Results 1 to 2 of 2

Thread: Nextcloud with MariaDB (separation)

  1. #1
    Join Date
    Feb 2019
    Location
    Virginia
    Beans
    36
    Distro
    Ubuntu 18.04 Bionic Beaver

    Nextcloud with MariaDB (separation)

    I’ve read its best to separate the two onto separate servers. Is this for security reasons? What if the only application using the DB is Nextcloud should they still be on separate servers?
    Last edited by aljames2; 3 Days Ago at 04:49 AM.

  2. #2
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    16,004
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Nextcloud with MariaDB (separation)

    Quote Originally Posted by aljames2 View Post
    I’ve read its best to separate the two onto separate servers. Is this for security reasons? What if the only application using the DB is Nextcloud should they still be on separate servers?
    What is best depends on the size of your deployment and number of concurrent users and how you are deploying. There are rules of thumb for when a separate, physical, DB server is best but no exact _you must use another server system_ mandate.

    A properly secured server is secure whether the webapp and DB runs on the same machine or not. If they are on the same machine, then the DBMS should only listen on the localhost interface. If they are on different machines, then the DBMS should only allow traffic FROM the webapp servers and nowhere else by using the firewall for inbound and outbound connections.

    I'm not confident enough to believe I can actually secure a php webapp, so I don't allow it to be available on the internet. To access nextcloud, I require a full VPN or ssh-SOCKs proxy be used to get onto the LAN first. But different networks will have different needs for security. If I put a nextcloud instance onto some cloudy service, my security stance would be completely different. Actually, I wouldn't know where to begin, since I don't believe there is any security when you put sensitive data on someone elses disks, on someone elses computer, at the end of someone elses network. But that's me. I have issues with data being outside my control. My common sense doesn't allow me to get passed those issues.


    IMHO.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •