Hello, I currently have a server nextcloud 12 without the information encrypted, I wanted to migrate to version 13 encrypting the data, how is the best way to perform this migration?
The encryption can be enabled later. It should also be backward-compatible if you do it before the upgrade. As always, do a Backup just in case…
I suggest doing first the upgrade to NC13.
First
https://docs.nextcloud.com/server/13/admin_manual/maintenance/upgrade.html
Second
https://docs.nextcloud.com/server/13/admin_manual/configuration_files/encryption_configuration.html
Server-side encryption was designed for external storage, do you use that? If not, please don’t use it (it mainly adds complexity to your system with much less benefits than you expect).
Please note that there are a lot of topics open where people have problems restoring from backups of encrypted setups (https://github.com/nextcloud/server/labels/feature%3A%20encryption%20(server-side), it’s surely not all of these topics). For that reason, I’d do some backup and restore test that everything is working as you expect and that you know how to restore.
Hello, thanks to both, the encryption actually appears because of the RGPD policies that are mandatory, I have no option.
I’m using a distribution architecture in my services, so it’s as if the disks were external.
So if I understand correctly, can I perform the encryption activation of the information on the server now?
And in the case of end-to-end encryption how exactly does it work? What would be more effective to have end-to-end encryption or just the encrypted server?
See here for End-to-end encryption: Nextcloud features that put you in control
End to end encryption is better in the sense that the server never sees unencrypted data. So even someone with full control over the server only sees that you have files on that server (can estimate the size and number) and probably the filenames and file structure, but he can’t see or modify its content.
Downside: If the user does not save the key for encryption, you can’t restore the files. Hint: without this downside, there would be something wrong about client-side encryption.
Currently end-to-end-encryption is not fully implemented yet. The mobile clients were first, there are first test versions of the desktop client. If you are interested, feel free to test and give feed back.
If you want to use it in production, wait until they officially release this feature (probably later this year).
With all encryption solutions: I’d be extra careful about backups and test a full recovery procedure.