done from the Settings page using your admin user

Enable 2-factor authentication (2FA)

Click on the 'Apps' menu in the left hand navigation panel, and then search for 2-Factor Authentication. Click the 'Enable' button. The next time you or another user logs in, you will be required to set up 2FA on your device (like a mobile). This is extremely useful (and important) for safety when exposing your ownCloud instance to the web.

Ctrl+click to enlarge in a new tab
💡
You have the option of selecting a check-box that only enforces 2FA for specific user groups. Play around with this if you think it will be useful

Take some time to explore the other apps which are already listed here. You can disable/enable as you wish, but be aware that disabling certain services may cause breaking changes to occur to your setup.

Set up your mail-server credentials

If you have your own mail server, you can set up an admin email account which will mail users on certain events, such as when they change their emails, if a document is shared with them, etc.

Head over to the 'General' menu in the left-hand navigation pane, and input your mail-server credentials at the top of the screen:

Ctrl+click to enlarge in a new tab

This page also offers mail templates if you create a theme, and general logs options.

Enabling Encryption

Click the 'Encryption' menu in the left-hand navigation pane. At the top of the screen you'll see a checkbox to enable server-side encryption.

Once you click it, a red text box will appear which explains various need-to-know information. Once you've read it and are satisfied, click the button labeled 'Enable encryption'

Ctrl+click to enlarge in a new tab

Add users

Hit the button top right, then select Users from the drop-down box. The screen you're shown will initially be pretty empty, and will only include your admin user.

Ctrl+click to enlarge in a new tab

There are 3 main areas to this page. The main one is where your users are listed. Here, as the admin, you can change any user's password, the group(s) they're part of, assign whether or not a user can be an admin for a particular group, and set a storage quota for them (1GB, 5GB, Unlimited, etc.).

The far left panel allows you to create and quickly view your groups.

Finally, at the top of the screen under the ownCloud bar you will be able to add a user. If you've set up your mail-server correctly following the steps above, enter their email address as well. Once you hit the 'Create' button, your new user will be emailed with a temporary password to access ownCloud, and will then be asked to change it on their first login. If you've enabled 2FA already, they will also be asked to set that up.

💡
Instead of emailing a temporary password, admins also have the ability to set a user's password. These can only be set explicitly, as admins do not have the power to reset to a random password. Users who forget their passwords can either request the admin to set a new one for them, or they can reset their passwords from the login screen after inputting incorrect credentials (click here for an image of this screen)

Setting up your apps (windows and mobile)

Coming soon...


Swag, Authelia and Reverse Proxies
A step-by-step walkthrough to self-host your Reverse Proxy with SWAG, and providing SSO and 2FA security using Authelia, all in docker
Local DNS to serve your apps via URL instead of IP
Tired of remembering a raft of port numbers to access your service GUIs? Here’s a way to access them all using easier-to-remember URLs

PTS

PTS fell down the selfhosted rabbit hole after buying his first NAS in October 2020, only intending to use it as a Plex server. Find him on the Synology discord channel https://discord.gg/vgSq5pcT

Have some feedback or something to add? Comments are welcome!

Please note comments should be respectful, and may be moderated