Now, the data is backed up on cloud and the local data integrity is maintained using RAID 10 array on Raspberry Pi 4. If, the client is staying the the home network, then the files from the Raspberry Pi RAID mount path can be accessed through the network. But, if the person leave the home network and still needs access to the files, that can be fulfilled by deploying a private cloud solution with the data which is in the S3 bucket so that the clients can access the files from anywhere in the world with the help of internet. User authentication is included to make sure the data is only accessed by authorized users and not by other anonymous users or hackers. Also, the IP Addresses of the users which are allowed are entered into the Security Group of the VPC, which will make sure only allowed IP ranges are allowed to access the files. Additional layer of encryption can be applied by implementing CSE or Client-Side Encryption.
There are tools already available which enable us to self-host private cloud service on to the EC2 instance (Compute Service from AWS). The most used solutions for this kinds of applications are Filecloud, Nextcloud, One-cloud, etc. After setting up and comparing all the solutions for private cloud hosting, finally Filecloud and Nextcloud are selected for comparison. Filecloud is robust solution in creating private cloud and it is also used by many businesses and companies for their private cloud storage solutions. But, when it comes to Filecloud, the configuration is a bit more complex and configuring AWS S3 files with Filecloud seamlessly is not possible as it has some limitations. Nextcloud on the other hand is capable of offering more flexibility and the user interface in Nextcloud is much more simpler and understandable compared to the user experience of Filecloud. Also, Nextcloud can be integrated with external storage like AWS S3.
The resources required for the EC2 instance which hosts the private cloud solution (Nextcloud) are deployed automatically on cloud with the help of a YAML configuration document called Cloud Formation Stack. Cloud Formation is a AWS Service which enables us to create configuration files in YAML which can be used to deploy the infrastructure and all the needed resources and services. The Cloud Formation file for Nextcloud instance is as follows:
Here the Cloud Formation Stack creates various resources in a orderly fashion and are connected to each other. In the above Cloud Formation YAML file, first the Security Group is created which allows inbound traffic from ports 22 (Secure Shell or SSH), 80 (Hyper Text Transfer Protocol or HTTP), 443 (Secured Hyper Text Transfer Protocol or HTTPS). This Security group is then used while the EC2 instance is being created to create a firewall to the EC2 instance. The instance is created with the given attributes and the Userdata. Userdata is a bash script which is run at the time of first boot and this is generally used to install needed packages and to create configurations during the first boot. Here, the installation and configuration of Nextcloud are being configured in the Userdata of the EC2 instance so that the configuration is completed at the time of first boot itself instead of manual installation and customization. After the instance is created and the security group is attached to the instance, the Elastic IP for the instance is created. Elastic IP is like a static IPv4 address that can be attached to the instance to make sure that the public IP address of the EC2 instance is static. If Elastic IP is not attached to the EC2 instance, after a reboot or shutdown, the Public IPv4 Address will be changes and this gives a lot of trouble when the IP address is associated with a domain name using a A record in AWS native DNS Service called Route 53. The Elastic IP is created and that is associated with the EC2 instance. Lastly, a A record will be created for the attached static address (Elastic IP) in the AWS native DNS Service, Route 53. Now the web page has a Fully Qualified Domain Name which can be accessed from any device in the world through internet.
After the application is successfully deployed on the server, if the web page is accessed, the website will be working on HTTP protocol and not HTTPS protocol. So the website is not getting Encryption on flight and this is a security issue. To make sure that the web page works on HTTPS protocol, we have to run a script to register the device and the domain name o gets SSL/TLS certificates. After registering and downloading the TLS certificates, now the website will have a HTTPS protocol and now the connection to the website is secure.