AVX Support in your VPS/Server

Hi,
some noob question please.
Is it still secure to use v7.5.2?

I´m also a netcup user without AVX Support.

Thanx in advance.

Hello, everyone,

I am just starting to run my own server.
This server is currently only supposed to provide a Nextcloud via Cloudron.
The Ubuntu VCS server is from a Hoster.
I have used a finished image of the Hoster incl. Cloudron for installation.

Tl;dr
How do I protect the local data on the Nextcloud server from third party access? The internal Nextcloud encryption does not seem to be a good solution.

I am currently unsure about the security of the data in the Nextcloud App. For two reasons:

In the settings of the Nextcloud I have activated the encryption. Also the local encryption. I thought that this would also make the data safer from third parties. But the following paragraph in the Nextcloud documentation makes me doubt it:

Encryption keys are stored only on the Nextcloud server, eliminating exposure of your data to third-party storage providers. The encryption app does not protect your data if your Nextcloud server is compromised, and it does not prevent Nextcloud administrators from reading user’s files. This would require client-side encryption, which this app does not provide. If your Nextcloud server is not connected to any external storage services then it is better to use other encryption tools, such as file-level or whole-disk encryption.

source:
https://docs.nextcloud.com/server/18/admin_manual/configuration_files/encryption_configuration.html#before-enabling-encryption

Furthermore I found the following function in the manual of my Hoster:

"Access

With Linux you can set a new root password at any time
On the "Access" page you can request a new password for the root user of a Linux server at any time.

We have developed this function for you to enable you to access your system even in the "worst case".

Due to the way our system works, your server must be switched off, the hard disk must not be encrypted, and the operating system used must be a Linux derivative in any case.

But don't worry: The hard disk of your server is only accessed once for changing the password. Further changes or even reading processes are excluded. The new password will be shown to you once and will not be saved by us".

What do you think about this and how does it behave in interaction with Cloudron?
Do I understand correctly that, with access to the server, you can get the keys and thus easily decrypt the data?
If so, does Cloudron mitigate the problem because of its app structure?

My Hoster does not make the problem any better with his function to change the root password...

Do you have a solution for this? The recommended hard disk encryption requires the decryption password to be entered at every reboot and is therefore impractical. Or is there a trick here?

Thanks in advance!

Greetings

René

To make myself clearer:
I was only going to use fail2ban to block brute force SSH logins, as indicated.

Thanks @girish for your answer. But exactly over the page you gave me I came to fail2ban.
https://cloudron.io/documentation/security/#fail2ban

I installed and tested it and then found out that it does not work. If you write that it is normal that nothing is recorded in the file, it can not work either.

It's good to read that you are working on a firewall solution and that ssh keys can be used to secure access, but currently the given solution does not work with fail2ban, which can lead to a false sense of security.

Hello again,

and thank you very much for the quick help!

It worked for me after saving the App Location.

Greetings
René

Hello, everyone,

I have detected a problem on my Ubuntu server.
If the topic does not belong here, please let me know directly and delete it...
I was wondering why fail2ban does not lock anything. And then I noticed that even though there are incorrect logins via ssh, the file /var/log/auth.log remains empty.
I noticed other empty files:

alternatives.log, fontconfig.log, bootstrap.log, cloudron-setup.log.

But I have no idea if this is normal.

The server was installed the day before yesterday by netcup.de. Here the automatic installation with the Ubuntu 18.04 LTS Image with preinstalled Cloudron was used.
I just tried a new installation (after a snapshot). The problem remains.

But maybe this is all normal and I am doing something else wrong?!

Thanks for your help!

Greetings
René

Hello,

I need your help please with a setup warning in Nextcloud.
I have installed the contacts and calendar app.
And now I get the following warnings under Administration / Overview:

There are some warnings regarding your setup.

• Your web server is not properly set up to resolve "/.well-known/caldav". Further information can be found in the documentation.
• Your web server is not properly set up to resolve "/.well-known/carddav". Further information can be found in the documentation.

There is a link to the following documentation:
https://docs.nextcloud.com/server/18/admin_manual/issues/general_troubleshooting.html#service-discovery

But suppose, under Cloudron, I don't have any control over that at all, right?

Thank you very much in advance!

Greetings

René

I had the thought, because I don't know how Cloudron installs e.g. the Ubuntu updates, or performs other tasks on operating system level, for which you need at least sudo rights, as far as I know. But my Linux knowledge is not that good

Hello, everyone,

I am a new user and I am currently testing Cloudron.

During the installation via my Hoster the root password was sent to me by email. For security reasons I changed it directly. Cloudron was already pre-installed at this time.

Is that OK, or does Cloudron need the old password?

Thanks a lot in advance!

Greetings
René