Great Things Never Came From Comfort Zones.
I am IT administrator for a small company called "Family" and I also feel it as my obligation to enforce some level of privacy. As technology grows and invades every part of our private lives, we hand over private information without thinking twice. But on the other hand, it is easier than ever to take back that control and data.
Software, technology, and people have not only created outstanding services used on a daily basis, they also allow us to run and host services reliably at home or wherever you feel your data is save. It was never easier, everything you need is the courage to start reading, asking some questions and to follow your own curiosity.
This was the reason, why I started to migrate parts of my family network from Resilio Sync to Nextcloud. In contrary to Resilio Sync, Nextcloud allows not only to keep my data private, which I had already accomplished with Sync, but give my family a simple option to view, edit, update and most important - share - data.
Sharing data was something I haven't considered as important, because I just do not share much data with others, but the rest does. And as more pictures are being created and organized directly on mobile phones, this was something to address. Not addressing it, already lead to uploading files to services like OneDrive, Dropbox and others - which means loosing data I initially wanted to keep private.
I took an old netbook (Medion Akoya S1210) and installed Ubuntu 16.04 LTS on it. Because of the limited resources of the netbook, the nextcloud user data needs to be "outsourced" and therefore I am using a NAS via a permanent NFS mount.
Ubuntu and Nextcloud
I am using a NAS via NFS as a datastore
192.168.11.10:/Nextcloud /media/nextcloud-data nfs rw 0 0
I changed this to cron (daemon). Nextclouds webinterface is not accessed that often therefor the default method "AJAX" just doesn't make much sense. Also having full access to the underlying OS makes this even possible.
I am using WebDAV to migrate data from the old way data was synced and stored to Nextcloud. The data gets immediately recognized and no OCC scripts need to be executed.
Accessing Nextcloud files using WebDAV\
net use Z: \\example.com@ssl\nextcloud\remote.php\dav /user:youruser yourpassword
sudo -u www-data php occ files:scan --all
Hosting a service, which can be accessed publicly, needs some house-keeping. Hardening the service and operating system, luckily most of the things are already configured out-of-the box or only need special attention if you widen access from the outside.
Ways to verify your hardening was successful and are secure. Doing this is still not guaranteeing that you never get compromised.
It makes sense to use a firewall to secure hosted services as well as your network.
Nothing to add here
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on
tar -cpzf /home/ubuntuusername/ncserver_date +"%w"
.tar.gz -C /var/www/nextcloud .
tar -cpzf /home/ubuntuusername/ncdata_date +"%w"
.tar.gz -C /var/nc_data .
mysqldump --single-transaction -h localhost -unextcloud -pnextcloud nextcloud > /home/ubuntuusername/ncdb_date +"%w"
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off