thisven/Website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
Website/content/docs/infrastructure/nextcloud/_index.md

103 lines
5 KiB
Markdown
Raw Normal View History

Add Nextcloud documentation
2024-02-25 19:42:19 +01:00
---
title: 'Nextcloud'
date: 2024-02-25T13:48:03+01:00
draft: true
---
[Nextcloud](https://nextcloud.com/), written in PHP[^1] primarily serves as a
file sharing[^2] solution for me. Due to its extensible design it can also be a
communication hub and project management platform. If you'd like to host your
own Nextcloud take a look at [Nextcloud at home](https://nextcloud.com/athome/).
[^1]: [PHP website](https://www.php.net/) by The PHP Foundation
[^2]: [File sharing](https://en.wikipedia.org/wiki/File_sharing) in the
Wikipedia
{{< figure src="img/nextcloud-logo-blue.svg" alt="Nextcloud Logo" width="25%">}}
## Basic setup
For the initial installation and basic setup instructions I refer to the
[Nextcloud — UberLab 7 documentation](https://lab.uberspace.de/guide_nextcloud)
and the [installation and server configuration documentation](https://docs.nextcloud.com/server/latest/admin_manual/installation/index.html).
After installation I navigate to *Settings* > *Overview* (of the Administration
section below) and look for security warnings. You can also use your URL in the
[official security scan](https://scan.nextcloud.com/) to check your instance.
## Security options
For further hardening I recommend changing the [User password policy](https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_password_policy.html)
in the *Security settings* to enforce passwords with lower, uppercase, and
numeric characters. A best practice is to limit login attempts to 5 or less and
use [Two-factor authentication](https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/two_factor-auth.html).
Another optimization is to [disable preview image generation](https://docs.nextcloud.com/server/latest/admin_manual/installation/harden_server.html#disable-preview-image-generation)
as mentioned in the official hardening and security guidance. This is achieved
by adding `enable_previews = 'false'` to the `config.php` file. The safest way
is to use the [occ command](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html)
for this task:
```bash
php occ config:system:set enable_previews --value="false"
```
## Useful apps
### Audio player
When sharing music, I found that in place playback of audio files (no download)
can be enabled with [Audio Player](https://apps.nextcloud.com/apps/audioplayer).
Additionally, I use the [Metadata](https://apps.nextcloud.com/apps/metadata) app
to show file metadata (title, artist, album etc.) in the details sidebar.
### Bookmarks, Calendar, Contacts, and Notes
I synchronize my bookmarks, calendars, contacts, notes, and tasks across devices
using the following Nextcloud apps:
- [Bookmarks](https://apps.nextcloud.com/apps/bookmarks)
- [Calendar](https://apps.nextcloud.com/apps/calendar)
- [Contacts](https://apps.nextcloud.com/apps/contacts)
- [Markdown Editor](https://apps.nextcloud.com/apps/files_markdown)
- [Notes](https://apps.nextcloud.com/apps/notes)
- [Tasks](https://apps.nextcloud.com/apps/tasks)
For bookmarks synchronization I use [floccus](https://floccus.org/) as an addon
in the web browser and Android app. The calendar and contacts synchronization is
natively supported by [Thunderbird](https://www.thunderbird.net/) and the addon
[CardBook](https://addons.thunderbird.net/de/thunderbird/addon/cardbook/) can be
used to extend built-in CardDAV[^3] features. On Android I use [DAVx⁵](https://www.davx5.com/)
with the [Etar Calendar](https://github.com/Etar-Group/Etar-Calendar) app. To
access and synchronize notes and task on Android I use the official
[Notes](https://github.com/nextcloud/notes-android) app and [Tasks.org](https://tasks.org/).
[^3]: [CardDAV](https://en.wikipedia.org/wiki/CardDAV) in the Wikipedia
### Cookbook
One of my favorites is the [Cookbook](https://apps.nextcloud.com/apps/cookbook)
app. In tandem with the [Nextcloud Cookbook Mobile Client written in Flutter](https://github.com/Teifun2/nextcloud-cookbook-flutter)
managing and sharing cooking recipes is real fun.
### Talk
The [Talk](https://apps.nextcloud.com/apps/spreed) app offers video conferencing
within Nextcloud and is backed by [eturnal](../eturnal/) in my infrastructure to
support users in NAT[^4] environments.
[^4]: [Network address translation](https://en.wikipedia.org/wiki/Network_address_translation)
(NAT) in the Wikipedia
## Known issues
This section is about issues I came accross in relation to the interaction with
other services of my [infrastructure](../../) and documents **quick and dirty**
solutions rather than implementing secure and clean code.
### Code integrity check
If using [delegation](../matrix/synapse/#delegation), the code integrity check
introduced due to [code signing](https://docs.nextcloud.com/server/latest/admin_manual/issues/code_signing.html#code-signing-fix-warning-label)
complains about the extra file `.well-known/matrix/server` and an invalid hash
for `.htaccess`. As there is no option to exclude files by design and any code
alterations also affect the integrity check, there's currently no way to get rid
of that error message.
Reference in a new issue Copy permalink