Owncloud: Howto harden owncloud access with a ssh tunnel and squid

If you want to use a private secure owncloud (WebDAV Space Server) as Backup for all your devices you can harden the access thru a openssh Login with key auth and a squid as relay.

  • Install apache2, php5, mysql-Server, openssh, squid3
  • config Apache2 to listen on https://localhost:443
  • setup squid3  and config the Proxy to listen only on localhost:3128
  • install owncloud to /var/WWW with forced „https“ settings at the config.php
  • create ssh-keys to auth with password protected key to the SSH Server

If done, you can access the private Backup-Server via a Terminal/ Putty with the Tunneling Options

  1. $ssh -L 3128:localhost:3128 username@owncloudserver.home
  2. Open your Browser on your Client/PC with enabled Proxy usage = localhost 3128
  3. Connect the WebDAV by the URL https://localhost/ the owncloud Login should be displayed! Same with the WebDAV URL possible!

Advantage? You have a two factor protected Owncloud Access, with encryption inside a encrypted SSH Tunnel! Nobody should see files which are transmitted! Thats a tube inside a tube ..