12/15/2023 0 Comments Freenas nextcloudEnd-to-end encryption is not ready yet (as of April 2021).Futhermore, the encryption key is in data//files_encryption so it doesn’t protect against physical access to the storage.Activating server-side encryption in Nextcloud increases file size by 35%.In this section, I describe the architecture with encryption-at-rest, although we do run a Nextcloud server without encrypted storage for our main family instance. I have also been experimenting with block storage encryption with LUKS, using Borgmatic instead of ZFS replication for backups, providing encryption-at-rest of both data and backups. This provides off-site backups while keeping the backup size as small as possible. We configured the PULL replication task using the /mnt/ncdata dataset in the VM as the source, instead of the ZVOL on the TrueNAS host. Our sites are connected with a VPN using OpenVPN.Ĭonveniently, Nextcloud VM uses ZFS for the /mnt/ncdata filesystem. While a backup TrueNAS server runs in my brother’s home. Our production TrueNAS server runs in my home, I run a FreeBSD jail I call Watchtower with components of the Grafana+Prometheus observability stack. SSL certificates are provided by Let’s Encrypt. I install the HAProxy and Acme Certificates services from the Package Manager (packages haproxy and acme). My home router is a pfSense system on Netgate hardware. To avoid the problem of public cloud hosting IP address blacklisting, I use Amazon SES for SMTP relay. I’ve been running a mailcow: dockerized VM appliance for mail self-hosting. Nextcloud uses SMTP for user enrollment, self-serve password reset and file sharing by email among other things. The pfSense router has an integration with DigitalOcean API for dynamic DNS. I use DigitalOcean for my personal projects. I admire their ethics and their business model. I like because they offer a barebones service at a very low profit margin. I export the config and save it on my laptop in a directory synchronized across devices.Īppliances running on VMs are backed up using either TrueNAS rsync tasks in PULL mode or Borgmatic. When I make a configuration change on hardware appliances (pfSense and TrueNAS),
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |