I have two instances of Nextcloud running. One on my home server for really sensible data, fotos and large files where I have a internal backup drive set up and do a additional back up on a external storage.
Now I have a second instance running for my family on a virtual ubuntu server by a hoster. I have encryption (also for the local data folder) enabled. My hoster is doing a backup on regular basis which I can restore 24/7. So normally I don’t see a need to do the normal backup of the whole nextcloud (config, data, database etc.) described in the nextcloud documentation. Because as long as my hoster is still fine I can use their backups. I want to be safe for the worst case. This is the case if the hoster can not be reached anymore for a long time. In this case I would only need the data, no configuration etc. So my plan is to use rsync from from home server to pull the backup data. But now I’m struggling with the encryption.
So how to do a backup of the encrypted data without backing up the whole nextcloud? Can I do a simple backup of the data folder including the encryption keys to deecrypt in another nextcloud instance? Or is there another solution available?
Because in the worst case scenario I don’t want to set up a new nextcloud instance.
Won’t help against a malicious hoster, you could as well use disk encryption. Or better the client-side encryption which is still tested and not available on all clients.
It is important that the database and the encrypted data are made at the same time because data base information is used to sign the files. Without this information, you can’t decrypt the files.
No you need a full backup. In theory, you should be able to decrypt without the signing but you have to modify the code which is not obvious. Unfortunately, there is no tool to decrypt files with the corresponding keyfile and the password.
If you plan anything with encryption, you should test a restore procedure. We had a couple of cases, where the restoring was difficult or just not possible with current tools. Therefore, I don’t encourage people to use it for local storage (because it was designed for external storage) as it adds a lot of difficulties without adding good encryption.
@tflidd Thanks for this helpful response. Interesting to hear and good to know. E2E is still testing and not available for stable windows clients so far. So this is no option. But good to know that server side encryption does not add that value I expected. I may deactivate which allows me easy make backups of the data only. And I will check if I should use disk encryption instead.
Even on external storage there are probably some bugs, there are some open issues on the bug tracker, e.g.
It’s not a single person, however could still be a special configuration. I wouldn’t very confident about this feature and for a larger setup, I’d get enterprise support so I have somebody to fix it.
Interesting. This is a very special topic. How much decryption you want / need versus the risk of not having these encrypted. So far none of my users uses external storage and I deactivated the server side encryption today and everything is working as expected. I know that I’m not protected agains a malicious hoster but want to add at least some burden to increase security slightly.
Does it work if I create a decrypted container/folder and move the data folder to this (using a symlink)? Makes this sense?
Yes you could use containers (it should be possible to symlink the whole data-folder, but no symlinks within are supported). It makes sense that if the hoster is chaning the hard disk and the disk is not mounted, data are protected. The inconvenience is that upon restart, you have to login and decrypt the container with your password.
Thanks, yes this is what I want to achieve. With this at least the data is protected more if the server is offline.
Unfortunately this is the one thing which stops me rigth now. I don’t want to login every time the server starts. Mainly since the hoster may need to restart the server at a time where I’m not available. I’m rigth now searching for some kind of remote two-factor-authentication or a way of mounting this container someway headless. Does someone knows a way?