If you use cloud storage to share information, great! There are plenty of options to choose from; some known examples being Dropbox, Google Drive, One Drive amongst others. However, if you wish to store personal information I believe there are other options worth considering.
Pros and cons of cloud storage
The biggest pro of using cloud storage is that the information is always available to any device with access to the Internet, and that it can be shared with anyone.
One drawback however is the cost. Although the majority of the services can be used for free, these fmight not be enough to satisfy our needs. In my opinion, the biggest issue is security, and I'm not referring to the typical cases of hacking and/or leaking.
Just take a look to the Terms of Service for any cloud storage service to find clauses such as this one rom Google
... When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps). ...
Dropbox, has similar clauses, same goes for any service provider. It's highly educative to every now and then read these terms and conditions that we accept everywhere without a second thought.
I'm not against them. I have been a user for a long time and I will keep being one. Instead, I simply keep tab on what information I upload to the cloud.
What is there to do in such a case?
Alternatives to cloud storage services
The first alternative is to use local storage, for instance an external HDD. This is the more economical solution and undoubtedly the safest. Only people with physical access to the drive can access our data.
However, we lose an important functionality: the possibility to access our files from anywhere and with any device with an Internet connection, and the ability to easily share it with family members, friends and colleagues. This is something nobody wants to renounce nowadays.
Luckily enough, there is another alternative solution: implement our own private cloud service. This way we can be in control of our information and still enjoy easy access to it.
This raises a (frankly sensible) question: what is the difference between this solution and using Google Drive, Dropbox, iCloud or any other similar service? At the end of the day we'll have our information storerd in a server which is managed by a third-party. To comprehend the difference, we need to take a look at a service which works in a similar fashion: banks.
In a bank account, the bank knows about all our operations, who do we pay and who pays us, and even using our funds for its own interests - akin to Google Drive.
We could rent a security box, which would render the bank unable to keep control of the contents in the box, while at the same time still taking advantage of the bank's infrastructure - this would be our private cloud.
Let's take a look at what we need to do to run our own cloud storage service.
Cloud storage with NextCloud
Between the many existing alternatives, my favoured one is NextCloud. It's an opensource solution, used similarly to Dropbox and that we can install parallel to our website. This way we'll make the most of our VPS. although we can acquire devices with NextCloud incorporated, we'll focus instead on how to implement it into our server.
The goal is to have a safe platform in which our data can be accessible at any time with a reasonable level of security.
Characteristics of NextCloud
NextCloud allows us to have our files in sync between different devices (computers, tablets and smartphones), independently of the Operating System (Windows, OS X, iOS, Android or Linux). We can also share the data wih other people even if they're not users of our server.
We always have control over what information is shared. On the other hand, it includes many different forms of communication between users, which makes it the ideal tool for work groups.
It can also be used as backup in case of hardware malfunction. However, unlike a traditional backup, it does not offer protection against deletion and accidental modifications. It's required to have our backup solution implemented properly.
This implementation requires a LAMP server (Linux, Apache, MySQL and PHP). We can work from its web interface and as client services for all platforms. Using the corresponding client allows us to work with our usual tools, synchronizing automatically in the background.
The entire process of implementation and further use is fully docummented.
Implementing NextCloud in our VPSaquí paraaquí para Google Cloud AWS
Step 1- Copy the files and prepare the server
We'll assume that we already have a LAMP server running and that we meet the minimum requirements for the installation. The instructions on how to start up our own web server can be found here AWS and here for Google Cloud.
Download the installation file and unzip it into a folder in our server. Make sure that the user www-data has proper permissions over said folder, then setup the virtual host and don't forget to create the correct DNS entry.
Here we have an example setup for the virtual host folder.
<Directory /var/www/nextcloud_dir>
Options +FollowSymLinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
Satisfy Any
</Directory>
<VirtualHost *:80>
ServerAdmin webmaster@example.com
ServerName cloud.example.com
DocumentRoot /var/www/nextcloud_dir/
ErrorLog /var/www/logs/nextcloud_dir/error.log
CustomLog /var/www/logs/nextcloud_dir/access.log combined
</VirtualHost>
Es altamente recomendable utilizar SSL, por ejemplo a traves de Let's Encrypt y Certbot.
Comprobamos que estén habilitados mod_rewrite (obligatorio), y mod_headers, mod_env, mod_dir y mod_mime (recomendados).
It's strongly recommended to use SSL through, for instance, Let's Encrypt and Certbot.
Verify that the following are enabled: mod_rewrite (required) and mod_headers, mod_env, mod_dir, mod_mime (recommended)
Step 2 - Continue the installation on the website
Enter our NextCloud server url and fill in the necessary information to finish the installation.
1 - Info on the admin user. Don't use common names such as admin and, more importantly, use a complicated password. Ideally the security meter should be fully green.
2 - Select the folder where the data is stored. This can be any already existing folder whose owner is the web server. A good solution would be to use an additional volume in our VPS. It's possible to move the folder later, but it's much easier to simply select it once during the installation.
3 - Enter the corresponding data into the database. We'll leave SQLite in only if we're just testing, we're the only users and we're not synchronizing data. In any other case, we need to state the corresponding parameters for our database. Much like the data folder, the database must be created within our server before carrying on with the installation.
Once all the info as been filled in, we click the Complete installation button and wait for a few minutes.
If everything went well, we should be met with the welcome screen.
The installation has been completed and our private cloud is ready for use.
Step 3 - Final adjustments
Even though our cloud is fully functional, there are still some adjustments to make.
First we'll access the configuration menu by clicking the icon on the top right side.
In General View we'll have some guidance on what finishing touches to do in the configuration of our server.
First of all, we need to update the configuration of our mail server so as to recieve notifications via email. The link takes us directly to the window where we can fill in this information. As a previous step, we need to setup our personal data, especially our email info.
When completing the profile info, we can decide which elements we want to be made public and which to be made restricted.
If we're using SSL, we need to redirect the traffic through HTTPS (Certbot allows doing this upon generating the certificate) as well as enabling HTTP Strict Transport Security. For the latter, we'll add the following to the config file in our virtual host:
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>We can access the rest of the security tips by entering the link in the page.
To enable cache, we'll use the APCu module included in PHP 7. We'll download the package for Ubuntu the usual way: sudo apt-get update and sudo apt-get install php-apcu. Restart the web server with sudo service apache2 restart and, once the server has restarted, add the line: memcache.local' => '\OC\Memcache\APCu', (comma included) to the NextCloud config.php.
Now we setup the php.ini file with the recommended values in OPCache:
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1and lastly add these lines to the virtual host configuration file.
<IfModule headers_module>
RequestHeader set X-HTTPS 1
Header set Referrer-Policy "no-referrer-when-downgrade"
</IfModule>When we head back to the configuration page we'll see that everything is OK.
Step 4 - Download the client in our devices
The first time we access the server we'll have the option to download the corresponding desktop client. If we haven't done that or if we want to install it in another device, we'll be given the option to download it in Phone and desktop, inside our profile user.
Once the app is downloaed, we'll run a standard install. When launching for the first time, we'll be asked for our connection data. First we'll fill in the server url, and on the second screen, the access info.
Here's an important consideration.
We could use our user credentials, however these would be compromised if we were to lose the device. The solution is to create a specific password which we can revoke at any time.
This way, we'll be safe against dangers like these.
We can manage the generated passwords from the Security tab in our profile. From this window we can revoke access to any device connected to our account.
Finally, if we are not happy with the folder assigned by default, we can select one of our choosing to save the synchronized files.
Once we're connected to the server, we can keep working as usual. We simply have to put the data we want to synchronize between all devices inside the specified folder.
In conclusion
We have seen how to implement our own private cloud in a relative simple manner. It's a rather easy system to use, very similar to Dropbox.
It can perfectly coexist with our blog or website, which allows us to optimize our costs. We even have the option to install it on a shared hosting service. Considering the current cost of hosting services, this is an option to consider if we're looking for a centralized management, multiple user usage and full control over our data.
In further entries we'll walk through how to manage it and the different available modules.
If you're interested in running your own private cloud, yet you don't see yourself capable of setting it up on your own means, contact me. I can surely help you out with this.
