Great Things Never Came From Comfort Zones.
I am IT administrator for a small company called “Family” and I also feel it as my obligation to enforce some level of privacy. As technology grows and invades every part of our private lives, we hand over private information without thinking twice. But on the other hand, it is easier than ever to take back that control and data.
Software, technology, and people have not only created outstanding services used on a daily basis, they also allow us to run and host services reliably at home or wherever you feel your data is save. It was never easier, everything you need is the courage to start reading, asking some questions and to follow your own curiosity.
This was the reason, why I started to migrate parts of my family network from Resilio Sync to Nextcloud. In contrary to Resilio Sync, Nextcloud allows not only to keep my data private, which I had already accomplished with Sync, but give my family a simple option to view, edit, update and most important - share - data.
Sharing data was something I haven’t considered as important, because I just do not share much data with others, but the rest does. And as more pictures are being created and organized directly on mobile phones, this was something to address. Not addressing it, already lead to uploading files to services like OneDrive, Dropbox and others - which means loosing data I initially wanted to keep private.
I took an old netbook (Medion Akoya S1210) and installed Ubuntu 16.04 LTS on it. Because of the limited resources of the netbook, the nextcloud user data needs to be “outsourced” and therefore I am using a NAS via a permanent NFS mount.
Ubuntu and Nextcloud
- System Requirements
- Ubuntu 16.04.4 LTS (Xenial Xerus)
- Installing Nextcloud on Ubuntu 16.04 LTS+ with Redis, APCu, SSL & Apache
- How To Install and Configure Nextcloud on Ubuntu 16.04
- How to Install NextCloud Server on Ubuntu 16.04
- Snappy Nextcloud
This is not being used, because I needed to have the option to mount SMB/CIFS shares, and this is not supported with the nextcloud snap yet.
I am using a NAS via NFS as a datastore
- Change data directory to use another disk partition
Even though I am not using the nextcloud snap, the information is still useful
- Setting Up NFS
I am using NFS instead of SMB mounts because it was just easier to setup
192.168.11.10:/Nextcloud /media/nextcloud-data nfs rw 0 0
- Mount Windows Shares Permanently
Even not using it, it could be useful to know how it works.
I changed this to cron (daemon). Nextclouds webinterface is not accessed that often therefor the default method “AJAX” just doesn’t make much sense. Also having full access to the underlying OS makes this even possible.
I am using WebDAV to migrate data from the old way data was synced and stored to Nextcloud. The data gets immediately recognized and no OCC scripts need to be executed.
Accessing Nextcloud files using WebDAV
net use Z: \\example.com@ssl\nextcloud\remote.php\dav /user:youruser yourpassword
You could also copy the files directly on the OS/filesystem layer and index them using nextcloud command line afterwards
sudo -u www-data php occ files:scan --all
Hosting a service, which can be accessed publicly, needs some house-keeping. Hardening the service and operating system, luckily most of the things are already configured out-of-the box or only need special attention if you widen access from the outside.
- Hardening and security guidance
- Best practices for hardening new sever in 2017
- Harden Ubuntu security for 16.04 server (The Complete Guide)
Security / Vulnerability Scans
Ways to verify your hardening was successful and are secure. Doing this is still not guaranteeing that you never get compromised.
- Check the security of your private Nextcloud server
- SSL Server Test
- Let’s Encrypt
- Barracuda Vulnerability Manager
It makes sense to use a firewall to secure hosted services as well as your network.
Nothing to add here
- Nextcloud 13 backup and restore
- Turn maintenance mode on:
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on
- Backup the webfolder:
tar -cpzf /home/ubuntuusername/ncserver_date +”%w”
.tar.gz -C /var/www/nextcloud .
- Backup the datafolder:
tar -cpzf /home/ubuntuusername/ncdata_date +”%w”
.tar.gz -C /var/nc_data .
- Backup the database:
mysqldump --single-transaction -h localhost -unextcloud -pnextcloud nextcloud > /home/ubuntuusername/ncdb_date +”%w”
- Turn maintenance mode off:
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off
- Turn maintenance mode on: