Hiding my Own Cloud Using OpenZiti

Actieve
5 min readApr 13, 2022

When Dropbox first started I was thrilled to get gigs and gigs worth of cloud storage for nothing!

Then, as time passed by, and Dropbox became more and more popular it seemed as if I was constantly asked to upgrade my storage for every little file I added.

Thus is life with all tech, its cheap until it isn't.

Well frugality and the unknown set in. I didn’t want to share my personal files or my company files with Dropbox to the tune of $25 a month! Why would I do that when I could pick up a 2 TB hard drive on Amazon and host my own files. Doing it that way pays for itself in just three months…

(See Cheap Hard Drive at Amazon and figure out how to get some royalties for this link!)

Plus, I have a tinfoil hat wearing friend who once told me that he kept a bunch of his personal work on Google Drive for some years. That was, he did, until the day Google poached him to work on things for them! Why did they approach him? Because of what they had seen in his docs!

Seems everyone is a spy these days and whether or not I wanted to believe said story, I did not want to take the chance. I cannot lie, I am fearful of crazy things myself from time to time. I still swear Marilyn Manson ripped off the demo tape I sent in as a teen to Nothing Records in the 90s and released a similar version of Tainted Love. (Mine was better)

So, I ventured out to find another solution and happened on the open source project Own Cloud. God forbid someone steals the way I use NodeJS to make interfaces or someone finds that photo I have hidden of that night in LA I got hammered with a Porn star! Thus began the grueling process of installing Own Cloud on one of my home computers.

Follow, this process, I cannot begin to do these steps in this article.

Personally, I used Windows SubSystem for Linux (WSL) because I am running on a windows machine, but use whatever you are comfortable with it does not matter. Once I had Own Cloud installed, I wanted to be sure it worked. In the install steps I had set the port to 80 and after starting the service I am able to navigate to “http://localhost" and see the login screen:

Perfect right, sure, but now I want to access that service without opening and forwarding router ports and rules and just ugh... Security holes.

If you have been following my previous posts and you have WDE running on the server and your clients look at how hard it is to add Own Cloud!

That's it, we are done, now you can type owncloud.ziti into your browser and login to the web UI or add it to the client and get it synching files like this:

Note: whatever domain you invent must be added to trusted_domains in the config.php inside of OwnCloud.

Easy Peasy!

Just for reference though, I will show you the policy setups, in the event you did not look at my previous articles.

  1. I use ZAC, Ziti Admin Console. Just pull it down, “npm install” and “node server.js” will give you a UI to setup what you need, add your edge controller at the login screen and you can continue. (Fun Fact: ZAC launches on port 1408 to give homage to the John Cusack movie of the same name…. I know…. haunting right?)
  2. Install the Ziti Desktop Edge client on the device you are hosting Own Cloud in and on any devices you wish to access Own Cloud.
  3. Create two identities (or use ones you already have), name them whatever you want, I normally do Server and Client but that does not really make much sense since I could host some services on the client and access them from the server and vice versa. (But I digress, just whatever is going to host own cloud and whatever is gonna access it)
  4. Add the generated Jwt to the respective devices (Own Cloud Server and your Client)
  5. Boom goes the dynamite?!?! (Not Quite yet), you will have to authorize the service access via policies.
  6. Create a Policy for the Server/Identity that is hosting Own Cloud. Use “Bind” for a type.

7. Create a Policy for the Client device(s) to access Own Cloud. Use “Dial” for a type, like you are calling someone. (I always imagine my computer rotary dialing this stuff)

Now….

Boom goes the dynamite!

Well you know.

No open ports, no data leaks, and no worrying about Larry Page stealing any IP he is Super Pumped about…. You have been blessed with your own, home, file cloud!

WOO HOO!.. but sharing wont work without your the person you are sharing with having an identity (That’s how secure it is)

Also, on the plus side, I can login from any of my own personal devices and no-one will ever see that secret photo of me drunk with a porn star in LA. But if for any reason I ever need it, I can I have access at my fingertips! And if you’re lucky enough… maybe I’ll give you an Open Ziti identity and let you view it. Nah… prolly not…

Oops, Sergey is totally gonna wanna poach me now…. No Chance Google!

Zero Trust cloud file system access at the low low cost of Zero dollars a month and you can have any size Dropbox setup you want!

Well you do have to buy the hard drive.

(IT Tech Tip #1: Buy an external drive, break open the case, and install it in your server. It’s actually cheaper most of the time!)

Follow me @actieve for more money saving tips and tricks!

--

--