thisven/Website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
Website/content/docs/infrastructure/nextcloud/_index.md
this.ven af1ad1c9fb Remove draft status
2024-04-01 13:54:43 +02:00

5 KiB
Raw Blame History

title date
Nextcloud 2024-02-25T13:48:03+01:00

Nextcloud, written in PHP1 primarily serves as a file sharing2 solution for me. Due to its extensible design it can also be a communication hub and project management platform. If you'd like to host your own Nextcloud take a look at Nextcloud at home.

{{< figure src="img/nextcloud-logo-blue.svg" alt="Nextcloud Logo" width="25%">}}

Basic setup

For the initial installation and basic setup instructions I refer to the Nextcloud — UberLab 7 documentation and the installation and server configuration documentation. After installation I navigate to Settings > Overview (of the Administration section below) and look for security warnings. You can also use your URL in the official security scan to check your instance.

Security options

For further hardening I recommend changing the User password policy in the Security settings to enforce passwords with lower, uppercase, and numeric characters. A best practice is to limit login attempts to 5 or less and use Two-factor authentication.

Another optimization is to disable preview image generation as mentioned in the official hardening and security guidance. This is achieved by adding enable_previews = 'false' to the config.php file. The safest way is to use the occ command for this task:

php occ config:system:set enable_previews --value="false"

Useful apps

Audio player

When sharing music, I found that in place playback of audio files (no download) can be enabled with Audio Player. Additionally, I use the Metadata app to show file metadata (title, artist, album etc.) in the details sidebar.

Bookmarks, Calendar, Contacts, and Notes

I synchronize my bookmarks, calendars, contacts, notes, and tasks across devices using the following Nextcloud apps:

For bookmarks synchronization I use floccus as an addon in the web browser and Android app. The calendar and contacts synchronization is natively supported by Thunderbird and the addon CardBook can be used to extend built-in CardDAV3 features. On Android I use DAVx⁵ with the Etar Calendar app. To access and synchronize notes and task on Android I use the official Notes app and Tasks.org.

Cookbook

One of my favorites is the Cookbook app. In tandem with the Nextcloud Cookbook Mobile Client written in Flutter managing and sharing cooking recipes is real fun.

Talk

The Talk app offers video conferencing within Nextcloud and is backed by eturnal in my infrastructure to support users in NAT4 environments.

Known issues

This section is about issues I came accross in relation to the interaction with other services of my infrastructure and documents quick and dirty solutions rather than implementing secure and clean code.

Code integrity check

If using delegation, the code integrity check introduced due to code signing complains about the extra file .well-known/matrix/server and an invalid hash for .htaccess. As there is no option to exclude files by design and any code alterations also affect the integrity check, there's currently no way to get rid of that error message.

  1. PHP website by The PHP Foundation ↩︎

  2. File sharing in the Wikipedia ↩︎

  3. CardDAV in the Wikipedia ↩︎

  4. Network address translation (NAT) in the Wikipedia ↩︎