External storage without relaying all traffic

eortegaz · April 12, 2023, 6:42pm

With external storage, we still relay all traffic from cloud storage, through our instance and to the client. This means incurring significant bandwidth and processing power at our NextCloud server.

Since most cloud storage providers already offer an S3-compatible API to create a signed URL, or some form of auth token that our client can include in the header to request the file directly from the cloud storage provider, this seems like a logical thing to do.

This way, our NextCloud installation can be used as the frontend/authentication server that maintains assets for the UI (e.g. filenames, metadata, cached thumbnails, etc.) without needing to serve large transfers.

Instead of getting cloud storage with NextCloud preinstalled, managing authentication locally would be preferred and more secure.

KarlF12 · April 12, 2023, 9:20pm

Except that then Nextcloud has lost control of the file access and also isn’t guaranteed to know what was done with them. That’s a major problem.

just · April 13, 2023, 4:27am

In that case you can use Minio for selfhosted S3. It will serve your files without the need for Nextcloud authentication.

eortegaz · April 13, 2023, 5:18am

I meant locally within the NextCloud instance. Is there a way for NextCloud to generate an S3 presigned URL for a file download request?

just · April 13, 2023, 5:24am

Not that I’m aware of, because Nextcloud is all based around webdav. I do know you can use object storage as the primary storage for Nextcloud, which could be of interest for using S3.

https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html