If you are current using Nextcloud / Owncloud or other PHP-Kits for File Handling you should know these remarks:
Based on this Article
You must know:
- Details of Security about your current used PHP Versions (7.X)
- Details of your used Database Version (MySQL..)
- Details of hardened OS and Webserver Version (Apache,Firewall,fail2ban,file policys, selinux, apparmor filter)
- See ALWAYS PHP-Kits of opensource with the trust of NON HARDENED SOFTWARE (prefer NON-PUBLIC ACCESS)
- You can ACCESS this Software thru SSH TUNNELS with a local running non-caching PROXY (privoxy)
- Use the SSH Tunnels on unknown Ports and Login via Key Files which must be unlocked by LONG PASSWORDS
- Public ACCESS is ALWAYS a RISK if YOU didn’t have the KNOWLEDGE of the SOURCE CODE!
Howto read here
If you want to use a private secure owncloud (WebDAV Space Server) as Backup for all your devices you can harden the access thru a openssh Login with key auth and a squid as relay.
- Install apache2, php5, mysql-Server, openssh, squid3
- config Apache2 to listen on https://localhost:443
- setup squid3 and config the Proxy to listen only on localhost:3128
- install owncloud to /var/WWW with forced „https“ settings at the config.php
- create ssh-keys to auth with password protected key to the SSH Server
If done, you can access the private Backup-Server via a Terminal/ Putty with the Tunneling Options
- $ssh -L 3128:localhost:3128 firstname.lastname@example.org
- Open your Browser on your Client/PC with enabled Proxy usage = localhost 3128
- Connect the WebDAV by the URL https://localhost/ the owncloud Login should be displayed! Same with the WebDAV URL possible!
Advantage? You have a two factor protected Owncloud Access, with encryption inside a encrypted SSH Tunnel! Nobody should see files which are transmitted! Thats a tube inside a tube ..