SSL configuration for Nextcloud server using docker containers in Ubuntu OS

Submitted on Tue, 05/28/2024 - 11:19

Tags

Scenario:

In an Ubuntu server, NextCloud has been setup following the steps shown in the tutorial How to configure Nextcloud using Docker.

Following domain has been registered pointing to the public IP of the Ubuntu server.

cloudnepal.ddns.net

Steps to setup a free SSL certificate from letsencrypt for the above domain:

1. Update package repositories.
apt update -y

2. Install the necessary Linux packages.
apt-get install apache2 certbot python3-certbot-apache

Note: Along with other packages, we are also installing Apache to run on port 80 on the Linux server. This is required to obtain the SSL certificates.

3. Run the following command to only obtain the certificates. Rest of the configuration will be done manually.
certbot certonly --apache

During this process, user will be asked to input the domain name for the SSL certificate. Enter your domain name:
cloudnepal.ddns.net

Certificates will be installed in following directory: /etc/letsencrypt/live/cloudnepal.ddns.net/

4. Enable following apache2 modules
a2enmod proxy proxy_http ssl

After enabling the SSL module, a default configuration file will be available at /etc/apache2/sites-available/default-ssl.conf .

5. Edit the default SSL configuration file.
vim /etc/apache2/sites-available/default-ssl.conf

Update the file with following code:

<IfModule mod_ssl.c>
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
<VirtualHost *:443>
ServerAdmin its@cloudnepal.ddns.net
#Update with your email account
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/cloudnepal.ddns.net/cert.pem
#Update with path to your SSL Certificate
SSLCertificateChainFile /etc/letsencrypt/live/cloudnepal.ddns.net/chain.pem
#Update with path to your SSL Certificate Chain FIle
SSLCertificateKeyFile /etc/letsencrypt/live/cloudnepal.ddns.net/privkey.pem
#Update with path to your private Key
ProxyPreserveHost On
ProxyPass / http://localhost:4000/
#The above command will proxy the connections received on port 443 to port 4000 which will forward the request to the Docker container running the Apache web server.
ProxyPassReverse / http://localhost:4000/
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>

Save and exit

6. Enable the configuration file
cd /etc/apache2/sites-available/
a2ensite default-ssl.conf

7. To forward http to https, edit the default configuration file for http
vim /etc/apache2/sites-enabled/000-default.conf

Update the file with following code:

<VirtualHost *:80>
    ServerName cloudnepal.ddns.net
#Update with your domain name
    ServerAdmin its@cloudnepal.ddns.net
#Update with your email account
    DocumentRoot /var/www/html
    Redirect permanent / https://cloudnepal.ddns.net
#Update with your domain name
    # The above code will redirect the requests from http to https
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

8. Restart Apache server
systemctl restart apache2

The final part is to update nextcloud's configuration file to force https

9. Enter the docker container running the nextcloud web server

docker exec -it nextsrv bash

10. Edit the config.php file

vim /var/www/html/config/config.php

( Note: Containers by default do not have vim. Before running the above command run the following command to install vim: apt update -y && apt install -y vim )

Add following lines to the config file

'overwriteprotocol' => 'https',
'overwrite.cli.url' => 'https://cloudnepal.ddns.net'

#Update with your domain name

Save and exit

Done !