[💡 Guide] How to move Nextcloud to an encrypted volume
-
@3246 said in [
Guide] How to move Nextcloud to an encrypted volume:You will manually need to mount this volume using the same command as in Step 2 when you restart your Cloudron!
Perhaps improve Step 2 with
fstabautomounting -
@robi that's an idea, although I think it is somewhat insecure to automatically mount the encrypted volume
-
@3246 right, then it's more about key management than convenience, and what you're actually preventing.
If the idea is to protect from offline data theft and disk imaging, then it's less relevant if it's (auto)mounted or not.
As long as it's online & mounted, it's readable.
Thanks for the great guide!
-
@3246 right, then it's more about key management than convenience, and what you're actually preventing.
If the idea is to protect from offline data theft and disk imaging, then it's less relevant if it's (auto)mounted or not.
As long as it's online & mounted, it's readable.
Thanks for the great guide!
@robi you are welcome, glad you found it useful and thanks for your feedback.
I want to prevent unauthorised access to the volume when the server is offline as well as somebody who might take the server out of its rack and boot it. If the volume automatically mounts, they have full access to the data if they can circumnavigate the login cough recovery mode cough
That's covering for physical access to the machine, in what likely would be a read-only, forensic access scenario by a 'bad' actor. In my case, it's a virtualised server, so not as likely to matter, unless they move the VM to a dedicated slice to get busy with it.
Granted, this is somewhat unlikely but being paranoid is better than being sorry
I am in the UK and storing professional data abroad (in nasty Europe no less - just kidding!) means encryption can cover the requirements nicely (as far as I know - I am not an expert in that field, so somebody please correct me if I'm wrong).
-
Hi @3246 Are you still using this setup? I'm interested in how it would work with an externally mounted Storage Box
@andreasdueren said in [
Guide] How to move Nextcloud to an encrypted volume:how it would work with an externally mounted Storage Box
I don't think that would be possible as I don't think it's possible to use storage boxes for the data directory
Only volumes with Mount Type EXT4 and NFS can be used as the data directory, as other Mount Types do not properly support file permissions.
-
@andreasdueren said in [
Guide] How to move Nextcloud to an encrypted volume:how it would work with an externally mounted Storage Box
I don't think that would be possible as I don't think it's possible to use storage boxes for the data directory
Only volumes with Mount Type EXT4 and NFS can be used as the data directory, as other Mount Types do not properly support file permissions.
@jdaviescoates I've been using it for my Nextcloud storage directory for a few years without problems now. Highly recommend.
-
@jdaviescoates I've been using it for my Nextcloud storage directory for a few years without problems now. Highly recommend.
@andreasdueren said in [
Guide] How to move Nextcloud to an encrypted volume:storage directory
Storage directory isn't the same as data directory though (and I noted "Step 5: Move your Nextcloud app's data directory")
-
@andreasdueren said in [
Guide] How to move Nextcloud to an encrypted volume:storage directory
Storage directory isn't the same as data directory though (and I noted "Step 5: Move your Nextcloud app's data directory")
@jdaviescoates Yes it's something else. But works well and I have never encountered any problems with Nextcloud and file permissions. This is my setup:
