[ale] local fileserver to cloud replacement?

DJ-Pfulio DJPfulio at jdpfu.com
Mon Mar 1 17:58:56 EST 2021 

On 3/1/21 4:03 PM, Chuck Payne via Ale wrote:
> Second on Nextcloud. You can find IPS that host it. It last has
> mobile and desktop apps for the users.
> 
> On Mon, Mar 1, 2021 at 3:56 PM James Taylor via Ale <ale at ale.org
> <mailto:ale at ale.org>> wrote:
> 
> I'm a big fan of nextcloud. No platform or megacorp lock-in, and a
> lot of security and collaboration options. There are number of hosted
> solutions, though I use and support self-hosted. -jt

Sorry, didn't mean to write so much ... 

I use nextcloud more for access/delivery than storage.  Don't think 
I'd trust the security to put it directly on the internet. Put it 
behind a VPN. The vast majority of the data available through the 
nextcloud instance is provided by read-only NFS mounts.

Every few months, I upgrade the nextcloud install. For the first few
years, it was 1-click in the GUI and felt really easy.  The last year
or so, the 1-click has never worked, addons for the new version aren't 
ready, php modules and php version upgrades are necessary.  And the 
next major upgrade will require a Maria/MySQL DBMS upgrade. Perhaps 
if you begin by keeping Nextcloud in a linux container of some sort 
and connect your data from outside into it, you can avoid some of 
these things, but DB-migrations will always be required.  That means 
adding and changing DB tables. How difficult that is will depend on 
the amount of data under management. Just to provide some storage 
ideas:
$ df -Th  # junk removed:
Filesystem                            Type      Size  Used Avail Use% Mounted on
/dev/vda1                             ext4       19G   16G  2.3G  88% /
romulus:/raid/media/M                 nfs4      1.8T  1.7T   12G 100% /M
romulus:/export/www/examp.com/gallery nfs4      151G  107G   36G  75% /P
istar:/d/D1/ebooks/Lib                nfs4      3.5T  3.5T   49G  99% /B

I'm not a php-guy, so my ignorance reflects my mistrust. I'd be much 
happier with perl or ruby webapps. NC is a complex platform for plugins.
I'm fairly surprised at how well it all works. Every once in a while, 
it doesn't work.

I haven't moved my office-productivity-suite stuff into Nextcloud, but
it is definitely on my list of things to do. No need for {X}-office 
on any desktops anymore. 

The full text searching in nextcloud sucks.  When you setup your trial 
instance, make that a priority.

The 2FA modules are really, really, easy to use with Nextcloud, 
especially U2F. However, if you enable it, some devices will need a 
pre-setup paper list for any access.
https://nextcloud.com/blog/security-in-nextcloud-how-to-block-99-9-of-attacks/

The android "files" client has some odd problems too. In landscape mode, 
the filename area is truncated when it makes ZERO sense. In portrait 
mode, all is fine.  Sync takes more time than you'd think. Sometimes 
wiping the local copies is required and starting over is needed. Had a 
sync error last night.
The NC talk client is pretty cool and integrates with the shared editing 
capabilities. NC-talk is almost a 1-click install and supports text, voice
and video chat. 

Might be worth giving each group their own NC server/VM to limit 
failures or upgrade risks. NC has an idea of federated servers, so 
this wouldn't prevent cross-org teams from communicating or sharing.

On desktops, I only use the webapp.  On Android, I have 1 page dedicated
to all the NC apps - each is a little different. I've played with 
the calendar and address book capabilities, but prefer to use Zimbra's
instead because it integrates with everything else much cleaner. Some 
coming changes to Zimbra's licensing will probably require some hard 
choices for many orgs.  Zimbra is my last 16.04 server, so in the next 
month I'll be forced to do something with it.  BTW, I don't allow 
Zimbra direct internet access either. All in/out SMTP goes through an 
email gateway.

Just saw some of the answered questions.

Mapped drive?  WebDAV - yuck. WebDAV security has always sucked.
https://null-byte.wonderhowto.com/how-to/exploit-webdav-server-get-shell-0204718/

Don't know about SSO. Did you LDAP with Zimbra and that was a pain.
$60/yr/user seems awfully cheap for a hosted, maintained, NC. Lots of 
places will sell you a pre-installed NC on a VPS for less.  Wouldn't 
hurt to try one of those out for $10-20/month for the VPS with a small 
group. Do the same with a self-hosted NC instance with another small 
group. See which everyone likes better.

Be certain you setup daily, automatic, versioned, backups. They should 
be "pulled" by the back server, never pushed.
https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/

If I were voting, I'd say ... keep your data on your network, on 
your equipment, on your servers, managed by people you trust to 
actually be capable of managing the servers, network security, backups 
and data.

"Cloud computing is careless computing."
 - RMS

IMHO.

More information about the Ale mailing list