Great Things Never Came From Comfort Zones.

I am IT administrator for a small company called “Family” and I also feel it as my obligation to enforce some level of privacy. As technology grows and invades every part of our private lives, we hand over private information without thinking twice. But on the other hand, it is easier than ever to take back that control and data.

Software, technology, and people have not only created outstanding services used on a daily basis, they also allow us to run and host services reliably at home or wherever you feel your data is save. It was never easier, everything you need is the courage to start reading, asking some questions and to follow your own curiosity.

This was the reason, why I started to migrate parts of my family network from Resilio Sync to Nextcloud. In contrary to Resilio Sync, Nextcloud allows not only to keep my data private, which I had already accomplished with Sync, but give my family a simple option to view, edit, update and most important - share - data.

Sharing data was something I haven’t considered as important, because I just do not share much data with others, but the rest does. And as more pictures are being created and organized directly on mobile phones, this was something to address. Not addressing it, already lead to uploading files to services like OneDrive, Dropbox and others - which means loosing data I initially wanted to keep private.

Setup

I took an old netbook (Medion Akoya S1210) and installed Ubuntu 16.04 LTS on it. Because of the limited resources of the netbook, the nextcloud user data needs to be “outsourced” and therefore I am using a NAS via a permanent NFS mount.

Installation

Base System

Ubuntu and Nextcloud

Configuration

NFS Datastore

I am using a NAS via NFS as a datastore

Background Jobs

I changed this to cron (daemon). Nextclouds webinterface is not accessed that often therefor the default method “AJAX” just doesn’t make much sense. Also having full access to the underlying OS makes this even possible.

Migration

WebDAV

I am using WebDAV to migrate data from the old way data was synced and stored to Nextcloud. The data gets immediately recognized and no OCC scripts need to be executed.

  • Accessing Nextcloud files using WebDAV
    net use Z: \\example.com@ssl\nextcloud\remote.php\dav /user:youruser yourpassword

  • File Operations
    You could also copy the files directly on the OS/filesystem layer and index them using nextcloud command line afterwards
    sudo -u www-data php occ files:scan --all

House-Keeping

Hardening Nextcloud

Hosting a service, which can be accessed publicly, needs some house-keeping. Hardening the service and operating system, luckily most of the things are already configured out-of-the box or only need special attention if you widen access from the outside.

Security / Vulnerability Scans

Ways to verify your hardening was successful and are secure. Doing this is still not guaranteeing that you never get compromised.

Network Firewall

It makes sense to use a firewall to secure hosted services as well as your network.

Backup

Nothing to add here

  • Nextcloud 13 backup and restore
    • Turn maintenance mode on: sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on
    • Backup the webfolder: tar -cpzf /home/ubuntuusername/ncserver_date +”%w”.tar.gz -C /var/www/nextcloud .
    • Backup the datafolder: tar -cpzf /home/ubuntuusername/ncdata_date +”%w”.tar.gz -C /var/nc_data .
    • Backup the database: mysqldump --single-transaction -h localhost -unextcloud -pnextcloud nextcloud > /home/ubuntuusername/ncdb_date +”%w”.sql
    • Turn maintenance mode off: sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off

Useful

Command Line