Nextcloud server config

[GTM]

Hi,

After Google Photos is no longer "free" (they want to scrape your data and pay for the privilege), Dropbox in no longer good, and OneDrive is a piece of ****, I decided to try Nextcloud on my on server.

Config

Hypervisor running:

- FreeNas with Z1 zfs

- Ubuntu VM running plex, sonarr, homeassistant, Nextcloud (installed on its own SSD)

 

Usually Nextcloud installs in the localhost file system, but it is a VM and I want to keep my data on my NAS. I changed my data folder location to a mount that links the VM with my NAS (same mount I run my Plex, Sonarr and other related programs).

 

After moving the data folder I get this error "Nextcloud your data directory is readable by other users". I solved that by editing server/config.php and adding 'check_data_directory_permissions' => false, .

 

How safe is my setup given I bypassed this option? And who are other users?

Is it referring to local users, I am the only person using this server, and yes I can browse the files stored by Nextcloud using SMB.

I set up Nextcloud with https and let's encrypt, that I can access through a DDNS.

 

Is this setup safe ish?

 

Also, how do I get rid of or block the http connection, if I go to the VM ip using http is get --- Apache2 Ubuntu Default Page. (just delete the www /html/)?

 

Thank you!

 

 

[Kilrah]

Best practice is to run every service under a different linux user with that user only having permissions to access its own data, that way if say plex had a vulnerability that allowed someone to access the linux filesystem they would not be able to access data from other services. In practice for a home setup it's probably not really a big deal.

 

For apache there are likely multiple config files in

/etc/apache2/sites-enabled/

including a default one, check that this default isn't used by any of your services and if not delete it.