OC9.1,Centos7, PHP7, REDIS - Encryption cannot be turned on

9.1.x
help

#1

Steps to reproduce
1.Install Centos7, PHP7, OC9, redis
2.Attempt to Activate encryption from within OC
-Encryption turn on in Server settings, but encryption module in "modules" section cannot be enabled.

Expected behaviour
Use Encryption

Actual behaviour
Encryption will not activate, error message stating that configuration is unstable.

Server configuration
Operating system: CentOS7 (Latest)
Web server: NGINX : 1.10.2
Database: MariaDB 5.5.52
PHP version: 7.015( from webtatic Repo)
ownCloud version (see ownCloud admin page): Latest Production (9.1)

-All Storage is local
-All server components are local.
-REDIS is operating on UNIX Sockets mode.
There are no errors to list because I cannot activate encryption with REDIS enabled.


#2

Hi,

not directly related to your issue itself but before enabling server side encryption please read and understand the first red box at [1]. If your storage is only local it makes no sense to enable server side encryption as it won't protect your data on the local disc.

[1]

https://doc.owncloud.org/server/latest/admin_manual/configuration_files/encryption_configuration.html


#3

So this sentence from: https://doc.owncloud.org/server/latest/admin_manual/configuration_files/encryption_configuration.html

"ownCloud server-side encryption encrypts files stored on the ownCloud server, and files on remote storage that is connected to your ownCloud server"

Is not true?


#4

This is the important part:

Encryption keys are stored only on the ownCloud server, eliminating exposure of your data to third-party storage providers. The encryption app does not protect your data if your ownCloud server is compromised, and it does not prevent ownCloud administrators from reading user’s files. This would require client-side encryption, which this app does not provide. If your ownCloud server is not connected to any external storage services then it is better to use other encryption tools, such as file-level or whole-disk encryption.

Your server has only local storage ->It makes no sense to use the encryption app and gives you a false sense of security which it doesn't provide.


#5

I have understood the encryption issues before I started - no encryption on earth would prevent a data breach if owncoud was compromised; whole disk encryption is made awkward due to the fact this is virtualized on Hyper-V. The encryption on owncloud is mainly to fulfill the encryption requirement of a SAS "data on disk" audit and to prevent a data breach from the backup user standpoint.
Whole disk level encryption is not an option.
Anyway; does anyone have a clue why the encryption module would have issues with REDIS? I ask because it REDIS really does speed up Owncloud by a major percentage.


#6

If there is an issue with redis then please report it directly to the developers. They won't notice this in here.

https://github.com/owncloud/core/issues