Hosting ownCloud

In another thread @Mufasa and I got started discussing hosting options for ownCloud and I thought this would be an interesting topic:

  • Where do you host your ownCloud instance?
  • What do you / what do you don’t like about your provider?
  • Are you using docker or not?
  • You don’t trust anyone and only host on premise on your own hardware? Tell us about it!
  • EDIT: How do you backup your installation?

I’ve had a vultr $US 2.5 / month VPS for quite some time. But they have crippled the product by removing the IPv4 addresses. To get IPv4 you now have to pay $US 3.5. Also they are not available in all regions, so they are a little bit harder to come by and to work with.
My instance was in Sydney and now being back in Europe you definitely noticed the distance when trying to access it.

So I switched to Hetzner, who have a € 2.96 / month VPS with pretty decent resources for the price. At the moment I’m still using a standard Ubuntu 18.04 VPS but I want to switch to Arch Linux with full disk encryption and dropbear SSH in initramfs - one day when I have time…

I’m not using docker because with these low resource VPSs it’s too much overhead in my opinion.

Alibaba Cloud is trying to undercut AWS with another $US 2.5 plan, but I haven’t used this one, so I don’t know more about it.

Doing a quick search I found Aruba Cloud which is also offering sub € 3 / month plans but excluding VAT.

So not quite € 2 more like € 3, which is still very good in my opinion.

Other Hosting providers like Linode and DigitalOcean start at $US 5 / month

1 Like

Hello,

it’s an interesting topic, the only bad thing in these providers is the disk space which is around 20GB/30GB, it’s quite low, if you set the encryption you lose even more space. (35% disk space) Let’s be honest it’s so cheap that it’s fine, I’m just being annoying here :rofl:

To contribute further to the topic, there is also OVH VPS it’s 3€/month excluding the VAT, it’s OK to host a ownCloud.

In my case, I work for a hosting company and we build our own infrastructure as a code for ownCloud. (not using Docker :innocent::grinning:) So I also personally use this solution but it’s more of a professional one and the cost is obviously different. (it starts at 20€/month excluding VAT for a 100GB) It’s quite expensive but you don’t deal with installation, upgrades (obviously ownCloud ones and our improvements), encryption, monitoring/supervision, backups and support. For those interested you may contact me, end of the ad !

How do you deal with disk space ? I mean 20GB can be quite low mostly if you have relatives addicted with pictures :smiley: Well for now I use ~3GB but I didn’t upload much yet (it’s only 1 year of pictures).

Cheers.

1 Like

I don’t really need that much disk space either, 20GB is enough for me. But I was thinking of trying out the block storage on Hetzner it’s about € 5 / month for 100 GB and that should be heaps.

If you do full disk encryption you don’t lose any disk space and you don’t have the encryption/decryption overhead in PHP, but it obviously doesn’t offer user separation.

Another topic I forgot to mention in the initial post is backup. I haven’t really set up mine yet, because I have all my data multiple times anyway, but I’m looking into using Backblaze in the future.

For the cost it’s fine I suppose, but I doubt you have LUKS encryption or such which makes you use ownCloud’s encryption.

Well true, though you can do an LVM volume with its own LUKS encryption for each ownCloud you host or even for each user, it’s a hassle. I chose to keep the ownCloud encryption, it’s more stable now even though I’m still a bit concerned sometimes about its behavior. The PHP overhead is now lesser but true that it used to be one huge pain in the *ss. Careful about the storage of the master key, if you can don’t host them on the same machine you have the data, if someone steals the disk he could access all the data ! It also seems the master key is stored in the database, but yet I sadly don’t know more about it.

Yep it’s one important point that can’t be put away :slight_smile: I don’t know this service at all yet, I doubt you can have encrypted disk with it though. I’d suggest to send only encrypted files there, well it’s a basic rule
to me for any cloud solution anyway.

You don’t by default but I think you should be able to use it.

Again not by default, but you can use a backup tool like duplicity, where you can use Backblaze as a backend for GPG encrypted tar backups. There is also this interesting wrapper script for it:

What are you using as backup solution, @cs35?

I doubt you could since you have to type the password or use a key to open the LUKS, I don’t think they would have developed this feature for such a low cost but that would be cool !

Yeah good call with duplicity, I use it personally to backup my servers, it’s really a good choice. There is also borg but I didn’t use it much so I wouldn’t advise it or not. For ownCloud one would backup both the data and the database (basic mysqldumper is enough).
At work we have our own solutions and also using rsync like duplicity :wink:.

1 Like

If the hoster offers a console you can use full disk encryption, I have used it with Linode, vultr and Hetzner. As GRUB supports encryption you can even have /boot encrypted.

But it defeats the purpose a little, because you’re still dependent on the hoster’s console not being manipulated and not have a keylogger installed and snoop off your passphrase.

Another implication is your server is no longer reboot proof, because you have to log in via the console after every reboot, but this is by design and I don’t see a solution for this.

But there is the possibility to include an SSH server inside the initramfs, which is being loaded before the actual system, before your root partition has to be decrypted. I’ve found the following guide for Arch Linux on Raspberry Pi so you should be able to adjust it for your particular distribution and situation.

I haven’t tried this yet, but I’m planning to give it a go.

Now the only things you have to worry about is somebody fiddling with your boot partition or somebody reading the keys in memory while unlocked, I haven’t looked into what kind of options you have there yet.

I do think though keeping your data at rest safe is a huge plus, and if you’re with a good hoster a reboot without notice should be extremely rare.

1 Like

It’s true, though I don’t know how the block storage is exposed for Hetzner so I assumed badly, and sure you can fully encrypt but it’s more of a hassle on some small VPS. If you don’t manage yourself the hypervisor, the hoster can dump the RAM and get your data, or an attacker on the hypervisor.

One good point about using ownCloud’s encryption is if you have your storage on a different server than your ownCloud. The data gets encrypted by PHP and stored encrypted directly. So let’s assume someone breaks in on your storage server, one will only access encrypted data (if your master keys are hosted elsewhere too obviously). With LUKS encryption, if someone breaks your storage, one can get all your data unencrypted.

To sum up my point of view:

  • full disk encryption protects you from disk stealing, and not intrusions
  • ownCloud encryption’s (when set properly, so with different servers) protects you from disk stealing and also intrusions on the storage server

Well, fell free to comment it’s an interesting subject even though maybe it’s not really a matter when you host on a small VPS since it requires quite some technical knowledge. It’s all a matter of finding the balance between security and ease.

1 Like