Hi,
I have installed the Nextcloud 18 on my EC2 Ubuntu instance & linked the S3 bucket. Now, what’s the best practice to keep the data safe by encrypting?
Already enabled the SSL to protect the data during transit
Under AWS, Encrypting the entire EC2 instance? & then Under AWS S3 buckets management, enabling the encryption AES-256?
Or enabling the encryption app from the NextCloud? which is the best way to protect the data?
Please explain.
Protect the data from whom ?
You did the best to protect the data in transit (SSL; enable only TLS 1.2 and 1.3 ).
I believe you don’t need any of it if your Nextcloud runs on hardware not under your control …
you have to do this before you setup everything.
when you launch an ec2 you should encrypt the ebs volume. same applies to the s3 bucket.
it’s possible but a bit tricky to encrypt everything afterwards.
if you want to start again you may find the playbook helpfull.
nextcloud-reloaded
Ansible playbook to install nextcloud, php, nginx or apache, mariadb or postgres, redis-server, onlyoffice or collabora office
client side encryption? → e.g. Cryptomator