Nextcloud
The end-all be-all of the cloud replacement.
- Overview
- Initial Configuration
- Deployment Configuration
- Application Interface
- Everyday Usage
- User Management
- Advanced Customization
- Troubleshooting
- Upstream Project
Overview
Nextcloud is the one-stop shop for a cloud replacement. What does it provide to its clients?
- File storage
- Collaborative Editing
- Task Tracking
- Calendar Synchronization
- Bookmarking
- Document Sharing
- Ebook Reading
- Audio Playing
- Video Viewing
All of these and more.
With Nextcloud, almost anything is possible. It simply depends on what usage you want to take advantage of, and how much storage you are willing to account for.
As a standalone, Nextcloud attempts to provide a personal productivity suite of its own. Nextcloud provides more than file storage, it is starting to compete with other major suites of applications.
If you are looking for a storage solution that lasts forever, look to the cloud. Your data isn't going to last forever on a spinning disk or on an SSD. Unwanted bitrot on these media forms leave only cloud solutions and tape as viable options for storing data forever.
Initial Configuration
Settings
There are two different types of settings available, based on your permission level:
Personal
The following sections are available to customize out of the box:
Recommendations
- Personal Info:
- Profile Picture
- Activity
- Change which activities generate notifications, and how often they are sent
- I prefer 2x/day
- Accessibility
- Dark theme
Administrative
This is where the global settings for the Nextcloud instance, as well as the administrative settings for all of the applications lives. This list of settings will be available to all administrators right underneath their Personal settings.
Recommendations
- Support
- Community support links to Forum and Chat
- Basic Settings
- Email Server settings to be able to send emails, like for password reset and notifications
- Sharing
- Allow/Disallow types of shares
- Theming
- Set the name/color/logo/login image to instance
- Usage Survey
- Enable/Disable usage servey sent to Nextcloud devs (on by default)
- System
- Shows OS/Disk/Hardware/Network/Shares/Active Users info
Deployment Configuration
Application Interface
Web Interface
Navigating the main user interface
1) App Selection Menu
2) Apps Information
3) Application View
6) Search Field
Built-In Apps
In Nextcloud, the majority of the functionality is an "App". There are many apps that come pre-installed and pre-configured. As an administrator, you can find them under the "Apps" menu. You can read more here: https://ep20.ourcompose.com/nextcloud/settings/apps/enabled
NOTE: Starting with Nextcloud 20 - the default homepage is the application "Dashboard", instead of the "Files" application. Find out more here: https://nextcloud.com/dashboard/
The following applications are listed simply in order to make users aware of the functionality that is bundled in with a default Nextcloud install.
Activity
https://docs.nextcloud.org/server/14/admin_manual/configuration_server/activity_configuration.html
This application enables users to view actions related to their files in Nextcloud. Once enabled, users will see a new icon “Activity” in their apps menu. When clicked, a new page appears for users to track the activity related to files – from new files, to deleted files, move, rename, updates and shared activity. The user can configure their individual activity settings in their personal menu. This sets the type of activity to record, as well as whether to the user sees their own activities, whether these are only available online, and whether they get an email digest on a regular basis. More information is available in the Activity documentation.
Comments
Files app plugin to add comments to files
Deleted files
https://docs.nextcloud.com/server/19/go.php?to=user-trashbin
This application enables users to restore files that were deleted from the system. It displays a list of deleted files in the web interface, and has options to restore those deleted files back to the users file directories or remove them permanently from the system. Restoring a file also restores related file versions, if the versions application is enabled. When a file is deleted from a share, it can be restored in the same manner, though it is no longer shared. By default, these files remain in the trash bin for 30 days. To prevent a user from running out of disk space, the Deleted files app will not utilize more than 50% of the currently available free quota for deleted files. If the deleted files exceed this limit, the app deletes the oldest files until it gets below this limit. More information is available in the Deleted Files documentation.
File sharing
This application enables users to share files within Nextcloud. If enabled, the admin can choose which groups can share files. The applicable users can then share files and folders with other users and groups within Nextcloud. In addition, if the admin enables the share link feature, an external link can be used to share files with other users outside of Nextcloud. Admins can also enforce passwords, expirations dates, and enable server to server sharing via share links, as well as sharing from mobile devices. Turning the feature off removes shared files and folders on the server for all share recipients, and also on the sync clients and mobile apps. More information is available in the Nextcloud Documentation.
PDF viewer
https://github.com/nextcloud/files_pdfviewer
This application integrates the PDF.js library into Nextcloud. Using this application users can view their PDF files online without the need to download the file.
When this application is enabled publicly shared PDF documents will also get shown in the PDF viewer instead of only showing a single static snapshot of the document. The PDF viewer requires a modern browser and will not work with Microsoft® Internet Explorer® versions below 9.
PDF.js is a JavaScript library developed by Mozilla, you can learn more about the PDF.js project at https://mozilla.github.io/pdf.js/
Photos
https://github.com/nextcloud/photos
Beautiful Photo and Video Timeline
Favorites and Tagging: Favorite and tag your photos!
- Slideshow and easy sharing: Show slideshows and share your photos or albums easy
- Albums: Create albums from your contents
Recommendations
Shows recommended files for quick access of files and folders with recent activity
Text
https://github.com/nextcloud/text
** 📝 Collaborative document editing!**
- 📝 Focused writing: No distractions, only the formatting you need.
- 🙋 Work together: Share and collaborate with friends and colleagues, no matter if they use Nextcloud or not!
- 💾 Open format: Files are saved as Markdown, so you can edit them from any other text app too.
- ✊ Strong foundation: We use 🐈 tiptap which is based on 🦉 ProseMirror – huge thanks to them!
Usage survey
https://github.com/nextcloud/survey_client
Sends anonymized data to Nextcloud to help us to improve Nextcloud. You always have full control over the content sent to Nextcloud and can disable it again at any time.
Video Player
https://github.com/nextcloud/files_videoplayer/blob/master/README.md
A responsive video player using a skinned version of Video.js
Based on this app: https://apps.owncloud.com/content/show.php/Video+Js?content=159670 Video.js: http://videojs.com/ Skin: https://github.com/cabin/videojs-sublime-skin
Mobile
Nextcloud interfaces with Mobile devices through independent applications, for the most part.
Android
Official Application (Files/Photos)
The official android application manages files and synchronizes them back to the Nextcloud server if it's set up to do so. This _also_ allows for auto-sync of folders and locations on the device, which can be found here: https://www.techrepublic.com/article/how-to-set-auto-upload-on-the-nextcloud-mobile-app/.
Install: https://apps.nextcloud.com/apps/android_nextcloud_app
Setup: https://docs.nextcloud.com/android/android_app.html
Calendar & Contacts
The calendar for Nextcloud can be synced down to the native Android calendar by way of the CalDAV protocol. The easiest way to do this is by downloading an application to do that (DAVx) and use it to login and sync one or more of the calendars that are in your Nextcloud account. Similarly, contacts can be synced using the same application. An integration done by the developers means that this works natively with the official Nextcloud application.
Download here: https://www.davx5.com/download
Instructions: https://www.davx5.com/tested-with/nextcloud
NOTE: This does assume that you have installed the official Nextcloud Application above.
Bookmarks
The most frustrating thing to deal with if you don't have one of the major browser's proprietary bookmark syncing tools is how to share bookmarks between devices. Luckily, Nextcloud has a bookmark application (https://apps.nextcloud.com/apps/bookmarks) that adds this functionality to the base server, and the Android application is available that pairs with it.
Homepage: https://gitlab.com/bisada/OCBookmarks
iPhone
Official Application
Install: https://apps.nextcloud.com/apps/ios_nextcloud_app
Calendar & Contacts
The iOS devices have capabilities built-in to handle CardDAV and CalDAV sync. Nextcloud has instructions on how to do this, but they don't need to provide any applications to handle it.
Instructions: https://apps.nextcloud.com/apps/ios_and_macosx
Bookmarks
Homepage: https://gitlab.com/altepizza/nextbookmark
Everyday Usage
Groupware
Nextcloud Groupware is a bundle of apps which is consisting of a Mail-Client and a Calendar/Contacts Server with their respective web interfaces. Nextcloud also offers deck, the productivity tool compared to Kanboard.
Upstream Docs: https://nextcloud.com/groupware/
The Nextcloud welcome screen will provide links to walk you through connecting your calendar, contacts, and more. Unfortunately, most of these will say to install the respective apps. This can be done by installing several applications from the application list.
Calendar:
With Calendar you have the ability to:
Contacts:
With Nextcloud Contacts you can:
- Track birthdays of your contacts
- Share your address books with your team
- Sync your contacts with phones and other devices
Deck:
Deck provides the ability to:
- Create any number of private or shared Kanban-style task boards
- Drag'n'drop cards, assign them to team members and set due dates
- Use checklists, attach files & export boards
Mail:
With Mail you can have:
- Multiple accounts with unified inbox
- Recognizes travel itineraries and adds them to calendar
- Supports end-to-end encryption using OpenPGP
Talk:
Talk provides:
- Encrypted End-to-End Video/Audio calls
- Easy Screen Sharing
- Integration with Nextcloud Files and Groupware
Tips:
Application not showing up after Nextcloud Upgrade in the top Banner
If the groupware applications are not showing up in the top banner it could be because the versions are not tested against the Nextcloud version that is available. To enable these untested applications, click your user at the top right of the page > Apps > Click Disabled Apps on the left hand side of the page > Enable the Application. Note if the Groupware application needs to be updated before being enabled it is recommended to update it first.
The Calendar application was in the process of being updated at this point in time. After it was updated, it was able to be enabled successfully on the running Nextcloud instance.
Email Configuration:
When configuring email, most email providers require you to use an application password as opposed to the password you would normally use to login.
Checksum
Do you need to confirm the file you are sharing with another is the same file you sent to them. Use a hash.
The Checksum Third Party Application allows you to generate a hash of the file. There are multiple hashes available including: MD5, SHA1, SHA256, SHA384, SHA512, CRC32, and CRC32b.
Note this hash can only be performed on individual files, and not on shared folders.
For more information, check out the project here.
EPUB/CBZ/PDF Reader
With everything going digital, there is no reason not to have digital books. The Epub provides the ability to read EPUB, CBZ, and PDF files.
Some of the major features include: table of contents, bookmarks, seamless reading. Although these are major features of readers, this is a nice feature to have out of the box. One of the great features is the ability to pick up where you left off no matter your device. (This third party application also supports a dark mode for reading.)
Check out the project here for more information.
Deck
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.
- 📥 Add your tasks to cards and put them in order
- 📄 Write down additional notes in markdown
- 🔖 Assign labels for even better organization
- 👥 Share with your team, friends or family
- 📎 Attach files and embed them in your markdown description
- 💬 Discuss with your team using comments
- ⚡ Keep track of changes in the activity stream
- 🚀 Get your project organized
User Documentation: https://deck.readthedocs.io/en/latest/User_documentation_en/
Code Repo: https://github.com/nextcloud/deck
Install
As an admin, go to your Apps:
Search for Deck, and Download and Enable it
You'll see the Deck Icon show up on your apps:
Setup
You can add a new board on the left, and new columns using the "Add new list" button
Everything there can be rearranged as necessary.
Configuration
Deck has a subset of features that Kanboard has. Deck has the following features (in no particular order):
- Titles
- Assignees
- Attachments
- Due Dates
- Tags
- Description
- Comments
It is notibly lacks the following when compared to Kanboard:
- Automated Actions
- Internal/External links
- Subtasks
However, for the most basic of workflows, it would be more than sufficient!
OnlyOffice
ONLYOFFICE connector allows you to view, edit and collaborate on text documents, spreadsheets and presentations within Nextcloud using ONLYOFFICE Docs. This will create a new Edit in ONLYOFFICE action within the document library for Office documents. This allows multiple users to co-author documents in real time from the familiar web interface and save the changes back to your file storage.
Check out the project here for more information!
Dashboard
Customizing the dashboard gives the ability to open nextcloud and have an overview of what may be going on in your digital life. With the dashboard widgets, you can check anything from reports, to jira tasks, to manage messages from Mail, Gitlab, Github, Reddit and Twitter.
Getting started with the Dashboard begins at the Adding Apps section of Nextcloud where the Dashboard section can be found.
After the widgets you would like to add have been added they can then be added the dashboard on the main page by hitting the customize button. By default the dashboard will be blank and not have any widgets configured or enabled.
After you have enabled the widgets, they are now accessible on the main page but need to be configured.
To configure these apps, either the "Connect to Service" Button can be clicked or you can click on your avatar on the top right, click settings, and then click Connected Accounts.
For Github and Gitlab Adding Access was a matter of adding Personal Access Tokens
As for Reddit and Twitter there is a popup that shows up in the browser asking for web+nextcloud link integration.
There is then a little connect button at the bottom of the Connected Accounts page that will allow you to authorize with Reddit to allow Nextcloud access to your feed.
Something to note is that as other application integrations are added, widgets become available through the dashboard. The best examples of applications which have an included widget which can be enabled are Calendar and Mail. The widget for mail shows unread mail and the calendar widget shows upcoming calendar events.
User Management
Upstream Docs: https://nextcloud.com/usermanagement/
Admins can create, modify, search and view user accounts using Nextcloud built-in user management. Name, disk quota, mail addresses and group membership can be handled and users can be given administrator privileges if needed.
Groups
You can assign new users to groups when you create them, and create new groups when you create new users. You may also use the Add Group button at the top of the left pane to create new groups. New group members will immediately have access to file shares that belong to their new groups.
There are two groups by default on OurCompose installs, the admin
group, and the users
group. By default, the initial user is placed into both of these.
Group Admins
The administrator can delegate some work by elevating some accounts to group administrator over specified groups. This allows them to create new users as members of these groups as well as delete and modify them.
Setting Storage Quotas
https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_configuration.html#setting-storage-quotas
This is automatically applied to new users. You may assign a different quota to any user by selecting from the Quota dropdown, selecting either a preset value or entering a custom value. When you create custom quotas, use the normal abbreviations for your storage values such as 500 MB, 5 GB, 5 TB, and so on.
More about storage quotas here: https://docs.nextcloud.com/server/latest/user_manual/en/files/quota.html
Disable users
https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_configuration.html#disable-and-enable-users
Sometimes you may want to disable a user without permanently deleting their settings and files. The user can be activated any time again, without data-loss.
The user will not longer be able to access their Nextcloud until you enable them again. Keep in mind that the files, which were shared by this user will not longer be accessible.
Guests (app)
https://github.com/nextcloud/guests
Allows for better collaboration with external users by allowing users to create guests account.
Guests accounts can be created from the share menu by entering either the recipients email or name and choosing "create guest account", once the share is created the guest user will receive an email notification about the mail with a link to set their password.
Guests users can only access files shared to them and can't create any files outside of shares, additionally, the apps accessible to guest accounts are whitelisted.
Impersonate (app)
https://github.com/nextcloud/impersonate
By installing the impersonate app of your Nextcloud you enable administrators to impersonate other users on the Nextcloud server. This is especially useful for debugging issues reported by users.
To impersonate a user an administrator has to simply follow the following four steps:
- Login as administrator to Nextcloud
- Open the user administration interface
- Select the impersonate button on the affected user
- Confirm the impersonation
The administrator is then logged-in as the user, to switch back to the regular user account they simply have to press the logout button.
Note:
- This app is not compatible with instances that have encryption enabled.
- While impersonate actions are logged note that actions performed impersonated will be logged as the impersonated user.
- Impersonating an user is only possible after their first login.
Advanced Customization
Accessing Nextcloud files using WebDAV
Nextcloud supports the WebDAV protocol, and you can connect and synchronize with your Nextcloud files over WebDAV. There are official desktop and mobile applications available. For the Nextcloud documentation, check out the official documentation
Linux (Gnome):
Linux (KDE):
Mac:
Curl:
Desktop Synchronization Client
The Nextcloud Desktop Sync client allows you to:
- Specify one or more directories on your computer that you want to synchronize to the Nextcloud server.
- Always have the latest files synchronized, wherever they are located.
Files are always automatically snychronized between the Nextcloud server and local PC.
Check out the documentation from the upstream project for more information and how to install.
Encryption
Encryption is one of the steps to take when designing a system with Defence in depth. Here we go over what you need to be concerned about and different implementations to consider.
Threat Model
Threat modelling is hard. The most widely-applicable framework that I have stumbled across is to frame up your model with respect to the following scopes, from lowest to highest:
- Neighborhood Hacker
- Corporate Surveillance
- Nation-State Espionage
Consider at which level you would like to defend against when considering the options available to you.
Responsibility Levels
There are three levels of responsibility for any hosted service:
- Physical/Infrastructure
- Service Provider/OS Admin
- Application admin/consumer
Physical/Infrastructure
Digital Ocean:
- Local Droplet Storage: https://www.digitalocean.com/community/questions/droplet-native-storage-is-it-encrypted-similarly-to-block-storage-volumes?answer=54705
- Block Storage: https://docs.digitalocean.com/products/volumes/
Service Provider/OS Admin
- Enabled:
- Planned:
Application Admin/Consumer
Built-In Nextcloud Functionality: https://nextcloud.com/blog/encryption-in-nextcloud/
- Server-Side Storage Encryption:
- https://nextcloud.com/encryption/
- https://docs.nextcloud.com/server/latest/user_manual/en/files/encrypting_files.html
- A note on local storage:
A server-wide key stores a server password in the Nextcloud data directory and uses it to decrypt the server key in the users’ data directory, which in turn is used to decrypt data.
When using per-user keys, the key in the data directory is per user and encrypted with the user password. We take great care to ensure keys never enter storage but keys will be kept in memory on the Nextcloud server for the duration of user login sessions to facilitate decryption and encryption of data.
Per-user keys only offer additional protection over a server-wide key in the case of physical theft of the Nextcloud server and storage or a security breach of the sever provided the user(s) do NOT log in for the duration of the breach.
- End-to-End File-level Encryption:
Troubleshooting
Upstream Project
Links
Official Site: https://nextcloud.com
Code: https://github.com/nextcloud
Documentation: https://docs.nextcloud.com/
Updates: https://nextcloud.com/blog/
Community: https://help.nextcloud.com/
Container Image: https://hub.docker.com/_/nextcloud