Deploying ownCloud on AWS – A Step-by-Step Guide


This guide provides a detailed walkthrough for deploying the ownCloud application on AWS using a 2-tier architecture. It includes both a conceptual overview and concrete implementation instructions based on best practices.
1. OwnCloud Architecture Overview
ownCloud is an open-source file-sharing and collaboration platform that supports secure file access across devices, providing:
Universal file access across multiple storage systems
Enterprise-grade security and control
Integration with existing infrastructure (LDAP/AD, SharePoint, etc.)
Alternative to public cloud services like Dropbox
Key components in ownCloud architecture:
Core Server: PHP web application with processing engine
Storage Abstraction: Supports filesystems (NFS, ZFS), object storage (S3, Swift), and external storage (SharePoint, FTP)
Database Layer: Stores metadata and user information
Web Interface: Management console and user portal
It offers a seamless user interface, advanced permission control, encryption, LDAP/AD integration, WebDAV, and more.
2. Project Architecture Overview (Hosted on AWS)
This implementation deploys ownCloud on AWS with:
High availability design
Security best practices (public/private subnets)
Scalable components
Managed services where possible
3. Architecture Diagram
Components shown in diagram:
VPC with public and private subnets
Internet Gateway and NAT Gateway
EC2 instances in appropriate subnets
Security groups restricting traffic
Route tables for network traffic control
4. EC2 Instances & Subnet Configuration
EC2 Instances
App EC2 (Public Subnet): Ubuntu 22.04 LTS, Apache2, PHP, ownCloud
DB EC2 (Private Subnet): Ubuntu 22.04 LTS, MySQL Server
Subnets
Public Subnet (10.0.1.0/24): App EC2 + NAT Gateway + Internet Gateway
Private Subnet (10.0.2.0/24): DB EC2 only
5. Security Groups & Route Tables
Security Groups
App SG: Allow HTTP (80), HTTPS (443), SSH (22 - restricted)
DB SG: Allow MySQL (3306) only from App SG
Route Tables
Public Route Table: 0.0.0.0/0 → Internet Gateway
Private Route Table: 0.0.0.0/0 → NAT Gateway
6. Network ACLs & VPC
VPC
CIDR:
10.0.0.0/16
DNS Hostnames Enabled
NACLs
Public Subnet NACL: Allow inbound HTTP, HTTPS, SSH; outbound all
Private Subnet NACL: Allow inbound MySQL (3306) from public subnet
7. Internet Gateway & NAT Gateway
Internet Gateway: Attached to VPC for public access
NAT Gateway: In public subnet for private subnet to reach internet
8. MySQL & Apache2 Service Status
On respective EC2 instances:
sudo systemctl status mysqld
sudo systemctl status httpd
Ensure both services are enabled and running.
9. Step-by-Step Deployment Guide
I'm assuming you are familiar with the AWS console.
A. VPC and Subnet Setup
Create a VPC (
10.0.0.0/16
)Create two subnets:
Public Subnet:
10.0.1.0/24
Private Subnet:
10.0.2.0/24
Enable auto-assign public IP for the public subnet
B. Internet and NAT Gateways
Create and attach an Internet Gateway to the VPC
Allocate an Elastic IP and create a NAT Gateway in the public subnet
C. Route Tables
Create two route tables:
Public RT → IGW (
0.0.0.0/0
)Private RT → NAT Gateway (
0.0.0.0/0
)
Associate public RT with public subnet, private RT with private subnet
D. EC2 Instance Launch
Launch App EC2 in public subnet (Amazon Linux 2)
- Allow ports 22, 80, 443 via Security Group
Launch DB EC2 in private subnet
- Allow port 3306 only from App SG
E. Configure App EC2 (ownCloud)
Documentation for ownCloud server installation ~ You can refer to this document for better hand-holding!
SSH into App EC2
Install Apache, PHP, and required PHP modules:
# Update system and install dependencies
sudo apt update && sudo apt upgrade -y
sudo add-apt-repository ppa:ondrej/php -y
sudo apt update
- Install LAMP stack and required modules
sudo apt install -y apache2 libapache2-mod-php7.4 mariadb-server openssl redis-server \
wget php7.4 php7.4-imagick php7.4-common php7.4-curl php7.4-gd php7.4-imap \
php7.4-intl php7.4-json php7.4-mbstring php7.4-gmp php7.4-bcmath php7.4-mysql \
php7.4-ssh2 php7.4-xml php7.4-zip php7.4-apcu php7.4-redis php7.4-ldap php-phpseclib
- Configure Apache
sudo a2enmod dir env headers mime rewrite setenvif
sudo systemctl restart apache2
- Download and extract ownCloud:
cd /var/www/html
sudo rm *
sudo wget https://download.owncloud.com/server/stable/owncloud-complete-latest.tar.bz2
sudo tar -xjf owncloud-complete-latest.tar.bz2
sudo chown -R www-data:www-data owncloud
sudo systemctl restart apache2
F. Configure DB EC2 (MySQL)
SSH into DB (EC2 instance via bastion or from public instance)
Install and start MySQL:
# Secure MySQL installation
sudo mysql_secure_installation
- Create DB and user for ownCloud:
sudo mysql -u root -p
CREATE DATABASE owncloud_db;
CREATE USER 'owncloud_user'@'%' IDENTIFIED BY 'secure_password';
GRANT ALL PRIVILEGES ON owncloud_db.* TO 'owncloud_user'@'%';
FLUSH PRIVILEGES;
EXIT;
G. Finalize Setup (ownCloud Configuration)
- Access the ownCloud web interface at
http://<AppInstancePublicIP>/owncloud
and complete setup:
Create an admin account
Enter database details:
Database user: owncloud_user
Database password: secure_password
Database name: owncloud_db
Host: private IP of database instance
Complete installation and login
H. Verification Steps
MySQL Service Status:
On database instance:sudo systemctl status mysql
Apache2 Service Status:
On application instance:sudo systemctl status apache2
Application Access:
Verify you can access ownCloud via browser at public IPNetwork Connectivity:
Test connection from app instance to DB:telnet <db-private-ip> 3306
10. Future Enhancements
High Availability
Implement multi-AZ deployment
Add Elastic Load Balancer with auto-scaling
Use Amazon RDS for managed database service
Storage Options
Integrate with S3 for object storage
Implement EFS for shared file storage
Security Improvements
Set up AWS WAF for web application firewall
Implement AWS Shield for DDoS protection
Enable AWS CloudTrail for logging
Monitoring
Configure Amazon CloudWatch alarms
Set up SNS notifications for critical events
Backup & Recovery
Implement AWS Backup for automated snapshots
Create a disaster recovery plan with cross-region replication
11. Cleanup Instructions
To avoid ongoing charges, delete all resources in the following order:
1. Terminate EC2 Instances
Must be done first since they depend on other resources.
aws ec2 terminate-instances --instance-ids i-123456 i-789012
2. Delete NAT Gateway
Must be deleted before releasing its Elastic IP.
aws ec2 delete-nat-gateway --nat-gateway-id nat-123456
3. Release Elastic IP
Can only be released after NAT Gateway is deleted.
aws ec2 release-address --allocation-id eipalloc-123456
4. Detach & Delete Internet Gateway
Must be detached from the VPC before deletion.
aws ec2 detach-internet-gateway --internet-gateway-id igw-123456 --vpc-id vpc-123456
aws ec2 delete-internet-gateway --internet-gateway-id igw-123456
5. Delete Subnets
Must be empty before deletion; depends on terminated instances.
aws ec2 delete-subnet --subnet-id subnet-123456
aws ec2 delete-subnet --subnet-id subnet-789012
6. Delete Route Tables
The default route table can't be deleted, but custom ones must go before the VPC.
aws ec2 delete-route-table --route-table-id rtb-123456
7. Delete Security Groups
Can only be deleted after dependent resources are gone.
aws ec2 delete-security-group --group-id sg-123456
8. Delete VPC
Last step: fails if any dependencies remain.
aws ec2 delete-vpc --vpc-id vpc-123456
Key points to remember during deletion:
NAT Gateway must be deleted before releasing its Elastic IP (AWS won’t allow releasing IPs attached to a NAT Gateway).
Wait for NAT Gateway deletion to complete.
Internet Gateway must be detached before deletion.
Subnets should be deleted before route tables (some route tables may be tied to subnets).
12. Summary
This guide demonstrated how to deploy ownCloud securely using AWS IaaS resources by isolating services across public and private subnets, implementing security best practices, and planning for scalability.
By following this guide, users can reliably deploy ownCloud on AWS in a production-ready environment.
🙌 Final Thoughts
This project was a hands-on journey into building a secure and scalable cloud architecture using AWS — deploying ownCloud from scratch with complete infrastructure setup, security configuration, and service integration.
If you found this helpful or have any suggestions, feel free to connect with me!
I try to regularly post about:
☁️ Cloud Projects (AWS, DevOps, Architecture)
🛠️ Automation & Infrastructure as Code
🚀 Learnings from real-world deployments
Let’s grow together in the cloud journey!
Author: Soham Roy
📎 My LinkedIn Profile: www.linkedin.com/in/sohamroy-cloudopsjournal
Subscribe to my newsletter
Read articles from Soham Roy directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by

Soham Roy
Soham Roy
Hi, I’m Soham Roy—a cloud and DevOps practitioner, passionate about making Cloud(AWS/Azure/GCP) infrastructure and automation accessible to everyone. I write detailed, visual guides on setting up cloud environments, automating operations, and building CI/CD pipelines. My goal: help you master cloud technologies, boost efficiency, and avoid common pitfalls!