https://pve.proxmox.com/wiki/Linux_Container
tldr: In your proxmox instance:
pveam update
pveam available | grep cloud
# find owncloud template name and download it
pveam download local debian-11-turnkey-owncloud_17.1-1_amd64.tar.gz
Go to Proxmox UI and create CT using the downloaded template.
If you want to get rid of the unverified cert warnings then follow these instructions to became a CA and to generate a set of cert files.
openssl genrsa -des3 -out myCA.key 2048
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
Install PEM in all client devices (Android requires renaming to *.crt).
openssl genrsa -out owncloud.home.key 2048
openssl req -new -key owncloud.home.key -out owncloud.home.csr
Put this to owncloud.home.ext
:
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = owncloud.home
Then run:
openssl x509 -req -in owncloud.home.csr -CA myCA.pem -CAkey myCA.key \
-CAcreateserial -out owncloud.home.crt -days 825 -sha256 -extfile owncloud.home.ext
Then update the apache2 config:
cat /etc/apache2/sites-enabled/owncloud.conf
<VirtualHost *:443>
SSLEngine on
ServerAdmin webmaster@localhost
DocumentRoot /var/www/owncloud/
# ADD THE LINE BELOW
Include /etc/apache2/ssl_rules/ssl_owncloud_home.tld
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
</VirtualHost>
cat /etc/apache2/ssl_rules/ssl_owncloud_home.tld
SSLEngine on
# The line below seems irrelevant because SSLCertificateChainFile is deprecated
#SSLCertificateChainFile /etc/letsencrypt/live/mydom.tld/fullchain.pem
# Point to certs created using your CA
SSLCertificateKeyFile /root/privkey.pem #renamed from owncloud.home.key
SSLCertificateFile /root/cert.pem #renamed from owncloud.home.crt