Installing ownCloud 9 on CentOS 7
-
@JaredBusch said:
@wirestyle22 said:
Any good ML documentation on best practices for securing your OwnCloud server?
- Use
fail2ban
- Good password security on any account with admin access
- Always keep things updated (php, apache, etc.)
- Disallow
http
- maintain a valid SSL certificate
- Do not allow any port except 443 to hit the server from the public internet.
Thanks Jared!
- Use
-
@wirestyle22 you can look at my 8.2 thread where I actually go over everything in detail. I do need to clean it up though and redo it for PHP 7 and ownCloud 9
-
@JaredBusch said:
@wirestyle22 you can look at my 8.2 thread where I actually go over everything in detail. I do need to clean it up though and redo it for PHP 7 and ownCloud 9
I read it. I took note of your comment on some of the documentation not being great so I figured I'd ask if there were any updates etc. Appreciate the help. Great info in your posts too.
-
@wirestyle22 said:
@JaredBusch said:
@wirestyle22 you can look at my 8.2 thread where I actually go over everything in detail. I do need to clean it up though and redo it for PHP 7 and ownCloud 9
I read it. I took note of your comment on some of the documentation not being great so I figured I'd ask if there were any updates etc. Appreciate the help. Great info in your posts too.
it is all good and all the issues have been worked out. but you do have to go top to bottom of the post to get there
oh and one thing i neglected above
- do not disable SELinux
-
@JaredBusch said:
@wirestyle22 said:
@JaredBusch said:
@wirestyle22 you can look at my 8.2 thread where I actually go over everything in detail. I do need to clean it up though and redo it for PHP 7 and ownCloud 9
I read it. I took note of your comment on some of the documentation not being great so I figured I'd ask if there were any updates etc. Appreciate the help. Great info in your posts too.
it is all good and all the issues have been worked out. but you do have to go top to bottom of the post to get there
oh and one thing i neglected above
- do not disable SELinux
I'm currently running a test server just to show my boss what it's like but I will make a note of that. A lot of the guides tell you do that so I'm glad you said something. Appreciate it!
-
@JaredBusch said:
@wirestyle22 said:
@JaredBusch said:
@wirestyle22 you can look at my 8.2 thread where I actually go over everything in detail. I do need to clean it up though and redo it for PHP 7 and ownCloud 9
I read it. I took note of your comment on some of the documentation not being great so I figured I'd ask if there were any updates etc. Appreciate the help. Great info in your posts too.
it is all good and all the issues have been worked out. but you do have to go top to bottom of the post to get there
oh and one thing i neglected above
- do not disable SELinux
Oh and I'm running this on a Vultr VM. I assume I'll migrate a month before it goes live so I don't have to deal with bandwidth limitations?
-
@wirestyle22 said:
@JaredBusch said:
@wirestyle22 said:
@JaredBusch said:
@wirestyle22 you can look at my 8.2 thread where I actually go over everything in detail. I do need to clean it up though and redo it for PHP 7 and ownCloud 9
I read it. I took note of your comment on some of the documentation not being great so I figured I'd ask if there were any updates etc. Appreciate the help. Great info in your posts too.
it is all good and all the issues have been worked out. but you do have to go top to bottom of the post to get there
oh and one thing i neglected above
- do not disable SELinux
I'm currently running a test server just to show my boss what it's like but I will make a note of that. A lot of the guides tell you do that so I'm glad you said something. Appreciate it!
For a demo, that is fine. But just know that there is no reason it must be disabled for production. There are only a few pieces that have to be modified to make it work right.
-
With this server being encrypted are files that are being shared with a password considered secure encrypted files? In the same vein as O365 etc? Is this a viable alternative to using encrypted e-mail?
-
@wirestyle22 said:
With this server being encrypted are files that are being shared with a password considered secure encrypted files? In the same vein as O365 etc? Is this a viable alternative to using encrypted e-mail?
Whether or not they are considered secure sorely depends on the entity doing the considering.
If you ask me, then the answer to all of that is yes it is.
-
@JaredBusch said:
@wirestyle22 said:
With this server being encrypted are files that are being shared with a password considered secure encrypted files? In the same vein as O365 etc? Is this a viable alternative to using encrypted e-mail?
Whether or not they are considered secure sorely depends on the entity doing the considering.
If you ask me, then the answer to all of that is yes it is.
I love you so much right now. You have no idea. Thanks!
-
@wirestyle22 said:
@JaredBusch said:
@wirestyle22 said:
With this server being encrypted are files that are being shared with a password considered secure encrypted files? In the same vein as O365 etc? Is this a viable alternative to using encrypted e-mail?
Whether or not they are considered secure sorely depends on the entity doing the considering.
If you ask me, then the answer to all of that is yes it is.
I love you so much right now. You have no idea. Thanks!
If your file system is encrypted, then the data is encrypted at rest.
You are using SSL only, so the data in transit is encrypted.
There are no other pieces involved that you have control over to be encrypted. -
@JaredBusch said:
@wirestyle22 said:
@JaredBusch said:
@wirestyle22 said:
With this server being encrypted are files that are being shared with a password considered secure encrypted files? In the same vein as O365 etc? Is this a viable alternative to using encrypted e-mail?
Whether or not they are considered secure sorely depends on the entity doing the considering.
If you ask me, then the answer to all of that is yes it is.
I love you so much right now. You have no idea. Thanks!
If your file system is encrypted, then the data is encrypted at rest.
You are using SSL only, so the data in transit is encrypted.
There are no other pieces involved that you have control over to be encrypted.Appreciate all of the info and your help!
-
You can also encrypt the block device under the filesystem, which could be encrypted SAN or encrypted SAS drives or what have you.
-
Do you have to use a Sync folder to Sync with the oC server using the oC client? The reason I ask(which may be the wrong thought process) is I don't want any of the files in my oC server to be saved locally permanently. I'd want the file to be downloaded to access and then once the changes are made and it sync's with the server I'd like it to be deleted. Is this possible? Am I thinking about this incorrectly?
-
@wirestyle22 said:
Do you have to use a Sync folder to Sync with the oC server using the oC client? The reason I ask(which may be the wrong thought process) is I don't want any of the files in my oC server to be saved locally permanently. I'd want the file to be downloaded to access and then once the changes are made and it sync's with the server I'd like it to be deleted. Is this possible? Am I thinking about this incorrectly?
How can you "sync" on save if you download manually?
Obviously, the sync client handles all of this.
If you do not want that, then you have to deal with teaching people how to download and upload files.
But you still have a local file when you do that.
What forces the user to delete the local file after editing?
-
You can add an application to ownCloud to get online editing capability if that is what you want.
-
@JaredBusch said:
You can add an application to ownCloud to get online editing capability if that is what you want.
This is absolutely fantastic. I need to look a the apps obviously. Thanks!
Edit: Actually I can't do what I may need to. I'll explain below.
-
@JaredBusch said:
You can add an application to ownCloud to get online editing capability if that is what you want.
Is this the same as using Google Docs or MS's Web Office? How's the feature set in this online editing solution?
-
Let me explain my situation in more detail to be as accurate as I can be. I basically have a ton of sites that aren't connected to the domain. They are logging into a local account and accessing everything through a terminal server with their domain credentials. I don't want a local account that has access to all of these files basically. What do you recommend @JaredBusch ?
-
@wirestyle22 said:
Let me explain my situation in more detail to be as accurate as I can be. I basically have a ton of sites that aren't connected to the domain. They are logging into a local account and accessing everything through a terminal server with their domain credentials. I don't want a local account that has access to all of these files basically. What do you recommend @JaredBusch ?
So let them have access to the things via the terminal server?