I’ve been reading here that it’s a bad idea (increased attack surface, etc.) to install a desktop (Linux) on a NextCloud server. I am hoping to pull the trigger on the hardware for a dedicated server soon, but in the mean time, I would like to set up a temporary server on my Linux desktop (which already has GNOME and Cinnamon on it), just so I can learn my way around Apache, MariaDB, PHP, etc. I’m also still getting familiar with Linux (debian). Would I be risking too much by doing this?
Hi @Alopez
If you only use it for testing, the risk is limited and as long as you only use it in the local network and don’t make it accessible from the internet, you don’t have to worry as much anyway.
But I would still recommend installing it in a VM. Apart from possible security implications, this also has the advantage that you don’t clutter up your system with unnecessary packages and services such as webserver, PHP, etc.
1 Like
in theory this is true. In real world chances exist your headless dedicated virtual machine is less secure then your desktop. Especially “spare time admins” like you and me may achieve better results when running system with GUI which supports you pointing to existing issues, reminding about updates and so on.
I’m not security guy - most likely they will tell I’m full idiot, but attack vectors for a Nextcloud installation consist of the application and web server security holes - this doesn’t change you run the system with or without graphical desktop interface.
This changes immediately if you start using your (Nextcloud) server as desktop, like browsing in the internet, checking mails - each single activity sums to the total attack vector. having some UI or running the server on your desktop automatically reduce the security as you the user perform some activities which could result in whole system been compromised. If your Nextcloud installation hold the same data you already store on your desktop - I think there only low additional threat to your data - start testing Nextcloud on your desktop.
Long-term it’s still recommended to separate desktop and server part of the installation just for the reason you can’t control what happens during your daily work - one could brake the system and loose data on the client rather on dedicated server.