In order to improve isolation and make it easier to maintain I’m using Docker, making the whole thing more portable and easy to bootstrap.
So let’s have fun!
In Feb 2015 Docker moved fig functionality into Docker Compose, it is a handy tool to deploy and manage small scenarios with multiple containers. You can define containers in a YAML file and use the tool to bring them up. It takes care of building/downloading images, and managing their lifecycle.
So as a requirement for next steps, you will have to install Docker if it’s not present in your system.
We will be using the officially supported Owncloud image from Docker Hub,
it provides several ways of deploying Owncloud, we will be using the default one (Apache).
docker-compose.yml will look like this:
This file basically defines two containers, one Owncloud stateless instance, serving the web, and one data volume container, holding the persistent data. You can read more about data volume containers in Docker’s documentation.
Exposing the 80 port makes it accessible from other
containers. Just note that
expose doesn’t publish the port to the host machine, it
just makes it accessible if you reach the container host.
restart setting will ensure that Owncloud container is restarted if, for some reason,
Also, through the use of
volumes_from, we mount volumes from
Now it’s time to bring it up, running:
It will bring the containers up (in detached mode). You can check the logs with:
If you want to know more usefult commands check Docker Compose doc.
With Owncloud running, it’s time to put a proxy in front of it, facing the Internet (or your LAN). This proxy will provide routing between all your internal services and will add a security layer with SSL termination.
I’ve created my own docker image for Caddy, feel free to fork it if you want :)
To add Caddy to our scenario just add this to the
We are using the
ports setting this time, unlike
expose, this will publish the ports
to the host machine, so you can access http[s]://your.host.ip
links setting is also important: It will create a
/etc/hosts entry with an alias for the IP
of the configured container(s).
Most probably you have noticed the
Caddyfile volume, we use that for exposing
a Caddy settings file inside the container.
This syntax is quite straight forward but if you are looking at more complex set ups, check caddy docs.
The SSL configuration is just the
tls line. This sole line tells Caddy to automatically
follow Let’s Encrypt ACME protocol and get a valid certificate for your site,
including the automated renewal.
Also, as pointed out by abiosoft, caddy folder volume will persist certificates between executions, making sure you don’t reach API rate limits.
docker-compse up -d again to bring Caddy up, the command will not affect the
containers that already running.
Now you should be able to access your site through HTTPS too! go to https://your.hostname.com and check it!