In this part of our home network security series, we show you how you can use your Turris Omnia as network-attached storage (NAS) via Nextcloud. Your local Nextcloud server keeps your data within your home network. You can share files with your family members and other devices at home. There is no need for flash drives or online storage.
Compared with NAS via SMB, this option is easier to implement; however, the RAM usage may be higher.
Always stay in the loop!
Subscribe to our RSS/Atom feed.
For this guide, we need:
- our Turris Omnia that is connected with our computer and the internet
- an installed and empty mSATA drive (see part 3a for installation instructions)
- an SSH client on our computer
Step by step to your NAS using Nextcloud
This time, we use the “Storage” module of Foris OS to format the mSATA drive and then install Nextcloud via LuCI and the CLI.
Step 1: Format and set the mSATA (Foris)
First of all, connect to your Turris Omnia using your web browser (e.g., https://192.168.1.1/foris/config/). Log in and go to “Storage.”
There should be a red warning message like:Device currently in use is … (internal flash)
Your mSATA drive should be selectable below (e.g., “sda”).
Select your device and click on “Format & Set.” After confirming this choice, your Omnia formats and sets your drive and then reboots. Log in again and check whether your drive is in use now (see image below). The file system is “btrfs” this time.
Step 2: Download and install Nextcloud (CLI)
Now, we must download the Nextcloud packages via the CLI. Connect to your Turris via SSH: ssh email@example.com. Use the password for “advanced administration” like configured in the first part of this series.
Enter the following commands: echo 'Install("nextcloud-install")' >> /etc/updater/conf.d/auto.lua and pkgupdate.
You should get a list of packages that your Omnia wants to install. Then, you should see the following output:Press return to continue, CTRL+C to abort
Press ENTER to proceed. The Turris downloads and installs Nextcloud from the Turris repository.
Start the installer by entering sudo nextcloud_install. Enter YES if you want to use the automatic setup. In our case, the configuration is stored in “/srv/www/nextcloud/config/config.php.”
When asked, “What should be admins login?” enter a username for Nextcloud. Then, when asked, “What should be admins password?” enter the password for this user account that is used for Nextcloud.
Step 3: Optionally secure the MySQL database (CLI)
After installing Nextcloud, you may have to configure your MySQL database. Enter sudo /usr/bin/mysql_secure_installation.
Confirm the initial password prompt with ENTER since we haven’t set a password before. Then you can set the “root password” of the database. After that, you have to press Y several times:
- Remove anonymous users? [Y/n] Y
- Disallow root login remotely? [Y/n] Y
- Remove test database and access to it? [Y/n] Y
- Reload privilege tables now? [Y/n] Y
All done! Disconnect your terminal and close it.
Step 4: Optionally enable hd-idle (LuCI)
You can optionally set the idle mode as described in our previous article for your mSATA drive in LuCI:
- Go to Services / hd-idle.
- Enable hd-idle for “sda.”
- Save & Apply your settings.
- Go to System / Startup.
- Check whether “hd-idle” is enabled and running.
Step 5: Open Nextcloud in your web browser, and complete the setup
Open your web browser and enter https://192.168.1.1/nextcloud (change the IP address accordingly). Enter the username and password that you set before. You should see your Nextcloud instance (see image below).
Go to https://192.168.1.1/nextcloud/index.php/settings/admin/overview, and look for any warnings. Carefully evaluate each warning.
Step 6: Enable advanced security settings of Nextcloud
In your web browser, go to https://192.168.1.1/nextcloud/index.php/settings/admin/security. On this page, you should enable server-side encryption by clicking “Enable server-side encryption.” You may need an encryption module for this. We found it on https://192.168.1.1/nextcloud/index.php/settings/apps/disabled, and set it to “Enable.”
Then, go to https://192.168.1.1/nextcloud/index.php/settings/admin/sharing, and disable options that are irrelevant for your setup. Check also the security apps page: https://192.168.1.1/nextcloud/index.php/settings/apps/security.
- Enable and enforce HTTPS (encryption of data in transit).
- Check all settings of your Nextcloud instance.
- Keep in mind that users of the guest network of your Turris Omnia can’t access your Nextcloud instance since they are in another VLAN.
- If you want to access this Nextcloud instance remotely, use a VPN.
This article is part of the Home network security series.
Read other articles of this series.
Nextcloud on your Turris Omnia keeps your data within your local network. You don’t need to trust any cloud server providers or other online parties. Besides, you don’t need additional hardware at home.
- May 16, 2020: Updated the installation guide and steps to secure Nextcloud. Removed notes on RAM usage since we didn’t observe this anymore.