I’m running nextcloud on a local Ubuntu server and would like to use encryption. Since I don’t have any files on external storage, it doesn’t make sense to use the built-in encryption provided by nextcloud (if I understand the docs correctly). So, I was wondering if it makes sense to encrypt the home folder of my user on the server and move the data folder in there. I’m new to all this, but I assume that nextcloud would not be able to read these files, correct? Because nextcloud is running with the www-data user and not with my user? And syncing with my computer using the desktop app would probably not work either?!
So, I guess the only way would to do that would be a full disk encryption, is that correct?
As you see, I’m not really asking for technical help, I’m just not sure if I understand everything correctly.
It depends. If the volume is mounted and www-data has access, the files canbe read. If you reboot your system, you user has to mount the crypted home-folder again. I wouldn’t do it in a user’s home folder and use a different location dedicated for this purpose (the full disk encryption you mentioned). The encrpytion would only be effective when your server is shut down (stolen hard drive, …) but not on the running system.
NC 13 plans to bring client-side encryption. Then it is unencrypted on your client and all files on your server will be encrypted (so even a malicious admin can’t read the files).
