{"id":240,"date":"2020-03-22T17:21:28","date_gmt":"2020-03-22T16:21:28","guid":{"rendered":"https:\/\/blog.nubisoft.pl\/?p=240"},"modified":"2020-03-22T20:49:58","modified_gmt":"2020-03-22T19:49:58","slug":"nextcloud-with-wasabi-s3-part2","status":"publish","type":"post","link":"https:\/\/nubisoft.io\/blog\/nextcloud-with-wasabi-s3-part2\/","title":{"rendered":"NextCloud with Wasabi S3 (Part2)"},"content":{"rendered":"\n

This post is the second part of the previous, the most read one on our blog. After the technical introduction on how to deploy NextCloud using the containerization approach made in Part1<\/a>, we explained basic functionalities of Wasabi S3<\/a>, to show in this post, how to glue it all together to get functional and reliable cloud private file-sharing services.<\/h2>\n\n\n\n

For those who just look for an easy way of using NextCloud services, I would recommend buying ready-to-use offers from many more or less reliable providers giving more or less (usually very little to be honest) customizable functionalities. So if you want to take a shortcut then look here<\/a>. Also, if you just want to install NextCloud on your VPS in the easiest way possible just to try it out – this post is also not for you, but you will certainly find many others<\/a>. This post, however, is for those who want to use NextCloud as their basic file sharing system for the needs of commercial activity, which depends on the availability of company data, the possibility of easy professional cooperation, and so everything that increases efficiency affecting the satisfaction of the final customer \ud83d\ude09 Even now, when I’m writing this post, I use a disk connected to NextCloud, which replicates the file with this post to the Wasabi S3.<\/p>\n\n\n\n

When we started the NextCloud implementation at NubiSoft<\/a> we approached it without much thought and we naturally created accounts in NextCloud for each team member and additionally one bucket in Wasabi storage for each of them. In this way, everyone had their NextCloud directory on the local computer (or several of their computers) in which one of the sub-directories was mapped onto a bucket in Wasabi. Every team member had configured it by itself using its own Wasabi API key. And it started a real Armageddon! – Everyone in the company responsible for some area shared on their own some files, in their opinion worth sharing, with others. This led to a lack of control over the structure of the company’s resources, their location, and the management of their availability. After a month, terrified by the growing mess, we backed up all important resources in one place and turned off our NextCloud server to calmly think about what mistakes we made and how to avoid them on the next attempt.<\/p>\n\n\n\n

This time, we assumed that the most important thing is security and order in the structure of our electronic company resources, and since they are deposited in Wasabi at the end, the primary goal is to maintain order there. NextCloud (or it could be OwnCloud or something else) is just a platform that provides an interface to our PCs. Our thoughts are illustrated in the implementation diagram below. <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

We will now show you how to configure the entire system for sharing resources within one group of common interests (on the basis of this, of course, you can create many different groups – e.g. separate for production dept, sales dept, etc.). First, you need to create a secondary account in Wasabi that will not be a root account – this is dictated by security reasons. Then create a bucket or even two as in our case – one will be for everyday files, which are often subject to editing or deleting, and the other for important resources, whose changes will be stored with accuracy to each version and even in the case of logical deletion, it will still be possible access to them. Importantly, for security reasons, the previously created user will be restricted to only the two previously mentioned buckets and the policy mechanism is used for this purpose.<\/p>\n\n\n\n

{\n  \"Version\": \"2019-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": \"s3:ListAllMyBuckets\",\n      \"Resource\": \"arn:aws:s3:::*\"\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": \"s3:*\",\n      \"Resource\": [\n        \"arn:aws:s3:::next.corpo\",\n        \"arn:aws:s3:::next.corpo\/*\",\n        \"arn:aws:s3:::next.dev\",\n        \"arn:aws:s3:::next.dev\/*\"\n      ]\n    }\n  ]\n}<\/pre>\n\n\n\n
 All that’s left is to set up retention policies in line with our requirements. In our case, we left default values for the dev <\/strong>bucket and event versioning and logging enabled for the corpo <\/strong>bucket.  After that, we only generate the API key and we have finished playing at Wasabi. <\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
 In NextCloud, for one user who is the head of a given interest group, we configure two external storages<\/strong>. <\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
.. and in the folder view, we have to share these two external storages with a group of interest (defined as a group in NextCloud).<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
 From now on, each member of the group sees (on their PC) two shared folders that are replicated between their computers and additionally stored in a cheap, reliable and secure place at Wasabi Systems. <\/p>\n\n\n\n
That is all. And you? What techniques do you use to share and secure your company resources with the team? <\/strong><\/p>\n\n\n\n
Another view angles<\/h4>\n\n\n\n
  1.  You may ask why we use Wasabi versioning for the corpo bucket<\/strong> since NextCloud also implements versioning? Well, versioning in NextCloud, because it is implemented on local resources (i.e. in our case VPS) is volatile and therefore we do not trust him too much. VPS itself has an availability of 99.95% which is a much smaller indicator than Wasabi Cloud.<\/li>
  2.  Does the above mean that NextCloud versioning is not useful for us? Nor! Once a perplexed teammate asked me if I would be able to recover a file that he accidentally overwrote, and it wasn’t a file from the versioned corpo <\/strong>directory, but from the ‘plain’ dev <\/strong>directory. I told him to recover the file using the NextCloud web client – the NextCloud platform is great in this respect – it manages the number of stored versions itself depending on the free disk space. Although our VPS is not very big, thanks to NextCloud we can recover versions of all files even a dozen or so days ago.<\/li>
  3.  You could ask how stable our NextCloud implementation is and do we have any problems with it? Absolutely none! Look at the picture below! <\/strong><\/li><\/ol>\n\n\n\n
    • \"\"<\/figure><\/li><\/ul><\/figure>\n","protected":false},"excerpt":{"rendered":"
      This post is the second part of the previous, the most read one on our blog. After the technical introduction on how to deploy NextCloud using the containerization approach made in Part1, we explained basic functionalities of Wasabi S3, to show in this post, how to glue it all together to get functional and reliable […]<\/p>\n","protected":false},"author":2,"featured_media":71,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_case_study_excerpt":"","footnotes":""},"categories":[5,4],"tags":[24,23,12,13,14,15],"class_list":["post-240","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-infrastructure","category-productivity","tag-docker","tag-dropbox","tag-file-sharing","tag-nextcloud","tag-s3","tag-wasabi"],"_links":{"self":[{"href":"https:\/\/nubisoft.io\/blog\/wp-json\/wp\/v2\/posts\/240","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nubisoft.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nubisoft.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nubisoft.io\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nubisoft.io\/blog\/wp-json\/wp\/v2\/comments?post=240"}],"version-history":[{"count":16,"href":"https:\/\/nubisoft.io\/blog\/wp-json\/wp\/v2\/posts\/240\/revisions"}],"predecessor-version":[{"id":262,"href":"https:\/\/nubisoft.io\/blog\/wp-json\/wp\/v2\/posts\/240\/revisions\/262"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nubisoft.io\/blog\/wp-json\/wp\/v2\/media\/71"}],"wp:attachment":[{"href":"https:\/\/nubisoft.io\/blog\/wp-json\/wp\/v2\/media?parent=240"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nubisoft.io\/blog\/wp-json\/wp\/v2\/categories?post=240"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nubisoft.io\/blog\/wp-json\/wp\/v2\/tags?post=240"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}