Nextcloud version: 18.0.4
Operating system and version: Ubuntu 20.04
Apache or nginx version: 1.17.10
PHP version: 7.4.4
The issue you are facing:
Is it possible to use an object store as primary storage with the default server-side encryption?
After turning on the server-side encryption module by following the manual I can’t view or open any files uploaded after that point.
As the docs say, I can’t disable the default encryption module, but If I turn off “Encrypt the home storage”, then any files uploaded after that point are available (and also unencrypted on my object store)
-
I installed and setup NC 18.0.4 this morning, worked with just admin user and a local primary storage. Test this with the default files, uploaded one of my own to confirm it works.
-
Reset the install so I could switch to an S3-compatible object store as primary storage. Again tested with only the admin user, default files and one of my own uploaded and downloaded. This works!
-
Added a non-admin users, uploaded a few files, PDF, txt, png, etc. I confirmed I could download and view them.
-
Following the NC admin guide, turned on server side encryption, enabled the default encryption module, and then checked “Encrypt the home storage”.
-
Logged out and back in (although I think this isn’t required now with the server-wide encryption key). Any files uploaded after this point are no longer downloadable or viewable by either admin or my test user.
When trying to use the in-browser viewer them, the log shows:
"Exception": "OCP\\Encryption\\Exceptions\\GenericEncryptionException",
"Message": "Bad Signature",
Followed by a bunch of json blobs with:
message: "Trying to access array offset on value of type null at /usr/share/nginx/nextcloud/3rdparty/aws/aws-sdk-php/src/RetryMiddleware.php#144"