Perfect your server
Setting up a Nextcloud instance isn’t too difficult – so let Mayank Sharma guide you through what comes next to make it even slicker.
Setting up a Nextcloud instance isn’t much work. Mayank Sharma handholds you through launching a Snap build and then what comes next.
Nextcloud is one of the most comprehensive self-hosted storage and sharing platforms. It scales well and can be used for sharing holiday snaps with friends and family, as well as being a centralised storage repository for a multinational corporation. Nextcloud works with standardised open source components and can be set up without much effort. Follow Jonni’s guide in LXF239 (see ‘Build a secure
Nextcloud instance’, on page 64) to roll out an instance on your local network. If configuring individual components of the Nextcloud stack sounds laborious, you can deploy a containerised version of it via snap (see ‘Install in a snap’, opposite).
Right, so you’ve got an instance of Nextcloud up and running. Now what? Installation is just one part (albeit a major one) of setting up an omnipresent storage server. It’ll require a bit of further tweaking and tuning before you can use it productively.
Batten down the hatches
As soon as your Nextcloud server is up and running, log into the Administration panel and head to the Settings panel. You can access it by clicking your username in the top-right corner of the main interface and then selecting the Settings option from the drop-down menu. This brings you to the default settings landing page where you can fill in your profile information. Use the navigation menu on the left side of the screen to switch to the Overview panel that’s listed under the Administration section. Here you get information regarding your Nextcloud instance. At the top of the page, Nextcloud highlights various security and setup warnings that you need to address in order to secure your installation.
One of the most useful ones is the email warning, which should be fixed immediately. The Nextcloud server sends various notifications about different activities in the stored files via email. More importantly, it’ll also send you a link to reset forgotten login passwords only via email. To enable your Nextcloud server to send emails, use the navigation menu to switch to the Basic settings panel and scroll down to the Email Server section. Here you can specify the settings of the email server that Nextcloud can use.
If you don’t have one, you can use a public email service provider such as Gmail instead. For this, select SMTP as the Send mode and STARTTLS as the encryption channel. Use the Authentication Method pull-down menu to select the Login method and tick the Authentication Required box. Then enter your email address and authentication information in the allocated text boxes. Use smtp.gmail.com for the server address along with port 587. When you’re done, use the Send Email button to test the settings.
The other most common configuration lapse is the absence of a memory cache. You can use Nextcloud without a cache, but it does improve performance. The benefits might not be visible on a new installation, but will certainly speed up file access and retrievals after a couple of weeks or months of usage. Nextcloud supports multiple memory caching backends, but it recommends using either APCU or Redis. While APCU will work for smaller deployments, we’ll use Redis since it scales better and can also manage file-locks. Begin by first installing the required Redis packages
(redis-server and php-redis) on the Nextcloud server using your distribution’s package management system. Next, open Redis’s configuration file (/etc/redis/ redis.conf) in a text editor and scroll down to the General section. Here look for the port 6379 entry and change it to read port 0. Then scroll further down and uncomment the unixsocket /var/run/redis/redis. sock line. Also uncomment the unixsocketperm line after changing the permission from 700 to 770. Now add the Apache user to the redis group with sudo usermod -a -G redis www-data before restarting the
web server.
Once Redis is set up, it’s time to add the caching configuration to the Nextcloud server. Open Nextcloud’s config file (/var/www/nextcloud/config/config. php) in a text editor and add the following lines:
‘memcache.local’ => ‘\Oc\memcache\redis’, ‘memcache.locking’ => ‘\Oc\memcache\redis’, ‘filelocking.enabled’ => ‘true’,
‘redis’ => array (
‘host’ => ‘/var/run/redis/redis.sock’,
‘port’ => 0,
),
Save the file and restart the computer to ensure that the caching server comes online. With caching configured, Nextcloud’s admin interface will no longer complain about the absence of a caching server.
Crowd control
A pristine Nextcloud installation has only one user, the administrator. Once you have handled all the setup and security issues, you can throw open your storage server to other users. Nextcloud offers excellent usermanagement facilities and enables you to create users and groups, send notifications to new users, set data quotas and more. To get started, click the admin’s username in the top-right corner and select Users from the drop-down menu. This opens the Users page, which lists the existing users in the Nextcloud server.
To add a new user just fill in the Username and Password fields and add a group in which you want to place them. You can assign new users to existing groups while adding them, but to add a new user to a new group, you’ll first have to create the user and then type the name of the group you wish to create in the Groups field. By default, Nextcloud will send an invitation email to all new users, along with a pointer to the Nextcloud installation. You can leave the password field empty – the invitation email will include a link for them to set their own password.
You can also make certain users group administrators so that they have the right to create, edit and delete users in their assigned groups. However, unlike system administrators, group administrators cannot access system settings, or add or modify users in other groups. Select one or multiple group names under the Group Admin column to assign group admin privileges to any added user.
Each user also gets a storage quota. You can set this value while creating a user by selecting a different value from the Quota drop-down menu. You can select either a preset value or enter a custom value with the usual abbreviations (MB or GB). Click the gear icon in the lower-left side of the interface to bring up the option to define the value for the default storage quota.
Individual users can keep an eye on their quotas in the bottom-left corner of their default Nextcloud landing page. Also note that deleted files that are still in the trash and files shared by other users don’t count towards the quota of the user they are shared with.
Lock and key
You can also specify the password policy that users on your Nextcloud server must adhere to. Head to the administrator’s settings panel and scroll down to the Security panel under the Administration section. The page lists several options to force your users to create a strong password. You can set a minimum length of the password and also enforce the use of mixed-case characters, numeric characters and special characters. There’s also an option that’ll securely check passwords against a list of breached passwords from https:// haveibeenpwned.com.
For added security, you can enable two-factor authentication, which will prompt you for an additional authentication code in addition to the usual credentials before giving you access to your Nextcloud account. First up, install any Time-based One-time Password (TOTP) client from the official app store on any portable device. Then log into your Nextcloud server, head to
Nextcloud’s Apps store and install the Two Factor TOTP app listed under the Security category.
After it’s installed, log out of the administrator user and log back in as a regular user. The rest of the steps will have to be repeated by all users who want to enable two-factor authentication for their account. After logging in, click your username and head to the Settings
The File access control app has an intuitive interface that enables you to define complex rules for accessing files and folders housed inside the Nextcloud server. panel. Use the navigation bar to bring up your personal security settings and toggle the Enable TOTP option at the bottom.
This then displays a QR code. Scan this code using the camera on the device to which you installed the TOTP app earlier. This will connect the app with your
Nextcloud server. From now on, any time you log into the server, you’ll be asked to enter the six-digit code from the TOTP app on your portable device in addition to your regular authentication details – so make sure the device is always handy!
Regulate files
There’s just one more setting you should tweak before you can begin using your storage server. By default, PHP restricts uploads to files less than 2MB. To change this to a more reasonable limit, open PHP’S configuration file (which is usually /etc/php/<versionnumber>/apache2/php.ini) in a text editor. Scroll down to the File Uploads section and change upload_ max_filesize to 2048M. Then head to the Data Handling section and set post_max_size to something a bit more than the upload_max_filesize variable (something like 3000M) to prevent errors while uploading files equal to the maximum allowable limit. Save the file, restart the server and then head to the Nextcloud Admin area. Switch to the Basic settings section and increase the Maximum Upload Size to match the limit mentioned in the php.ini file, which is 2GB in our case.
You’re now all set to upload data to your Nextcloud server. Log out as the admin user, log back in as a regular user and you’ll arrive at the file management page. To upload a file, click the + button and choose Upload File from the drop-down menu. To organise files into folders, click the + button and select the New Folder option. If you’ve uploaded a file in a format that
Nextcloud understands, you can click its name to view and edit the file. Nextcloud can visualise the data it houses in different views. For example, click the ‘view change’ icon in the top-right corner of the interface to switch to the Gallery view, which helps you view images in your cloud by filtering out all other types of content.
Instead of using the web interface, you can also upload files to the Nextcloud server using the WEBDAV protocol, which enables you to interact with your cloud server using the file manager. While in the Files view in
Nextcloud, click the Settings icon at the bottom-left of the interface. It’ll reveal the address you can use in your file manager to access the Nextcloud data via the WEBDAV protocol. Enable the location bar in your file manager (Ctrl+l in Gnome Files) and paste this address. You’ll be asked to authenticate, after which the Nextcloud storage is mounted and you can interact with it just like a normal folder.
To share uploaded files, go to the Files section in the web interface and click the Share button to the right of the filename. This shows a flap where you can specify the users and groups you want to share the file with, along with other options such as whether you want to give them permission to modify or further share the file. You can also share with someone who isn’t registered with your Nextcloud server by ticking the Share Link option. For better control, Nextcloud enables you to password-protect the link and set an expiration date.
The latest version of the server, 14, has introduced a new video verification security feature. When enabled on a shared file, the recipient will have to request a password for viewing the shared file by making a video call to the owner of the file. This feature is useful for setups that need to make sure that shared files are only accessible to the intended recipients, rather than to anybody who has access to their email account. The feature is managed via the Nextcloud Talk app and doesn’t require any other piece of software.
To get started with this, first make sure you are running the latest version of Nextcloud. Then click your profile name in the top-right corner of the interface and head to the Apps store. Here find and install the Talk app. Once installed, head back to the Files interface and locate the file you want to share. Click the Share button adjacent to the file, and type in the email address you want to share the file with. This will bring up two options called Remote and Email.
Once the file has been shared, click the menu button associated with the share and then select the Password Protect By Talk option. This will prompt you for the password to lock access to the file. The recipient will get an email with a link for the share that includes a
button to request the password. Pressing the button will initiate a video chat session that can be used to verify the identity of the recipient before sharing the password for the share via the video call.
Sharing is caring
While you can interact with the cloud using the web interface, it’s far easier to use one of its official clients.
Nextcloud has clients for all major desktop and mobile platforms. These clients also help you synchronise folders from the desktop to your Nextcloud server with ease. Many Linux distributions, such as Arch and Fedora, include the Nextcloud Linux client in their official repos. Better still, the latest version of the client is packaged and distributed in the distribution-agnostic Appimage format on Nextcloud’s website.
Once the client is installed, it prompts you for your login credentials in order to connect to the Nextcloud installation. After establishing the connection, use the client to create a local sync folder under your home directory, such as /home/bodhi/nextcloud. Any files you move into this directory will automatically be synced to the server. The client’s connection wizard also asks you whether you’d like to sync everything from the connected Nextcloud installation, or selectively sync files. After running through the client’s wizard, you can access it from your desktop’s notification area.
When collaborating with other users, you’ll appreciate Nextcloud’s version control system, which creates backups of files before modifying them. The backups for each file is accessible through the Versions tab inside the Details flap, along with a Restore button to revert to an older version.
In addition to files, you can also sync your calendar and address book with your Nextcloud server. Head to the Apps store and install the Calendar and Contacts apps in the Organisation category. Once you’ve enabled both programs, the navigation bar at the top of the
Nextcloud interface now includes icons for accessing the Calendar and Contacts apps.
Before proceeding further, you need to import your contacts and calendar from your existing applications into your cloud server. Nextcloud supports the popular vcard file format (which has the VCF file extension) and almost every popular email application, including online ones such as Gmail, can export their address books in this format. Similarly, calendars can be imported in the popular ical format. Explore your existing email and calendaring apps and export the VCF and ical files for your account before moving on.
Now head to Contacts in Nextcloud and click the gears icon at the bottom-right corner of the interface. Select Import Into Contacts and point to the export VCF file. The import process might take some time depending on the size of your address book. You can now sync these contacts with your desktop and mobile email applications using CARDDAV. You can similarly import an existing calendar by clicking the Gears icon inside the Calendar app. Here again click the Import calendar button and point to the exported ical file.
All-in-one
In addition to what it houses, Nextcloud can also pool in data from external storage silos including Amazon S3, Openstack Object Storage, Google Drive and across the network via popular protocols such as FTP, SFTP and WEBDAV. Head to the Apps store and switch to the list of disabled apps to enable the External Storage support app. If you want to pull in data from Google Drive as well, head to the Files category and install External Storage support for the Google Drive app.
Once the apps have been installed and enabled, head to the admin settings panel and switch to External Storage under the Administration section. By default, Nextcloud allows only administrators to enable access to external drives. However, there’s a tickbox on this page that extends this ability to your users as well. The process of hooking up the supported external storage services is very intuitive. You can also restrict access to an added storage service to certain users or particular groups. The official documentation has illustrated guides on how to individually enable the supported external storage services.
If you’ve followed through the entire tutorial, your
Nextcloud server is now ready to handle all kinds of workloads in all sorts of deployments. While we’ve covered the most relevant bits, there’s a lot more to configuring Nextcloud, especially for larger deployments that make use of other servers such as a directory server.