LJ Archive

Nextcloud 13: How to Get Started and Why You Should

Nextcloud could be the first step toward replacing proprietary services like Dropbox and Skype. By Marco Fioretti

In its simplest form, the Nextcloud server is "just" a personal, free software alternative to services like Dropbox or iCloud. You can set it up so your files are always accessible via the internet, from wherever you are, and share them with your friends. However, Nextcloud can do so much more.

In this article, I first describe what the Nextcloud server is and how to install and set it up on GNU/Linux systems. Then I explain how to configure the optional Nextcloud features, which may be the first steps toward making Nextcloud the shell of a complete replacement for many proprietary platforms existing today, such as Dropbox, Facebook and Skype.

Safe home screen

Figure 1. A safe home for all your data that all your devices can reach—that's what Nextcloud wants to be.

Why Nextcloud and Not ownCloud?

Nextcloud, whose version 13 was released in February 2018, was spun off the popular ownCloud project in 2016, out of licensing and other disagreements. See the Resources section for some of the most complete feature-by-feature comparisons between Nextcloud and ownCloud. The most basic capabilities are still almost identical, two years after the fork. Some of the functions described here, however, are easier to integrate in Nextcloud than in its ancestor. In addition, my personal reasons for recommending Nextcloud over ownCloud are the following:

Dropbox like screen

Figure 2. The Original Nextcloud/ownCloud Functions: File and Picture Storage, Dropbox-Style

A Word on Security

Several good reasons to choose Nextcloud as the online home for your own files and data are related to security. I don't cover them in detail in this introductory article, but I want to mention at least some of them.

Nextcloud refuses continuous (that is, malicious) attempts to authenticate from any computer, except those whose IP addresses are included in "brute-force IP whitelists". (Of course, the best possible whitelist you can configure is an empty one.)

Content Security Policy (CSP), instead, is the way a Nextcloud server may, for example, tell a browser "if you found this script in, or linked from, a page from me, do not trust it. It must have been injected there by some attacker!"

SAML (Security Assertion Markup Language) is an XML-based open standard for secure, single sign-on (SSO) to web-based applications across different, independent servers. Nextcloud 13 supports SSO with SAML natively through a dedicated app. If you log in to your own Nextcloud, you then can use any service, on any other SAML-enabled website for which you have access rights, without entering any more credentials.

SAML configuration

Figure 3. Configuring SAML for secure single-sign-on is a delicate process, but the Nextcloud interface makes it simple with plenty of instructions.

Prerequisites

In order to install Nextcloud, you need basic Linux administration skills, familiarity with the command line and some patience. Software-wise, the Nextcloud server is a PHP application that needs a LAMP (Linux, Apache, MySQL, PHP) or similar software stack to work. You can install it on almost any box permanently connected to the internet, from bare metal in a server farm to ordinary web-hosting accounts, or even home-based minicomputers like the Raspberry Pi.

Nextcloud 13 can run in different environments, from shared hosting accounts to servers using nginx instead of Apache or as an Ubuntu snap package. The configuration officially recommended (quoting the website) "for the best compatibility, especially if you plan to use lots of plugins", is Apache 2.4 or later, and a MySQL or MariaDB database. This is why I'm describing command-line installation of Nextcloud 13 server on a computer running Ubuntu 16.04 LTS, PHP 7, Apache2 and a MariaDB 10.0 database.

The procedure is relatively lengthy to explain, but it's worth it. Nextcloud has many more features and options than what I describe here, and you can use it to store some of your most sensitive documents and data. Therefore, I strongly suggest that before actually exposing it on the internet, be sure to play with it locally on your home Linux box as much as you can, even if it means re-installing it from scratch several times.

And, there's only one way to do all that testing efficiently: an installation method that can be entirely automated with a shell script.

Installation and Initial Configuration

First, get all the necessary software, because Nextcloud 13 depends on several packages. In the case of Ubuntu 16.04, the ones you must install with apt-get are these:


sudo apt-get install apache2 mariadb-server 
 ↪libapache2-mod-php7.0
sudo apt-get install php7.0-gd php7.0-json php7.0-mysql 
 ↪php7.0-curl php7.0-mbstring
sudo apt-get install php7.0-intl php7.0-mcrypt php-imagick 
 ↪php7.0-xml php7.0-zip

(Don't worry if some of those packages are already installed on your system, apt-get will just skip to the next one.)

After that, download the Nextcloud tarball from the website, unpack it, and copy it into its own folder under the Web server document root, which, in this example, is /var/www/html/:


tar -xjf nextcloud-13.0.0.tar.bz2
sudo cp -r nextcloud /var/www/html/

Preparing the Database and Web Servers

On Ubuntu 16.04 (and, likely, on most Ubuntu derivatives), the command-line installation of Nextcloud won't work unless there already is a MariaDB account that is not root, but does have all the privileges needed to create new users and databases. Here's how to create such an account, if needed, with name dbadmin and password dbadminpw (note that mdb is my own MariaDB prompt, not the default one):


sudo mysql -u root
mdb>use mysql;
mdb>CREATE USER 'dbadmin'@'localhost' IDENTIFIED BY 'dbadminpw';
mdb>GRANT ALL PRIVILEGES ON *.* TO 'dbadmin'@'localhost' 
 ↪WITH GRANT OPTION;
mdb>FLUSH PRIVILEGES;
mdb>exit;

Apache, on the other hand, needs a dedicated configuration file, which on Ubuntu 16.04 is /etc/apache2/sites-available/nextcloud.conf, to handle Nextcloud properly. If your server is example.com, and you want your Nextcloud available at example.com/nextcloud, that file should look like this:


##########################################################
Alias /nextcloud "/var/www/html/nextcloud/"

# the following two directives are needed for picoCMS

ProxyPass /nextcloud/sites/ http://localhost/nextcloud/
↪index.php/apps/cms_pico/pico/
ProxyPassReverse /nextcloud/sites/ http://localhost/nextcloud/
↪index.php/apps/cms_pico/pico/

<Directory /var/www/html/nextcloud/>
  Options +FollowSymlinks
  AllowOverride All

 <IfModule mod_dav.c>
  Dav off
 </IfModule>

 SetEnv HOME /var/www/html/nextcloud
 SetEnv HTTP_HOME /var/www/html/nextcloud

</Directory>
##########################################################

Once that file is ready, type the following commands at the prompt to enable the modules that Apache also needs to handle Nextcloud:


sudo a2enmod rewrite
sudo a2enmod headers
sudo a2enmod env
sudo a2enmod dir
sudo a2enmod mime
sudo a2enmod proxy_http

Finally, here are the commands to type to make the Apache user own the Nextcloud files, enable the configuration files shown above and, finally, restart Apache:


sudo chown -R www-data:www-data /var/www/html/nextcloud/
sudo ln -s /etc/apache2/sites-available/nextcloud.conf 
 ↪/etc/apache2/sites-enabled/nextcloud.conf
sudo service apache2 restart

Actually Installing Nextcloud

Once the Web and database servers are ready and the Nextcloud files are in place, the actual Nextcloud installation may happen entirely by pointing your browser (in the "local testing" phase I already recommended, at least) at http://localhost/nextcloud. As promised, however, I'm going to show you how to continue on the command line.

This is possible thanks to a PHP tool called occ (from "ownCloud console") distributed with Nextcloud. To use occ, move to the nextcloud base directory, and then, using the Apache server account (www-data, in this example) to preserve the right permissions on files and folders, run it as follows:


cd /var/www/html/nextcloud/

sudo -u www-data php occ maintenance:install --database "mysql" 
 ↪--database-name "mynextcloud"  --database-user "dbadmin" 
 ↪--database-pass "dbadminpw" --admin-user "nextcloudadmin" 
 ↪--admin-pass "nextcloudadminpw"

If everything goes well, occ will exit with a "Nextcloud was successfully installed" message. At that point, you'll finally be able to log in to Nextcloud at http://localhost/nextcloud with the admin account ("nextcloudadmin") and password "nextcloudadminpw".

Using occ, you also can create users or enable previously downloaded Nextcloud apps, among other things. The occ equivalent of the GUI procedure for creating a user named marco in the mycloudusers group, with display name "Marco F", is:


sudo -u www-data php occ user:add --display-name="Marco F" 
 ↪--group="mycloudusers" marco

Measuring and Optimizing Performances

Nextcloud 13 has a tab, shown in Figure 4, that gives the administrator a first, quick idea of how loaded it is. In order to avoid performance bottlenecks, the easiest solution seems to be the memory cache called OPcache. To enable it, follow the instructions in the Nextcloud Administration/Basic Settings tab. You also can install the Redis database for local caching and file locking. (For details, see "Tuning Nextcloud for Optimal Performance".)

CPU Load screen

Figure 4. The Nextcloud 13 Real-Time CPU and Memory Load Monitors

The Real Power of Nextcloud Is Its Apps

If Nextcloud were only a personal alternative to file-hosting services like Dropbox, it wouldn't be such a big deal. Its real power, however, is in the many extensions, or "apps", that provide many additional functions, often through extra buttons in Nextcloud's top bar. Figure 5 shows only a partial idea of how diverse the apps can be.

Nextcloud screen

Figure 5. Work, entertainment, administration, sharing—Nextcloud apps can do a lot.

To use an app not shown in the administration interface, download and unpack it in the apps subfolder of your Nextcloud installation, then make the Apache user owner of its files. After that, you just need to enable the app, with occ or in the Nextcloud interface.

In the Nextcloud interface, you also can enable bundles of apps with one click or limit access to most apps to selected groups of users. The app bundles in Nextcloud 13 are Enterprise, Groupware, Social sharing and an "Education Edition".

Beyond Files: Federation, Video Calls and Web Publishing

Even if you need it only to host your files online, Nextcloud can do much more than provide a container for keeping those files. To begin with, all users of a Nextcloud server can share single files, or whole folders, with whomever they want by giving them a link, with or without an associated password. At the same time, a Nextcloud administrator easily can prevent single apps from sharing files and data, or it can allow file sharing only inside a group of users.

Nextcloud screen2

Figure 6. A detail of how you can share files and folders from your Nextcloud with any other user of other Nextcloud instances.

The really interesting thing, however, is "federation". This name indicates the capability to connect totally independent installations of this server in one, seamless "cloud of Nextclouds". It is thanks to federation that, for example, all your relatives living in different states can see, each as a local folder of their own Nextcloud server, the same gallery of photographs that you host inside yours—even if that folder is not public and none of them has a user account on your server. Another common usage of federation is merging the user profiles of several servers in one common address book. This lets all those users find each other more easily, with their Nextcloud interface auto-completing the names of the other users when they start typing them.

Nextcloud's federation-related features are accessible from the "Sharing" tab of the administration panel. From there, with a few clicks, you can define if and how users can share their own content with other Nextcloud servers, see the folders in those same servers or access a "global address book".

Nextcloud screen2

Figure 7. Nextcloud recognizes and auto-completes the addresses of all its users and those of any other federated Nextclouds.

That sharing of user directories can happen only with the servers that you declare "trusted" in the same tab. Synchronization of the local address book with those of the trusted servers happens with this occ command that you can put inside a cron job:


sudo -u www-data php occ federation:sync-addressbooks

Schedule screen

Figure 8. Scheduling appointments and inviting your fellow Nextcloud users? No problem.

Hey Nextcloud, Call My Mother

What's the next step after easily sharing pictures with distant family members or documents with colleagues? Discussing them in an easy-to-use, privacy-friendly environment, of course.

Video screen

Figure 9. Video calls with integrated chats look really promising in Nextcloud 13.

Integration of the Calendar and users profiles of Nextcloud makes scheduling online meetings with them a snap. When the time comes, the Nextcloud Talk app lets you chat, make audio or video calls and share your screen, without installing any software (except, of course, a modern browser, or the Nextcloud Android or iOS apps, on one's desktop or smartphone).

Both chats and calls are peer-to-peer and end-to-end encrypted, without embedded advertising, or any central organization logging everything. Oh, and users get instant notifications, in their browsers or in the mobile apps, whenever other users want to talk with them, or have commented on some file they shared.

Now do you see why I say that Nextcloud, and its federation, may be the first step toward replacing proprietary platforms, from Dropbox to Skype?

Blogging with Nextcloud

Online self-publishing for the masses, via blogs or social networks, is one of the greatest features (and sometimes problems, of course) of the current, still open web. The Nextcloud 13 server provides an easy, if basic way to do this by integrating picoCMS, the pico Content Management System.

picoCMS creates websites by rendering as HTML, with menus and all, all the Markdown plain-text files (with .md extension) that it finds inside some predefined folder. In Nextcloud, the best tool to edit .md files is the Markdown Editor app, so enable it if you decide to use picoCMS.

Index screen

Figure 10. The Nextcloud Markdown editor, with its optional live preview of what you type.

Nextcloud users can independently define, in the picoCMS tab of the "Settings" interface, both the folder that contains the source files and the name of the website. Running on your own computer, the Apache configuration shown here would make Nextcloud serve the home page of a picoCMS website called "ljdemo" at the URL http://localhost/nextcloud/sites/ljdemo/.

To let all the users of your Nextcloud create inside it all the picoCMS websites they want, download the compressed archive of the app, and unpack it on the computer running Nextcloud. Then move the resulting folder (cms_pico) inside the apps subfolder of Nextcloud, change its permission, and enable it with these three commands:


sudo mv -i cms_pico              /var/www/html/nextcloud/apps/
sudo chown -R www-data:www-data  /var/www/html/nextcloud/apps/cms_pico
sudo -u www-data php occ app:enable cms_pico
cms_pico enabled

(Of course, you even can put these commands into a script to make re-installations quicker!)

The next step is to tell the Apache Web server how to cooperate with picoCMS. The meaning of the two "ProxyPass" directives in the nextcloud.conf file already shown is this: "whenever a browser asks for an URL in the /nextcloud/sites/ subfolder, pass that URL to picoCMS, and then pass to the browser whatever you get in return".

Note that those ProxyPass settings make picoCMS publish as websites only what it finds in certain folders of Nextcloud. They do not generate clean, short URLs for all the pages of those websites. To get that, you must adapt the MOD_REWRITE suggestions contained in the Administration→picoCMS tab of the Nextcloud panel to your specific Apache configuration.

How to Write and Publish a Web Page with Nextcloud and picoCMS

Once it's up and running, publishing a web page in a Nextcloud/picoCMS environment is surely not as simple as it would be with systems like WordPress.

For example, the only way to add new Markdown files in any Nextcloud folder, except uploading them from your desktop, seems to be to copy and rename an already existing one. To insert a figure in a post, instead, you must separately upload it in the asset" subfolder, and then point to it in the Markdown source, as shown below.

If these annoyances are not an issue for you, you may really like the Nextcloud/picoCMS flow. The Markdown editor and its integrated preview work great, and whatever you write instantly goes online. As a practical example, here's the source code, preview and rendering, at the local address http://localhost/nextcloud/sites/ljdemo/testing/ of this index.md file placed in the Nextcloud folder ljdemo/content/testing/:


#############################################################

Hello!

## This is a first test of Nextcloud/picoCMS integration

* Let's write a file with .md extension
* just to check what happens when we load it with a browser

We can also embed images previously uploaded in the "assets" subfolder:

![Image Title](%base_url%/assets/logo-lj.jpg)

############################################################

Webpage home screen

Figure 11. This is what the first page of your Nextcloud/picoCMS website may look like.

What Next? A Lot!

Nextcloud seems to be a great platform for integrating online services of all kinds. In this article, I explained how to set it up and tried to provide an idea of its flexibility, but there is much more you could do with it. In future articles, I plan to cover how to integrate with Nextcloud email, secure browsing with Let's Encrypt and collaborative editing with Etherpad. Stay tuned!

Resources

About the Author

Marco Fioretti is a free software user and author since 1995, board member of the Free Knowledge Institute and author of the Percloud proposal for a truly usable alternative to Facebook, Gmail and similar services.

LJ Archive