--- Tag: ["Admin", "💻", "🕵🏼", "☁️"] Date: 2021-08-10 DocType: "Product" Hierarchy: "NonRoot" TimeStamp: Product: Type: "IT" Link: "https://nextcloud.com" Value: "Average" CollapseMetaTable: true banner: "![[IMG_1964.jpg]]" banner_icon: ☁️ --- Parent:: [[Storage and Syncing]], [[Server Cloud]] --- ^Top   ```button name Edit Product parameters type command action MetaEdit: Run MetaEdit id EditMetaData ``` ^button-NextcloudMDEdit ```button name Save type command action Save current file id Save ``` ^button-NextCloudSave   # NextCloud   ```ad-abstract title: Summary collapse: open Overview of NextCloud, secure and private Cloud & devices-synchronisation service ```   ```toc style: number ```   ---   ### Characteristics   Criteria | Rating | Observation ---------|-------- | ----------- _**Security**_ | strong | App/Service-specific PWs, No known attack or vulnerability; long-standing service _**Privacy**_ | strong | E2EE, 0-k _**Service Integration**_ | strong | WebDAV + native Apps _**User Exp**_ | average | Easy-to-use service but syncing can be buggy _**Pricing**_ | average | Within market rate   ---   ### Structure and usage   NextCloud is a Cloud Management solution with integrated Apps that aims at managing and syncing a vast array of data between connected devices. This section gives an overview of the structure of the service.   #### Host NextCloud needs to be hosted on a server with two options available: 1. Rent space with a service provider 2. [[Selfhosting|Self-host]] (Server, Raspberry Pi, NAS) I selected to [[Selfhosting|self-host]] . All parameters can be found below including the VPN provider and server parametrisation.   #### Services NextCloud offers various services in what they called Apps, similar to Phone Apps: 1. Mail 2. Calendar 3. Contact Management 4. Photo 5. Music 6. Notes 7. Password Management As well as a wide array of other apps available [here](https://apps.nextcloud.com/) In addition, NextCloud support End-2-End Encryption.   ---   ### Setup   As of today, the services I have set up are described below.   #### Contacts (CardDAV) _App-specific password (per device)_ Activated   _CardDAV Account_: `server.address/remote.php/dav/principals/users/USERNAME/`   #### Pictures From within the NextCloud iOS App: 'auto-upload Pictures from Camera Roll'.   #### Music (WebDAV) _App-specific password (per device)_: Activated   _WebDAV Account_: `https://server.address/remote.php/dav/files/username/`   ---   ### Selfhosting guide   ```ad-info title: Installation [Tutorial](https://www.techrepublic.com/article/how-to-install-nextcloud-22-on-ubuntu-server-20-04/) [Tutorial2](https://nextcloud.com/athome/) [Tutorial3](https://blog.ssdnodes.com/blog/installing-nextcloud-docker/) ```   #### Installed dependencies [[#^Top|TOP]]   ##### Apache2 Webserver for [[Nextcloud]]. Apache2 has notorious issues with over-clogging memory usage (topping 100% of memory usage). In order to minimise memory usage, [[#APCu]] has been installed as a cache manager. In addition, Appache has been paired with: - **[php-fpm](https://www.php.net/manual/en/install.fpm.php)** for php7.4, enabling faster interaction between apache and backend. - the '**event**' multi-processing module ([MPM](https://tecadmin.net/apache-mpm-prefork-and-worker-and-event/)) enabling decluttering of processing between ports & Apache All relevant dependencies have been installed and the set-up tested. A comprehensive tutorial on the MPM switch can be found [here](https://www.digitalocean.com/community/tutorials/how-to-configure-apache-http-with-mpm-event-and-php-fpm-on-ubuntu-18-04) or [here](https://askubuntu.com/questions/1319861/how-to-configure-apache-http-to-php-fpm-on-ubuntu-20-10). **php.ini** files can be found at: ```ad-path /etc/php/7.4/fpm/php.ini /etc/php/7.4/apache2/php.ini /etc/php/7.4/cli/php.ini ```   ##### Certbot [[#^Top|TOP]] Provides SSL certification from **Let's Encrypt**. Installation dependencies are different from Nginx and explained [here](https://linuxhint.com/secure-apache-lets-encrypt-ubuntu/)   ##### MySQL Nothing particular to note on MySQL apart from initial set-up and user management. Configuration file is under: ```ad-path /etc/mysql/mysql.conf.d/mysqld.cnf ``` ```ad-code title: Optimise memory usage of mysql ~~~yaml [mysqld] % Disable performance schema to hugely reduce RAM usage performance_schema = OFF ~~~ ``` In order to restart mysql, the command is: ```ad-command ~~~bash sudo service mysql restart ~~~ ```   ##### APCu [[#^Top|TOP]] Memory caching addon for Nextcloud. Memory caching management is provided by Nextcloud and needs to be set up as a system cron job. After installing APCu, the webserver needs to be **restarted** and the cron job defined: 1. **Define the cronjob** ```ad-command ~~~bash sudo crontab -u www-data -e ~~~ ``` 2. **Add cronjob** ```ad-code ~~~bash */5 * * * * php -f /var/www/html/nextcloud/cron.php --define apc.enable_cli=1 ~~~ ``` 3. **Verify that the cron job is added** ```ad-command ~~~bash sudo crontab -u www-data -l ~~~ ```   ##### SVG support [[#^Top|TOP]] SVG support is installed in the form of a package. ```ad-command ~~~bash sudo apt-get update -y sudo apt-get install -y libmagickcore-6.q16-6-extra ~~~ ```   ---   #### Service management [[#^Top|TOP]] Nextcloud offers two alternatives for managing the service: 1. An admin webpanel 2. A command line tool   ##### Admin webpanel Accessed through login into the service with admin credentials. Settings offer an admin section.   ##### Nextcloud command line tool [[#^Top|TOP]] From the server's command line, Nextcloud offers the ability to perform some tasks like user management.   ###### Introduction to the command [[Nextcloud]] offers a command-line tool which permission needs to be set to "executable". It is located here: ```ad-path /var/www/html/nextcloud/occ ``` The tool needs to be invoked by the "www-data" user and compiled with PHP: ```ad-command ~~~bash sudo -u www-data php /var/www/html/nextcloud/occ ~~~ ```   ###### Generic commands [[Nextcloud]] offers a simple description of all commands [here](https://docs.nextcloud.com/server/22/admin_manual/configuration_server/occ_command.html)   ---   #### Nextcloud server hardening [[#^Top|TOP]] ```ad-bug title: Nextcloud tutorial [Here](https://docs.nextcloud.com/server/latest/admin_manual/installation/harden_server.html) ```   ---   #### Data transfer [[#^Top|TOP]] After each data transfer, run the following command to refresh [[Nextcloud]]'s webapp: ```ad-command ~~~bash sudo -u www-data php /var/www/html/nextcloud/occ files:scan --all ~~~ ``` More info can be found [here](https://docs.nextcloud.com/server/22/admin_manual/configuration_server/occ_command.html)   ##### Upload from local ```ad-bug [Curl](https://cylab.be/blog/33/how-to-upload-your-files-to-nextcloud-file-drop-using-curl) [Nextcloud help](https://help.nextcloud.com/t/how-to-upload-and-share-file-automatically/19202) ```   ##### Directories [[#^Top|TOP]] 1. **Local file structure** ```ad-path /var/www/html/nextcloud/data/USERNAME/files ``` 2. **Webdav file structure** ```ad-path /remote.php/dav/files/USERNAME ```   ---   ### Pricing   [NextCloud/tab.digital pricing page](https://cloud.tab.digital/pricing)   Storage space | price p.m. :---------------:|:----------------: _**8G**_ | Free _**32G**_ | €1.95 _**128G**_ | €4.95   ---   ### Further steps   - [x] [[Selfhosting|Self-host]] server instance - [x] Explore native NextCloud Apps - [x] [[Nextcloud]]: Transfer NetNewsWire to NC ✅ 2021-09-15