Posts Tagged ‘ownCloud’

Migrate ownCloud to Nextcloud and protect it against brute force attacks with fail2ban

Updated on 2017/09/23: Fixed code in jail.local. Thank you Marco Lazzarotto!

Here is what I have done to migrate my ownCloud installation to Nextcloud. My installation is configured with the data directory outside of the webservers document root. To my surprise, the process was simple and painless.

  • First, I have updated my ownCloud installation to version 9.0.2, which I think is the newest BETA version, via the updater app.
  • Then I have made a full backup of the MySQL database via mysqldump and a full backup of the domains directory structure with tar (because of its size via sshfs to another server with sufficient space). There are howtos which are recommending exporting calendars and contacts prior to the migration, but I did not see what it should be good for after a full backup (and I do have filesystem snapshots on top of that).
  • The next step was to delete everything in the ownCloud installation directory but /config, /data (and the /data direcory outside the document root of course) and /themes.
  • After that I have extracted the Nextcloud 9.0.52 release ZIP just over what was left of my installation and then I have changed owner and group of the extracted files to the run user and group of the domain.
  • Now it’s been time to point my browser to the GUI of the new Nextcloud installation and just walk through the steps.
  • To finalize the migration I had to reactivate the calendar and contacts app.

To tighten the security of my Nextcloud installation a little, I have configured fail2ban to react on failed login attempts.

First you have to tell Nextcloud that you want to write a log file in /path/to/Nextcloud/config/config.php

The next thing to do is to configure a filter definition /etc/fail2ban/filter.d/nextcloud.conf to tell fail2ban how to find IP-Adresses to ban:

Then you have to add a jail definition to /etc/fail2ban/jail.local (yep, I know that I have long bans)

You can test your configuration with these commands: