--- title: 'Nextcloud' date: 2024-02-25T13:48:03+01:00 weight: 6 --- [Nextcloud](https://nextcloud.com/), written in PHP[^1] primarily serves as a file sharing[^2] solution for me. Due to its extensible design it can also be a communication hub and project management platform. If you'd like to host your own Nextcloud take a look at [Nextcloud at home](https://nextcloud.com/athome/). {{< figure src="img/nextcloud-logo-blue.svg" alt="Nextcloud Logo" width="25%">}} ## Basic setup For the initial installation and basic setup instructions I refer to the [Nextcloud — UberLab 7 documentation](https://lab.uberspace.de/guide_nextcloud) and the [installation and server configuration documentation](https://docs.nextcloud.com/server/latest/admin_manual/installation/index.html). After installation I navigate to *Settings* > *Overview* (of the Administration section below) and look for security warnings. You can also use your URL in the [official security scan](https://scan.nextcloud.com/) to check your instance. ## Security options For further hardening I recommend changing the [User password policy](https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_password_policy.html) in the *Security settings* to enforce passwords with lower, uppercase, and numeric characters. A best practice is to limit login attempts to 5 or less and use [Two-factor authentication](https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/two_factor-auth.html). Another optimization is to [disable preview image generation](https://docs.nextcloud.com/server/latest/admin_manual/installation/harden_server.html#disable-preview-image-generation) as mentioned in the official hardening and security guidance. This is achieved by adding `enable_previews = 'false'` to the `config.php` file. The safest way is to use the [occ command](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html) for this task: ```bash php occ config:system:set enable_previews --value="false" ``` ## Useful apps ### Audio player When sharing music, I found that in place playback of audio files (no download) can be enabled with [Audio Player](https://apps.nextcloud.com/apps/audioplayer). Additionally, I use the [Metadata](https://apps.nextcloud.com/apps/metadata) app to show file metadata (title, artist, album etc.) in the details sidebar. ### Bookmarks, Calendar, Contacts, and Notes I synchronize my bookmarks, calendars, contacts, notes, and tasks across devices using the following Nextcloud apps: - [Bookmarks](https://apps.nextcloud.com/apps/bookmarks) - [Calendar](https://apps.nextcloud.com/apps/calendar) - [Contacts](https://apps.nextcloud.com/apps/contacts) - [Markdown Editor](https://apps.nextcloud.com/apps/files_markdown) - [Notes](https://apps.nextcloud.com/apps/notes) - [Tasks](https://apps.nextcloud.com/apps/tasks) For bookmarks synchronization I use [floccus](https://floccus.org/) as an addon in the web browser and Android app. The calendar and contacts synchronization is natively supported by [Thunderbird](https://www.thunderbird.net/) and the addon [CardBook](https://addons.thunderbird.net/de/thunderbird/addon/cardbook/) can be used to extend built-in CardDAV[^3] features. On Android I use [DAVx⁵](https://www.davx5.com/) with the [Etar Calendar](https://github.com/Etar-Group/Etar-Calendar) app. To access and synchronize notes and task on Android I use the official [Notes](https://github.com/nextcloud/notes-android) app and [Tasks.org](https://tasks.org/). ### Cookbook One of my favorites is the [Cookbook](https://apps.nextcloud.com/apps/cookbook) app. In tandem with the [Nextcloud Cookbook Mobile Client written in Flutter](https://github.com/Teifun2/nextcloud-cookbook-flutter) managing and sharing cooking recipes is real fun. ### Talk The [Talk](https://apps.nextcloud.com/apps/spreed) app offers video conferencing within Nextcloud and is backed by [eturnal](../eturnal/) in my infrastructure to support users in NAT[^4] environments. ## Known issues This section is about issues I came accross in relation to the interaction with other services of my [infrastructure](../../) and documents **quick and dirty** solutions rather than implementing secure and clean code. ### Code integrity check If using [delegation](../matrix/synapse/#delegation), the code integrity check introduced due to [code signing](https://docs.nextcloud.com/server/latest/admin_manual/issues/code_signing.html#code-signing-fix-warning-label) complains about the extra file `.well-known/matrix/server` and an invalid hash for `.htaccess`. As there is no option to exclude files by design and any code alterations also affect the integrity check, there's currently no way to get rid of that error message. [^1]: [PHP website](https://www.php.net/) by The PHP Foundation [^2]: [File sharing](https://en.wikipedia.org/wiki/File_sharing) in the Wikipedia [^3]: [CardDAV](https://en.wikipedia.org/wiki/CardDAV) in the Wikipedia [^4]: [Network address translation](https://en.wikipedia.org/wiki/Network_address_translation) (NAT) in the Wikipedia