AWS EC2/S3 Setup & Configuration
Modify EC2 Instance Security Group
In order to be able to access the EC2 instance hosting NextCloud a security group will have to be created and modified to allow access to specific IP Addresses to the specific ports of the instance. This can be used as a security mechanism to only allow access to NextCloud for specific IP Addresses which the clients are currently utilizing. Alternatively you can allow access to port 443 for all IP addresses in order to make your NextCloud instance public.
Navigate to your EC2 Dashboard in AWS
Click on “Security Groups” in the left-hand side navigation bar.
Select the security group attached to your NextCloud EC2 Instance.
Edit the inbound rules to include your IP Address and the ports utilized by NextCloud.
Default Ports: 80 (HTTP), 443 (HTTPS), 22 (SSH)
you can now login remotely and manage your NextCloud server using your_Instance_ip (If you have already setup a domain as well you can just use your domain name)
Create an S3 Bucket
These steps are utilized in order to generate a S3 bucket to be utilized with NextCloud. You can also create multiple S3 buckets if you prefer but the policy in the next step would have to be modified accordingly.
These steps outline the necessary steps to create an IAM policy which will be utilized to grant specific action access to the NextCloud EC2 instance. Creating this policy followed by an IAM role will enable you to grant S3 bucket access to a specific S3 bucket without needing to utilize an accessKeyId and secretAccessKey which can be problematic if compromised.
Click on Roles followed by clicking “Create Role”.
Select the AWS Service option followed by selecting EC2 option in the Use Cases list followed by pressing “Next”.
Select the policy you have created in the previous step followed by clicking “Next”.
Provide a name and description for your role followed by pressing “Create Role”
Navigate to your EC2 Dashboard and select the EC2 instance currently running your NextCloud server.
Click Actions, in the dropdown menu hover over security, and click modify IAM role followed by selecting your newly created role.
S3FS & XQFS Setup & Configuration
sudo vi /etc/fstab and add an entry on a new line with the following content (Replace BUCKETNAME with your specific buckets name)
BUCKETNAME /bucket fuse.s3fs _netdev,allow_other,iam_role=auto 0 0
sudo mount -a
In your /bucket directory you should now be able to see all the contents within the S3 Bucket.
NextCloud External Drive Configuration
Setup Bucket Connection within NextCloud
In the following steps we are adding the S3 mounted directory as a storage location accessible within NextCloud. User access controls can be controlled within NextCloud allowing only specific users to access specific drives. It is recommended that within NextCloud you implement 2FA protocols which can be configured through the NextCloud apps and/or use Microsoft AD support.
Login to your NextCloud server using your_Instance_ip (If you have already setup a domain as well you can just use your domain name)
Click your profile on the top right followed by the ‘+ Apps’ option in the dropdown menu.
Enable “External Storage Support” from the Apps menu.
Click back on your profile on the top right followed by clicking settings.
In the settings screen you should now see “External Storage” as an option under “Administration”
In your “Files” you should now see the directory you just added - any data added to this directory will be encrypted and stored on the S3 bucket.
Setup Bucket Connection within NextCloud (Optional - Client Side XQFS Deployment)
Similar to the above In the following steps we are adding the bucket as a storage location accessible within NextCloud. User access controls to specific locations within the bucket can be controlled within NextCloud allowing only specific users to access specific drives. It is recommended that within NextCloud you implement 2FA protocols which can be configured through the NextCloud apps and/or use Microsoft AD support. These are the steps you would take if users were utilizing local deployments of XQFS and simply using NextCloud as the connection to their S3 storage location.
Login to your NextCloud server using your_Instance_ip (If you have already setup a domain as well you can just use your domain name)
Click your profile on the top right followed by the ‘+ Apps’ option in the dropdown menu.
Available For: You can input specific users or user groups who should have access to this directory.
In your “Files” you should now see the directory you just added - any data added to this directory will be encrypted and stored on the S3 bucket.
Негізгі бет Use NextCloud with XQ Zero Trust Encryption and Data Monitoring
Пікірлер