Nextcloud box security

aridus · May 28, 2017, 6:57am

I have connected my Nextcloud box to the internet as described at https://github.com/nextcloud/nextcloud-snap/wiki/Connecting-the-Nextcloud-Box-to-the-Internet

Login to Nextcloud on the box uses a 32 character password with random letters, numbers and symbols, and all default passwords on my home wireless router have been changed to similarly complicated passwords.

I am relatively new to this subject (i.e. opening a sort of server in my house to the internet) and wish to check one matter: is there anything else that I should do to secure my Nextcloud box from malicious or other intent? With the domain now being accessible from outside the house, and two ports open, I am concerned (but have no experience that helps me decide how concerned I should be!).

With thanks!

tflidd · June 8, 2017, 3:45pm

There is no complete list of things in order to secure your server perfectly. It’s more of a process, general tips which apply for webserver are a good starting point for Nextcloud as well.

I’d recommend in general, only run services you really need and use. Keep your software updated, try to use a secure configuration and check your server (or run services like logwatch or logcheck) to be aware if something is wrong on your server. If you can monitor your server from other devices, this can be helpful as well (even a very basic traffic counter on your router, if there is much traffic on your server you can’t explain, …).

For logins, you can use two-factor authentication and for SSH you can use ssh-keys to login.

linucksrox · June 8, 2017, 5:27pm

It doesn’t hurt to run the security scan, that might give you some idea of what to improve.
https://scan.nextcloud.com/

Also check out the hardening and security guide in the admin manual:
https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html

aridus · June 8, 2017, 8:15pm

Thank you @tflidd @linucksrox, your comments are very helpful, for a novice especially. I ran the security scan - which is useful, and that I was previously unaware of - and my box is A+, so that is useful to know. I am looking at the other matters that you both suggested.

Thanks!