Proxmox + OwnCloud

[T_Minus]

Anyone running Proxmox and OwnCloud VM?

tips/trips and/or suggested starting points/guides online to follow?

I like proxmox in that we don't HAVE to pass through anything to a VM so we can use onboard ports!! less power or more capacity with less hardware depending how you look at it

Going to start playing around with keeping file/stg management (zfs) within proxmox and then using a VM for handling shares / owncloud / etc.

Just thought I'd ask before playing around with my own ideas/thoughts

 

[Drewy]

I run owncloud on ubuntu as a VM on proxmox. I don't do any "special" to configure it.
The VM image sits on a nfs share (freenas) the same as all other vm's.
On the network side I have it on it's own subnet/vlan that is firewalled from everything else. I did (once) play with it being accessible from the internet but these days it isn't. My clients have to be at home to sync with it.

 

[PigLover]

Same here. Nothing special at all. Sets up the same as all other VMs on my VM host. I expose it to the Internet via HAproxy on pfsense with SSL enabled.

 

[T_Minus]

Thanks guys! Good to know

Looking to ditch DropBox for myself, and the wife and save 200/year or whatever that cost is by just hosting it ourself, and then saev some power going to proxmox with no passthrough so we can use onboard for our "home" setup

ALl the while trying to hit 200-300w in the office via ``servers`` to keep it "heated" hahahah!!

 

[Patrick]

My next foray is NextCloud on FreeNAS. Likely will only be accessible via VPN.

 

[_alex]

Should be no Problem. I have nextcloud on its own vm, private network + nat for os-updates. Expose it through apache mod_proxy. Also have libre office online from source on another vm (not docker) that is also accessible via mod_proxy.

 

[nitrobass24]

Running Nextcloud on a hardened CentOS build. VM sits on an nfs share. All of the data storage is on the vDisk.

Internet accessible through my WAF over SSL.

Moving to pfSense when I get a free weekend and it will be accessible over VPN only at that point.


Sent from my iPhone using Tapatalk

 

[KioskAdmin]

With how fast nextcloud got made after everyone left owncloud neither instill confidence in security.

 

[Continuum]

Running nextcloud in a LXC Ubuntu 16.04 container on Proxmox. Setting it up was a breeze. I will be migrating the container soon to unprivileged container. I also plan on exposing nextcloud through haproxy in another unpriviledged LXC container on a separate VLAN or network bridge in Proxmox. The bulk of my data is accessed through nextcloud's smb external storage module based on each user's nextcloud credentials, preserving file permissions for access through samba or NFS for local computers.



Sent from my Nexus 7 using Tapatalk

 

[T_Minus]

With how fast nextcloud got made after everyone left owncloud neither instill confidence in security.

Interesting.

Do you have any reference URLs to share regarding the background of NextCloud and issue with OwnCloud? I've only messed aroudn with Own and was looking to deploy but I haven't done much homework on this subject in a while... looking forward to learning a bit more now.

 

[nitrobass24]

The founder of OwnCloud was not happy how the company was being run. With a majority of the codebase being open source he decided to Fork the code, leave and start his own shop...NextCloud. He then subsequently recruited all of his cronies from OwnCloud. You may have noticed that updates to Owncloud have been basically non-existent for the last 6 months.

I would argue that NextCloud is more secure than OwnCloud simply because it is being updated/patched and maintained.

They also release a security testing tool that I encourage everyone to run.
Nextcloud releases security scanner to help protect private clouds – Nextcloud

I also use these free tools to test my public facing stuff.
SSL Server Test (Powered by Qualys SSL Labs)
FreeScan OWASP Audit | Qualys, Inc.

 

[Patrick]

@nitrobass24 is spot on. @T_Minus that is why I have been using NextCloud myself.

 

[T_Minus]

Good to know guys, I'll be looking into NextCloud now

 

[kroem]

I run NC as a VM in proxmox + zfs. I've just mounted a nfs share in /var/ncdata so it's just presented to NC.

 

[Monoman]

I run NC as a VM in proxmox + zfs. I've just mounted a nfs share in /var/ncdata so it's just presented to NC.

Same here actually. NC is pretty sweet

 

[JC Connell]

I've got Nextcloud setup in an LXC container and I've moved on to trying to install collabora but without much success. Has anyone else had success getting Collabora going?

 

[_alex]

For Collabora you need another Container or KVM and most likely have to compile it yourself, including recent libre office if you don't want to use the docker. I did this, put both NC and Collabora on their own KVM Instances on private network (both Debian 9), setup a proxy on a public host. This is quite a hassle, as i also had to change NC to make it trust/not check certificates on the private net it reaches lool.

If you want it quick and just running i'd follow the guides that show how to use the docker - this should be quite straightforward and a lot of people have success this way.

 

[JC Connell]

For Collabora you need another Container or KVM and most likely have to compile it yourself, including recent libre office if you don't want to use the docker. I did this, put both NC and Collabora on their own KVM Instances on private network (both Debian 9), setup a proxy on a public host. This is quite a hassle, as i also had to change NC to make it trust/not check certificates on the private net it reaches lool.

If you want it quick and just running i'd follow the guides that show how to use the docker - this should be quite straightforward and a lot of people have success this way.

I've created a KVM running Alpine Linux, install Docker and Apache2 and have setup the Collabora/Code Docker image. Getting this far wasn't very difficult. Now I'm almost the same situation as you- Nextcloud runs in an LXC container on Ubuntu 16.04, Collabora runs in a separate KVM on Alpine Linux Virt and finally Nginx runs in an LXC container on Ubuntu 16.04. Nginx is on it's on subnet DMZ. Nextcloud and Collabora are the "server" subnet, which is separate and not public facing.

I created self signed certificates for Collabora and configured apache2 as detailed in the instructions here: Collabora Online Office – Nextcloud

Can I leave Collabora behind the reverse proxy and allow Nginx to handle it's SSL termination? How did you get NC to trust Collabora?

 

[_alex]

To trust, this is *for sure* not a recommended way,

Goto 3rdparty/guzzlehttp/guzzle/src/Client.php

Find function createRequest and add a line $options['verify'] = false; after $options is defined in the first line in that function.

I guess also adding your CA to the trust store would work and not break with updates.

I have both Collabora and NC itself behind an Apache reverse proxy that has a public facing DV Certificate, no problems so far. Just getting NC / Collabora on the private network setup was a bit tricky, also because you also need to proxy websockets.

 

[T_Minus]

Looks like I forgot about this thread

Are people still using NextCloud instead of OwnCloud?