For those of us who do not like to share they private files with companies (or even secret services…) with dubious privacy rules, there is an alternative called ownCloud, since a few days now in version 6.0. It allows you to host many of these convenient “cloud” features on a server of your liking. The optimum control over your data is reached when running it on a “server” in your own home. For this, a Raspberry Pi (“Raspy”) seems the perfect hardware to start. It is a very compact, cheap and power-efficient computer that works well for not too busy server purposes. In my case, I wanted to start simple with just a Dropbox replacement. Here I describe briefly what I did to configure a self-hosted Raspy behind a NAT router using dynamical DNS and of course SSL encrypted connections with an emphasis on the parts that weren’t trivial…
- Installing and configuring the Raspy including ownCloud was no problem at all. There are plenty of good descriptions on the web.
- The first tricky part was the network configuration. I registered ileo.no-ip.biz with no-ip.biz, a dynamical DNS provider and configured my DSL modem / router to forward port 8443 to 443 of the Raspy’s local IP address, i.e. ileo.no-ip.biz:8443 is forwarded to 192.168.1.10:443. This was all fine, except that I couldn’t reach my Raspy my new domain from inside my LAN. It turned out the reason was that the router needed to support what is referred to as either “reverse NAT” or “NAT loopback”. This is needed so that the router does the port forwarding not just for requests from the internet to the LAN but also vice versa. After googling for a while I didn’t seem to find a way to tell my router (a “Alice IAD WLAN 3231”) to activate NAT loopback.
But after a few days, without having changed anything on the router, it suddenly worked…Unfortunately no miracle had happened, I had simply forgotten that I had edited /etc/hosts on my Mac. A first simple workaround was then to have a script run by cron every minute that checks the network name and adapts the /etc/hosts to my environment. However, this of course doesn’t work for any of my iDevices and it is not a very elegant solution anyway. My second attempt was therefore to install a light-weight DNS server on my Raspy (I am using dnsmasq) which works fine. I found these pages useful for configuring dnsmasq.
- The second problem was the configuration of the SSL connection. Of course you want your webserver to serve its content encrypted (otherwise you might as well stick with Dropbox…). There are good instructions on the web how one enables SSL for Apache using self-signed certificates (i.e. avoiding to pay 50-100 USD/EUR per year for a commercial certificate). Following these instructions, I could connect to my Raspy using HTTPS. Of course a warning came, that the certificate was not trusted. Here the crucial thing is to not just click “Continue”, but check the box at “Always accept …” and confirm with your Mac’s admin account (after verifying that the certificate is yours, of course…). Only then would the Mac ownCloud desktop sync client start to establish a connection to the Raspy.
Updated on 2014-01-03