I am pretty new to this server thing, but i created my server using truenas, and installed nextcloud, I just have 1 question, what will happen to my data if nextcloud crashes? Will I be able to access the data ever again? if yes then how?
Nextcloud is a LAMP-software and uses Linux, Apache2 (nginx), MariaDB (other DB) and PHP.
Nextcloud uses some parts of data and database. Not official but my wording:
- Nextcloud software (files)
- Nextcloud configuration (files)
- Nextcloud user data (files)
- Nextcloud datasets (database) (e.g. username, shares, calendar, contacts, configurations, …)
On normal systems you make a Backup (files and database) and if needed a Restore (files and database). If the whole server crashes maybe you must first reinstall the server, reinstall the software (same Nextcloud version) and then Restore. Also on your system you must backup/restore files and database.
If you don’t care about the Nextcloud data structures (user credentials, shares, calendars, contacts, …) and the Nextcloud configuration, you can also only backup the files that are part of the directory structure. But then you can not restore the complete Nextlcoud. E.g. all public shares are lost.
If your data and the correct functioning of Nextcloud including user data, shares, etc. are important to you, then you should definitely test the backup/restore.
devnull is giving you valueable hints. One piece of advise:
Do not use server side encryption until you are very familiar with Nextcloud and has successfully tested and is comfortable of, using CLI to decrypt the data in a restore scenario, if the NC database or PHP application becomes corrupt.
Server side encryption is only useful if you use external storage at another hoster. On an on-prem NAS, it is completely unnecessary, at least for security reasons. Even if someone steals your NAS, server side encryption won’t help you. The keys are stored in Nextcloud.
Server-side Encryption is designed to protect the content of files on external storage locations
and on the server itself only while at rest, that is, when a user is not actively accessing the data.
I don’t really agree with the quote. “while at rest” is not really true. The files are encrypted and cannot be viewed directly. However, they can be decrypted by the administrator at any time. In order not to create any traces, the administrator can most likely build a functional version from the backup on an additional system and decrypt the files there.
@all: On TrueNAS you could just use native ZFS encryption, if you want to encrypt your data at rest. No need to bother with Nextcloud’s Server Side Encryption, imho.