My scenario: A web space hosted nextcloud installation serving ~30 users; I want to provide more storage by adding disk space from a small local server (e. g. raspberry pi). This machine can be dedicated to this. How do I safely grant access by the hosted nextcloud instance to this machine and incluse seamlessly the storage?
If I understand, you have Nextcloud running on a host off-site, and you want to add storage capacity using local storage as a backend for the hosted instance? So Nextcloud would connect over the internet to your local storage?
In that case you can take several approaches: FTP, SFTP, SMB, or WebDAV. You would need to share your local storage using any of those protocols and allow access through your firewall, then just add Nextcloud external storage to that location. Keep in mind performance and security considerations.
Exactly. the reason is to add a cheap big local storage for e. g. photo sharing avoiding the cost having it on the nextclouds web space. I hope dedicating a little file server to this task and opening a port for it on my router will not spoil the integrity of my LAN. Any advice on the security side is highly appreciated.
With 30 users, consider investing in fast, hosted storage. Or, colocate your own storage box.
edit: The Pi is just not going to cut it for that many users. It works ok with 2 or 3 users on a decent home internet connection.
I think the consensus with SMB is that it should never be open to the internet. I think there’s still some security issues with SFTP over the internet. WebDAV I’m not sure about, other than having used it from Nextcloud. I guess it’s more secure of the options, but has a higher performance hit due to how it operates.
Something I have never researched until today is a self hosted S3 bucket, which apparently you can do with Minio https://min.io/
That is what I would be looking at if I wanted to do what you’re trying to do. I don’t know for sure, but that’s probably on the stronger side as far as security, and obviously was also built to be high performance.
I guess my next option would be SFTP.
Even if you get this working, I don’t know much you would be affected if your internet goes down or you reboot your storage server, etc. All things to consider, and I don’t have first hand experience doing anything like this.
I can confirm that WebDAV performance is terrible when mounted as external storage. And that is with hosted storage connected to a speedy Nextcloud provider. See this discussion on S3 speeds in Nextcloud using Wasabi; hopefully it will include some benchmarks soon.
Having hosted on Pi’s and other devices since the first Nextcloud release, I can tell you it is faster to simply host a full Nextcloud instance on your device. Accessing the exact same data over external storage or federation is always super slow and pops up a lot of error/conflict notifications.
Sftp would work well. It’s available on most systems with sshd /openssh. Webdav works too of course but requires a webdav server (apache with some module).
Like @just mentioned, have you considered just running Nextcloud locally using local storage? You would have the best performance that way, and if your connection drops or anything like that it will be easier for users (no connection vs. potentially strange errors or data loss). What benefit is there to keeping Nextcloud hosted off site?
Quick thoughts for self-hosting from home. Hope they help.
- Use the best possible device, latest Pi 4 if available as it adds separated ethernet/usb bus (greatly improves performances), more ram, USB 3.0 and gigabit ethernet.
- If you have access to a thumb drive or microsd card or ssd, use those in place of a mechanical drive. You can get 128gb - 256b real cheap these days.
- If you do not already own a Pi, buy an Odroid HC1 (2.5" bay) or HC2 (3.5" bay) instead and hook up a sata drive directly, or better yet an SSD. This will be much faster, possibly able to saturate your network upload speeds completely.
- Join Nextcloudpi on telegram, a friendly bunch always down to assist with troubleshooting and support.
- Port forward your Pi with a Static IP. You’ll probably want to set QoS as well to prevent your network from getting slowed down.
- Strongly recommend upgrading your router to gigabit. If so, worth finding one you can install Tomato or DD-wrt firmware on.
- Only run your storage device on a wired connection as it will be faster and more reliable.
I know a parallel access would be too much but it’s not a work group and I expect only occasional access. I’ll give the pi 4 with an SSD a try.