You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

416 lines
7.9 KiB

---
Tag: ["Admin", "Computer", "Privacy", "Cloud"]
Date: 2021-08-10
DocType: "Product"
Hierarchy: "NonRoot"
TimeStamp:
Product:
Type: "IT"
Link: "https://nextcloud.com"
Value: "Average"
---
Parent:: [[Storage and Syncing]], [[Server Cloud]]
---
^Top
 
```button
name Edit Product parameters
type command
action MetaEdit: Run MetaEdit
id EditMetaData
```
^button-NextcloudMDEdit
```button
name Save
type command
action Save current file
id Save
```
^button-NextCloudSave
 
# NextCloud
 
```ad-abstract
title: Summary
collapse: open
Overview of NextCloud, secure and private Cloud & devices-synchronisation service
```
 
```toc
style: number
```
 
---
 
### Characteristics
 
Criteria | Rating | Observation
---------|-------- | -----------
_**Security**_ | <mark style="background:green">strong</mark> | App/Service-specific PWs, No known attack or vulnerability; long-standing service
_**Privacy**_ | <mark style="background:green">strong</mark> | E2EE, 0-k
_**Service Integration**_ | <mark style="background:green">strong</mark> | WebDAV + native Apps
_**User Exp**_ | <mark style="background:yellow;color:black">average</mark> | Easy-to-use service but syncing can be buggy
_**Pricing**_ | <mark style="background:yellow;color:black">average</mark> | Within market rate
&emsp;
---
&emsp;
### Structure and usage
&emsp;
NextCloud is a Cloud Management solution with integrated Apps that aims at managing and syncing a vast array of data between connected devices. This section gives an overview of the structure of the service.
&emsp;
#### Host
NextCloud needs to be hosted on a server with two options available:
1. Rent space with a service provider
2. [[Selfhosting|Self-host]] (Server, Raspberry Pi, NAS)
I selected to [[Selfhosting|self-host]] . All parameters can be found below including the VPN provider and server parametrisation.
&emsp;
#### Services
NextCloud offers various services in what they called Apps, similar to Phone Apps:
1. Mail
2. Calendar
3. Contact Management
4. Photo
5. Music
6. Notes
7. Password Management
As well as a wide array of other apps available [here](https://apps.nextcloud.com/)
In addition, NextCloud support End-2-End Encryption.
&emsp;
---
&emsp;
### Setup
&emsp;
As of today, the services I have set up are described below.
&emsp;
#### Contacts (CardDAV)
_App-specific password (per device)_
Activated
&emsp;
_CardDAV Account_:
`server.address/remote.php/dav/principals/users/USERNAME/`
&emsp;
#### Pictures
From within the NextCloud iOS App: 'auto-upload Pictures from Camera Roll'.
&emsp;
#### Music (WebDAV)
_App-specific password (per device)_:
Activated
&emsp;
_WebDAV Account_:
`https://server.address/remote.php/dav/files/username/`
&emsp;
---
&emsp;
### Selfhosting guide
&emsp;
```ad-info
title: Installation
[Tutorial](https://www.techrepublic.com/article/how-to-install-nextcloud-22-on-ubuntu-server-20-04/)
[Tutorial2](https://nextcloud.com/athome/)
[Tutorial3](https://blog.ssdnodes.com/blog/installing-nextcloud-docker/)
```
&emsp;
#### Installed dependencies
[[#^Top|TOP]]
&emsp;
##### Apache2
Webserver for [[Nextcloud]].
Apache2 has notorious issues with over-clogging memory usage (topping 100% of memory usage).
In order to minimise memory usage, [[#APCu]] has been installed as a cache manager. In addition, Appache has been paired with:
- **[php-fpm](https://www.php.net/manual/en/install.fpm.php)** for php7.4, enabling faster interaction between apache and backend.
- the '**event**' multi-processing module ([MPM](https://tecadmin.net/apache-mpm-prefork-and-worker-and-event/)) enabling decluttering of processing between ports & Apache
All relevant dependencies have been installed and the set-up tested.
A comprehensive tutorial on the MPM switch can be found [here](https://www.digitalocean.com/community/tutorials/how-to-configure-apache-http-with-mpm-event-and-php-fpm-on-ubuntu-18-04) or [here](https://askubuntu.com/questions/1319861/how-to-configure-apache-http-to-php-fpm-on-ubuntu-20-10).
**php.ini** files can be found at:
```ad-path
/etc/php/7.4/fpm/php.ini
/etc/php/7.4/apache2/php.ini
/etc/php/7.4/cli/php.ini
```
&emsp;
##### Certbot
[[#^Top|TOP]]
Provides SSL certification from **Let's Encrypt**. Installation dependencies are different from Nginx and explained [here](https://linuxhint.com/secure-apache-lets-encrypt-ubuntu/)
&emsp;
##### MySQL
Nothing particular to note on MySQL apart from initial set-up and user management.
Configuration file is under:
```ad-path
/etc/mysql/mysql.conf.d/mysqld.cnf
```
```ad-code
title: Optimise memory usage of mysql
~~~yaml
[mysqld]
% Disable performance schema to hugely reduce RAM usage
performance_schema = OFF
~~~
```
In order to restart mysql, the command is:
```ad-command
~~~bash
sudo service mysql restart
~~~
```
&emsp;
##### APCu
[[#^Top|TOP]]
Memory caching addon for Nextcloud. Memory caching management is provided by Nextcloud and needs to be set up as a system cron job. After installing APCu, the webserver needs to be **restarted** and the cron job defined:
1. **Define the cronjob**
```ad-command
~~~bash
sudo crontab -u www-data -e
~~~
```
2. **Add cronjob**
```ad-code
~~~bash
*/5 * * * * php -f /var/www/html/nextcloud/cron.php --define apc.enable_cli=1
~~~
```
3. **Verify that the cron job is added**
```ad-command
~~~bash
sudo crontab -u www-data -l
~~~
```
&emsp;
##### SVG support
[[#^Top|TOP]]
SVG support is installed in the form of a package.
```ad-command
~~~bash
sudo apt-get update -y
sudo apt-get install -y libmagickcore-6.q16-6-extra
~~~
```
&emsp;
---
&emsp;
#### Service management
[[#^Top|TOP]]
Nextcloud offers two alternatives for managing the service:
1. An admin webpanel
2. A command line tool
&emsp;
##### Admin webpanel
Accessed through login into the service with admin credentials. Settings offer an admin section.
&emsp;
##### Nextcloud command line tool
[[#^Top|TOP]]
From the server's command line, Nextcloud offers the ability to perform some tasks like user management.
&emsp;
###### Introduction to the command
[[Nextcloud]] offers a command-line tool which permission needs to be set to "executable". It is located here:
```ad-path
/var/www/html/nextcloud/occ
```
The tool needs to be invoked by the "www-data" user and compiled with PHP:
```ad-command
~~~bash
sudo -u www-data php /var/www/html/nextcloud/occ
~~~
```
&emsp;
###### Generic commands
[[Nextcloud]] offers a simple description of all commands [here](https://docs.nextcloud.com/server/22/admin_manual/configuration_server/occ_command.html)
&emsp;
---
&emsp;
#### Nextcloud server hardening
[[#^Top|TOP]]
```ad-bug
title: Nextcloud tutorial
[Here](https://docs.nextcloud.com/server/latest/admin_manual/installation/harden_server.html)
```
&emsp;
---
&emsp;
#### Data transfer
[[#^Top|TOP]]
After each data transfer, run the following command to refresh [[Nextcloud]]'s webapp:
```ad-command
~~~bash
sudo -u www-data php /var/www/html/nextcloud/occ files:scan --all
~~~
```
More info can be found [here](https://docs.nextcloud.com/server/22/admin_manual/configuration_server/occ_command.html)
&emsp;
##### Upload from local
```ad-bug
[Curl](https://cylab.be/blog/33/how-to-upload-your-files-to-nextcloud-file-drop-using-curl)
[Nextcloud help](https://help.nextcloud.com/t/how-to-upload-and-share-file-automatically/19202)
```
&emsp;
##### Directories
[[#^Top|TOP]]
1. **Local file structure**
```ad-path
/var/www/html/nextcloud/data/USERNAME/files
```
2. **Webdav file structure**
```ad-path
/remote.php/dav/files/USERNAME
```
&emsp;
---
&emsp;
### Pricing
&emsp;
[NextCloud/tab.digital pricing page](https://cloud.tab.digital/pricing)
&emsp;
Storage space | price p.m.
:---------------:|:----------------:
_**8G**_ | Free
_**32G**_ | €1.95
_**128G**_ | €4.95
&emsp;
---
&emsp;
### Further steps
&emsp;
- [x] [[Selfhosting|Self-host]] server instance
- [x] Explore native NextCloud Apps
- [x] [[Nextcloud]]: Transfer NetNewsWire to NC ✅ 2021-09-15
&emsp;
&emsp;