Restrict Nextcloud over VPN except Talk

Leaving aside the fact that this setup does not look like it’s supported in any way, I’m still wondering what’s the point of all this? If you use the same database, and copy/sync all files, what’s the reason of having 2 instances?!

I don’t have experience with SSE, so I can’t help you there, sorry.

The server side encryption is only useful if you use storage at an external hoster you do not trust. If you host the data for your own and the same admins (Nextcloud and data), there is no security advantage even if this is what people like to sell it as. Admins of the Nextcloud can get the encrypted data and decrypt it.

Please read the beginning of this documentation

The primary purpose of the Nextcloud server-side encryption is to protect users’ files on remote storage, such as Dropbox and Google Drive, and to do it easily and seamlessly from within Nextcloud.

Server-side encryption separates encryption of local and remote storage. This allows you to encrypt remote storage, such as Dropbox and Google, without having to also encrypt your home storage on your Nextcloud server.

For real security you must use End to End Encryption. Then you will not be able to share the files via the listed way. Also you can only use it in Nextcloud clients and not in Nextcloud Web GUI. Unlike other software providers, there is no Javascript-based encryption and decryption in the web-based Nextcloud application for security reasons.

1 Like

Hi thank you @devnull

We have LDAP users on both NC. so their usernames and passwords are same on both NC.

Can we copy encryption keys to make it work? There are two location of keys data/files_encryption and data/user/files_encryption.

user/files_encryption/files/keys/Talk i have copied that didn’t work. Now i am wondering to copy data/files_encryption.

This is totally a test environment so we can check possibilities as much as we can.


Just want to update here i have synced following directories of both cloud but still share files are not visible on other Nextcloud instance


How sync encryption keys? so that NC over VPN and NC that is public can see same shared files. As mentioned earlier, without server side encryption both Talk are working fine and seems like same.

Agreed. Our self managed VPS is hosted over the cloud in hosting provider. As cases of hacking of servers are increasing, so we have decided to use Server Side Encryption. In case server is access by some hacker, at least our files secured. Everything can happen actually despite of all security measures firewalls etc.

That is not true. If the hacker hacks your Nextcloud server he can decrypt all files. Maybe first he must copy all (files and database) to another server to be less noticeable. Not tested if it works also.

How to enable server-side encryption in Nextcloud | TechRepublic
How to disable Server side Encryption in Nextcloud (video)

However, it may be a bit more difficult and keep script kiddies away.

1 Like