Secure Remote File Sharing Setup Help Needed

[Kurt_31]

I'll try to keep this brief and to the point.

 

I'm looking for a file sharing solution. After lots of browsing and reading I'm still lost on what would be best for our needs.

 

I wish to store files at home, but have them accessible to view and edit by 3 users (1 locally/remotely and the other 2 remotely). Currently relying on emailing files back and forth which as you can imagine can get quite unorganised and messy quickly. Ideally looking for simplicity for the users to connect and access the files with some form of authentication. Setup will be handled by my self, so that can be more difficult and complicated as I'm able to learn what is needed.

 

I have 2 DDR3 based pc's that I can repurpose as needed. I have no problem purchasing software if needed, however I do believe this can be achieved without doing so.

 

Whilst I am competent with computers I'm new to this side of things and will need a bit of coaching.

 

Any help, tips or a point in the right direction is muchly appreciated,

Thanks in advance,

Kurt.

[Master Disaster]

https://owncloud.com/

 

Its essentially your own private dropbox where you host your own files on your own hardware.

 

Another option is setting up a basic SMB network share and a VPN server to dial in for remote access.

[Pixel5]

before you dive to deep into this make sure you have a fast enough upload speed for this.

Anything below 20mbit/s will be so slow you can basically not do it at all.

[Eigenvektor]

43 minutes ago, Kurt_31 said:

I'm looking for a file sharing solution. After lots of browsing and reading I'm still lost on what would be best for our needs.

Currently relying on emailing files back and forth which as you can imagine can get quite unorganised and messy quickly.

You haven't really specified what your needs are. What types of files are you emailing back and forth and for what purpose?

 

Because it almost sounds like some form of collaborative work on the same file. In this case something like GitLab might be far superior to regular file sharing.

[Kurt_31]

3 minutes ago, Pixel5 said:

before you dive to deep into this make sure you have a fast enough upload speed for this.

Anything below 20mbit/s will be so slow you can basically not do it at all.

 

Not something I had even considered. I get confused with the units, Will this suffice?

[Pixel5]

2 minutes ago, Kurt_31 said:

 

Not something I had even considered. I get confused with the units, Will this suffice?

yes that would be ok, these are Megabits, if you want to convert to Megabytes you need to divide by 8 so you would get a bit more then 2.3mb/s for your upload which will be fine for smaller files but if you wanna have stuff like a few gigabytes of video files on there and people will access this they will have to wait a while.

 

[Eigenvektor]

4 minutes ago, Kurt_31 said:

Not something I had even considered. I get confused with the units, Will this suffice?

It's fine. Also really depends on what types of files you're talking about. If you're emailing files back and forth right now, I doubt you'll have issues with sharing them over e.g. ownCloud. If you're talking about text files a few kB in size then this is really no issue. If you're talking about movies that are GBs in size, then even 20 Mbps might feel a bit slow.

[Master Disaster]

1 minute ago, Pixel5 said:

yes that would be ok, these are Megabits, if you want to convert to Megabytes you need to divide by 8 so you would get a bit more then 2.3mb/s for your upload which will be fine for smaller files but if you wanna have stuff like a few gigabytes of video files on there and people will access this they will have to wait a while.

 

They're already emailing the files to each other which means their internet speeds can handle the files.

[Kurt_31]

5 minutes ago, Eigenvektor said:

You haven't really specified what your needs are. What types of files are you emailing back and forth and for what purpose?

 

Because it almost sounds like some form of collaborative work on the same file. In this case something like GitLab might be far superior to regular file sharing.

Sorry, I should of mentioned that. It'll be primarily used for word documents and pdf files. There will not be simultaneous editing of files, just as files are updated the other users may need to view the file to confirm changes. Also to be used so users can print or download the latest version of a document/pdf.

 

Cheers.

[Eigenvektor]

8 minutes ago, Kurt_31 said:

Sorry, I should of mentioned that. It'll be primarily used for word documents and pdf files. There will not be simultaneous editing of files, just as files are updated the other users may need to view the file to confirm changes. Also to be used so users can print or download the latest version of a document/pdf.

In that case ownCloud should be just fine. Since it silently synchronizes in the background you don't really need to worry too much about upload speeds either.

 

If you are familiar with Git then GitLab might be a consideration, because it gives you file history and a review process for accepting changes. But if you're not familiar with how Git works (or e.g. GitHub) then this is probably overkill. It's also not really suited for non-plaintext formats like Word and PDF.

[Akolyte]

14 minutes ago, Kurt_31 said:

Sorry, I should of mentioned that. It'll be primarily used for word documents and pdf files. There will not be simultaneous editing of files, just as files are updated the other users may need to view the file to confirm changes. Also to be used so users can print or download the latest version of a document/pdf.

 

Cheers.

Are you looking to host this yourself?  What kind of infrastructure do you have in-place to ensure the security of your network? 

 

NextCloud would be the easiest to set-up, you can also set-up an office-suite which will allow a kind-of OneDrive-sort-of collaborative file editing if that's a perk.  

 

The only downsides is you'd be required to set-up a database unless you want to use the built in sqlLite.  

 

Another alternative, that I personally prefer is minio, it's a locally hosted S3 solution if you've heard of AWS S3.  It's very easy to set-up and you can define detailed policies so users can access only what they need to. 

 

The main perk of setting up S3, is it's very versatile, and it can be used for other things such as backups and websites as an example.  It's a very popular and cheap solution for data that isn't hot.   This means you could use it to backup your own workstations and computers as well, even host websites, or tier off cold data from your NAS to it. 

 

You can get applications that would allow users to mount S3 buckets to their PC as drives, which would make it natural and easy to share files.   

 

And you can also implement more advanced features such as WORM (write-once read many) which is normally used by enterprises, public sector, banks, etc.   As it allows you to define a period of time where a file cannot be overwritten, each change is written as another layer on-top of the previous object.  

 

This means you could entrust sensitive documents that must be preserved in your minio server, and ensure that changes cannot be overwritten and you will always have every copy of the file for the defined retention period.  Usually a number of years. 

 

The only downside of this of course is that you must have enough space to keep up with the file changes.  But the benefits outweigh the cons in my opinion for any sensitive data, worm is a popular solution for preventing sensitive data being overwritten by ransomware. 

 

Let me know if you're up to deploy any of these solutions, both are of course free provided you have the infrastructure in place to host them.  

 

Minio: MinIO | High Performance, Kubernetes Native Object Storage

NextCloud: Nextcloud

[Kurt_31]

1 minute ago, Eigenvektor said:

In that case ownCloud should be just fine. Since it silently synchronizes in the background you don't really need to worry too much about upload speeds either.

 

If you are familiar with Git then GitLab might be a consideration, because it gives you file history and a review process for accepting changes. But if you're not familiar with how Git works (or e.g. GitHub) then this is probably overkill.

Yeah own cloud seems to be the go then, the interface looks nice and has the features we need. Am I correct in assuming that I install the owncloud server package on one of my spare pc's? Also, just to be safe, how secure is this option of going with owncloud?

 

Cheers

[Master Disaster]

1 minute ago, Kurt_31 said:

Yeah own cloud seems to be the go then, the interface looks nice and has the features we need. Am I correct in assuming that I install the owncloud server package on one of my spare pc's? Also, just to be safe, how secure is this option of going with owncloud?

 

Cheers

You'll need a basic Windows install (you can do Linux or macOS if you want to but Windows is the easier option) running a webserver stack (something like WAMP) and you'll need to forward port 8080 through your firewalls (port can be changed).

 

Once the webserver is running Owncloud will handle file and folder permissions for you.

 

One final optional thing, you might want to look into a free DDNS service if your ISP provides a dynamic IP, this means that you can resolve your server to a hostname (myhost.xxx.xxx) instead of an IP and if your IP changes the DDNS will handle swapping the domain name seamlessly for you.

 

I realise it sounds like a lot of work but actually nothing here is too hard and its a great skill to have in the bag.

[Kurt_31]

6 minutes ago, Akolyte said:

Are you looking to host this yourself?  What kind of infrastructure do you have in-place to ensure the security of your network? 

 

NextCloud would be the easiest to set-up, you can also set-up an office-suite which will allow a kind-of OneDrive-sort-of collaborative file editing if that's a perk.  

 

The only downsides is you'd be required to set-up a database unless you want to use the built in sqlLite.  

 

Another alternative, that I personally prefer is minio, it's a locally hosted S3 solution if you've heard of AWS S3.  It's very easy to set-up and you can define detailed policies so users can access only what they need to. 

 

The main perk of setting up S3, is it's very versatile, and it can be used for other things such as backups and websites as an example.  It's a very popular and cheap solution for data that isn't hot.   This means you could use it to backup your own workstations and computers as well, even host websites, or tier off cold data from your NAS to it. 

 

You can get applications that would allow users to mount S3 buckets to their PC as drives, which would make it natural and easy to share files.   

 

And you can also implement more advanced features such as WORM (write-once read many) which is normally used by enterprises, public sector, banks, etc.   As it allows you to define a period of time where a file cannot be overwritten, each change is written as another layer on-top of the previous object.  

 

This means you could entrust sensitive documents that must be preserved in your minio server, and ensure that changes cannot be overwritten and you will always have every copy of the file for the defined retention period.  Usually a number of years. 

 

The only downside of this of course is that you must have enough space to keep up with the file changes.  But the benefits outweigh the cons in my opinion for any sensitive data, worm is a popular solution for preventing sensitive data being overwritten by ransomware. 

 

Let me know if you're up to deploy any of these solutions, both are of course free provided you have the infrastructure in place to host them.  

 

Minio: MinIO | High Performance, Kubernetes Native Object Storage

NextCloud: Nextcloud

All I have is a basic home network, just the ISP provided router. I have 2 spare pc's which I can utilise and ideally would like to host the files here on my own hardware. I have about 6 or so hard drives laying around varying from 500gb-3TB although 500gb would easily meet our needs short term. Having the ability to give users read only permissions or having folders only accessible to certain users would be ideal also.

 

I've not heard of S3, i will look into it now.

 

Cheers

[Eigenvektor]

To add to what @Master Disaster said: Ideally you want a static IP and a host name and e.g. an actual HTTPS certificate (Let's Encrypt). If that's not possible, you could go with a DDNS provider or alternatively rent a VPS somewhere.

 

Communication between the ownCloud server and clients should be encrypted (HTTPS). Additionally you can set up ownCloud to encrypt files on the server. So this should be pretty secure, even if you decide to host it on a VPS instead of your own hardware.

 

2 minutes ago, Kurt_31 said:

I've not heard of S3, i will look into it now.

S3 is Amazon S3 (i.e. one of many AWS services). So this will cost a small fee each month, similar to going with a VPS. The files will then be hosted on an Amazon server. The files are encrypted but you don't hold the encryption key. On the other hand you can be fairly certain that Amazon's security is probably better than your own configuration, especially if you're new to this.

[Kurt_31]

5 minutes ago, Master Disaster said:

You'll need a basic Windows install (you can do Linux or macOS if you want to but Windows is the easier option) running a webserver stack (something like WAMP) and you'll need to forward port 8080 through your firewalls (port can be changed).

 

Once the webserver is running Owncloud will handle file and folder permissions for you.

 

One final optional thing, you might want to look into a free DDNS service if your ISP provides a dynamic IP, this means that you can resolve your server to a hostname (myhost.xxx.xxx) instead of an IP and if your IP changes the DDNS will handle swapping the domain name seamlessly for you.

 

I realise it sounds like a lot of work but actually nothing here is too hard and its a great skill to have in the bag.

Setup is always a bit of work but fortunately I quite enjoy learning new things. My ISP does use a dynamic IP so this is something I will have to do. I am familiar with port forwarding. 

 

Have also come across a service called NextCloud, which seems to be created by the original author of owncloud, is this a better option?

 

Fortunately both spare pc's currently have Windows 10 Home installed.

 

So to summarise, I need to setup a 'Webserver stack' on one of these pc's (i'll need to google that one), install owncloud through that (port forward necessary ports) and then the rest should all be setup within owncloud itself. Oh and setup a DDNS service.

[Kurt_31]

45 minutes ago, Akolyte said:

Are you looking to host this yourself?  What kind of infrastructure do you have in-place to ensure the security of your network? 

 

NextCloud would be the easiest to set-up, you can also set-up an office-suite which will allow a kind-of OneDrive-sort-of collaborative file editing if that's a perk.  

 

The only downsides is you'd be required to set-up a database unless you want to use the built in sqlLite.  

 

Another alternative, that I personally prefer is minio, it's a locally hosted S3 solution if you've heard of AWS S3.  It's very easy to set-up and you can define detailed policies so users can access only what they need to. 

 

The main perk of setting up S3, is it's very versatile, and it can be used for other things such as backups and websites as an example.  It's a very popular and cheap solution for data that isn't hot.   This means you could use it to backup your own workstations and computers as well, even host websites, or tier off cold data from your NAS to it. 

 

You can get applications that would allow users to mount S3 buckets to their PC as drives, which would make it natural and easy to share files.   

 

And you can also implement more advanced features such as WORM (write-once read many) which is normally used by enterprises, public sector, banks, etc.   As it allows you to define a period of time where a file cannot be overwritten, each change is written as another layer on-top of the previous object.  

 

This means you could entrust sensitive documents that must be preserved in your minio server, and ensure that changes cannot be overwritten and you will always have every copy of the file for the defined retention period.  Usually a number of years. 

 

The only downside of this of course is that you must have enough space to keep up with the file changes.  But the benefits outweigh the cons in my opinion for any sensitive data, worm is a popular solution for preventing sensitive data being overwritten by ransomware. 

 

Let me know if you're up to deploy any of these solutions, both are of course free provided you have the infrastructure in place to host them.  

 

Minio: MinIO | High Performance, Kubernetes Native Object Storage

NextCloud: Nextcloud

Just re-read you post, NextCloud seems like the best solution for our needs. I assume there's plenty of tutorials on setting this up so i'm going to dive into that now. Thanks for your help

[Akolyte]

1 minute ago, Kurt_31 said:

Just re-read you post, NextCloud seems like the best solution for our needs. I assume there's plenty of tutorials on setting this up so i'm going to dive into that now. Thanks for your help

Yeah nextcloud is probably best. 

 

Just a tip, I would highly discourage using Windows 10 for your web server in case you were thinking of doing that.  Install something like Fedora or Ubuntu on it instead - a pro is that many tutorials would already be assuming your using Ubuntu or an alternative. 

 

Going Cloud hosted might be a good solution too if you prefer.  You can check-out NextCloud's community providers here GitHub - nextcloud/providers: community-maintained list of Nextcloud providers

[Kurt_31]

@Eigenvektor @Akolyte @Master Disaster

 

Thank you all very much for your help, really appreciate, I think I have enough info to get started now. 

 

If I get stuck I'll be sure to post in here again!

 

Once again many thanks!

 

Cheers.

 

[Pixel5]

1 hour ago, Master Disaster said:

They're already emailing the files to each other which means their internet speeds can handle the files.

there is no correlation between emailing files and downloading them directly from someones own cloud.

for the emails its just the sender that will wait till the file is uploaded and the receiver gets it from the email server which is usually fast.

With own cloud we would move all files transfers directly through the internet connection of the one that person that is hosting it.

If multiple people access files at the same time they will all slow each other down and everyone is waiting longer, that is not true when they access the files they received via email.

 

on top of that if OP sends an email with files to multiple people he will only need to upload the files once, with own cloud everyone accessing a file needs to download the entire file from OP.

[Master Disaster]

4 minutes ago, Pixel5 said:

there is no correlation between emailing files and downloading them directly from someones own cloud.

for the emails its just the sender that will wait till the file is uploaded and the receiver gets it from the email server which is usually fast.

With own cloud we would move all files transfers directly through the internet connection of the one that person that is hosting it.

If multiple people access files at the same time they will all slow each other down and everyone is waiting longer, that is not true when they access the files they received via email.

 

on top of that if OP sends an email with files to multiple people he will only need to upload the files once, with own cloud everyone accessing a file needs to download the entire file from OP.

True but email has a hard 30MB file size limit, when you're dealing with files that small bandwidth is almost inconsequential.

[Master Disaster]

1 hour ago, Eigenvektor said:

To add to what @Master Disaster said: Ideally you want a static IP and a host name and e.g. an actual HTTPS certificate (Let's Encrypt). If that's not possible, you could go with a DDNS provider or alternatively rent a VPS somewhere.

 

Communication between the ownCloud server and clients should be encrypted (HTTPS). Additionally you can set up ownCloud to encrypt files on the server. So this should be pretty secure, even if you decide to host it on a VPS instead of your own hardware.

 

S3 is Amazon S3 (i.e. one of many AWS services). So this will cost a small fee each month, similar to going with a VPS. The files will then be hosted on an Amazon server. The files are encrypted but you don't hold the encryption key. On the other hand you can be fairly certain that Amazon's security is probably better than your own configuration, especially if you're new to this.

I managed to get a SSL Cert for my DDNS domain, I was 99.99999% sure they'd refuse since technically its a sub domain but nope, they issued it.

[Eigenvektor]

6 minutes ago, Master Disaster said:

True but email has a hard 30MB file size limit, when you're dealing with files that small bandwidth is almost inconsequential.

True, but technically incorrect. That is a setting of the email server and could be increased above that, but you are right that most providers have a fairly small limit. Afaik Google limits sending to 25 MB but you can receive up to 50 MB.

 

16 minutes ago, Pixel5 said:

for the emails its just the sender that will wait till the file is uploaded and the receiver gets it from the email server which is usually fast.

On the other hand when I'm sending a large email I am "blocked" until the upload is done. With ownCloud/NextCloud the files will be synchronized silently in the background, so unless you need the file right now you typically don't even notice the delay, especially if the files are small.

[Master Disaster]

1 minute ago, Eigenvektor said:

True, but technically incorrect. That is a setting of the email server and could be increased above that, but you are right that most providers have a fairly small limit. Afaik Google limits sending to 25 MB but you can receive up to 50 MB.

 

On the other hand when I'm sending a large email I am "blocked" until the upload is done. With ownCloud/NextCloud the files will be synchronized silently in the background, so unless you need the file right now you typically don't even notice the delay, especially if the files are small.

I'll be honest, I have ZERO experience with mail servers, like I literally how no idea how they work at all. I avoid them because I've heard horror stories of people setting them up incorrectly and then having them used by hackers to mass send spam.

[Eigenvektor]

3 minutes ago, Master Disaster said:

I'll be honest, I have ZERO experience with mail servers, like I literally how no idea how they work at all. I avoid them because I've heard horror stories of people setting them up incorrectly and then having them used by hackers to mass send spam.

You are right that open relays are a huge problems in terms of spam. An open relay means your mail server accepts/forwards email for anyone, instead of authenticated users as it should be. So you definitely need to take some time during setup to think about security and configure the server correctly.

 

Outside of security considerations, they're not that complicated really. In a certain sense they are like file sharing servers, except anyone can upload "files" (emails) and they will go into the "directory" (inbox) of the person they are addressed to. So e.g. an email to master@desaster.com would be sent to the mail server on "desaster.com" and placed in the inbox of the user called "master".