Is there a way to disable encryption on data folder when using S3 as primary storage?

rodrigorenie · December 27, 2019, 7:31pm

I’ve succesfully installed and configure Nextcloud on my server, using a Digital Ocean’s Space (which is S3 compatible) as my primary storage. I noticed that the actual data gets stored in the Space as a bunch of urn:oid: files, which I assume that are my files encrypted.

Is there any way to disable this encryption? If not, is is possible to decrypt them to read them as the original files?

Here’s my config.php:

<?php
$CONFIG = array (
  'passwordsalt' => 'XXX',
  'secret' => 'XXX',
  'trusted_domains' =>
  array (
    0 => 'myhost.domain',
  ),
  'datadirectory' => 'myhost-data-folder',
  'dbtype' => 'mysql',
  'version' => '17.0.2.1',
  'overwrite.cli.url' => 'https://myhost.domain',
  'dbname' => 'myhost-dbname',
  'dbhost' => 'myhost-dbhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'myhost-dbuser',
  'objectstore' =>
  array (
    'class' => '\\OC\\Files\\ObjectStore\\S3',
    'arguments' =>
    array (
      'bucket' => 'digital-ocean-space-name',
      'autocreate' => true,
      'key' => 'digital-ocean-space-key',
      'secret' => 'digital-ocean-space-secret',
      'hostname' => 'nyc3.digitaloceanspaces.com',
      'port' => 443,
      'use_ssl' => true,
      'region' => 'nyc3',
      'use_path_style' => false,
    ),
  ),
  'instanceid' => 'myhost-instanceid',
  'dbpassword' => 'myhost-dbpassword',
  'installed' => true,
  'ldapIgnoreNamingRules' => false,
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
  'maintenance' => false,
  'app_install_overwrite' =>
  array (
    0 => 'ldaporg',
  ),
);

Nextcloud version: 17.0.2
Operating system and version: CentOS 8
Nginx version: 1.14.1
PHP version: 7.2.11-1

Eagle · December 28, 2019, 6:00pm

These filenames come from the setup of s3 as primary storage.
The content should only be encrypted if you have activated the server side encryption for local storage.

rodrigorenie · December 28, 2019, 7:56pm

Thanks for your response. What I was looking for was to see the actual files that were being upload in my Nextcloud instance in the Space from my Digital Ocean account, just like I would if was using the local filesystem.

But I’ve looked further into this and found this:

https://docs.nextcloud.com/server/stable/admin_manual/configuration_files/primary_storage.html?highlight=objectstore#implications

Basically, the original files can not be seen outside Nextcloud (which is fair).

mhrsolanki2020 · December 29, 2019, 8:48am

Thanks for clarifying the same for others as a future reference point.

anon9582441 · December 29, 2019, 11:36pm

Make sure you make SQL backups!

Eagle · January 3, 2020, 2:43pm

You can still open the files of you download them directly from your s3 instance, but the filenames will not be usable (urn:oid:xxxx).
Only if you enable encryption you won’t be able to open them.