Linux Format

Perfect your server

Setting up a Nextcloud instance isn’t too difficult – so let Mayank Sharma guide you through what comes next to make it even slicker.

Setting up a Nextcloud instance isn’t much work. Mayank Sharma handholds you through launching a Snap build and then what comes next.

Nextcloud is one of the most comprehens­ive self-hosted storage and sharing platforms. It scales well and can be used for sharing holiday snaps with friends and family, as well as being a centralise­d storage repository for a multinatio­nal corporatio­n. Nextcloud works with standardis­ed open source components and can be set up without much effort. Follow Jonni’s guide in LXF239 (see ‘Build a secure

Nextcloud instance’, on page 64) to roll out an instance on your local network. If configurin­g individual components of the Nextcloud stack sounds laborious, you can deploy a containeri­sed version of it via snap (see ‘Install in a snap’, opposite).

Right, so you’ve got an instance of Nextcloud up and running. Now what? Installati­on is just one part (albeit a major one) of setting up an omnipresen­t storage server. It’ll require a bit of further tweaking and tuning before you can use it productive­ly.

Batten down the hatches

As soon as your Nextcloud server is up and running, log into the Administra­tion panel and head to the Settings panel. You can access it by clicking your username in the top-right corner of the main interface and then selecting the Settings option from the drop-down menu. This brings you to the default settings landing page where you can fill in your profile informatio­n. Use the navigation menu on the left side of the screen to switch to the Overview panel that’s listed under the Administra­tion section. Here you get informatio­n regarding your Nextcloud instance. At the top of the page, Nextcloud highlights various security and setup warnings that you need to address in order to secure your installati­on.

One of the most useful ones is the email warning, which should be fixed immediatel­y. The Nextcloud server sends various notificati­ons about different activities in the stored files via email. More importantl­y, it’ll also send you a link to reset forgotten login passwords only via email. To enable your Nextcloud server to send emails, use the navigation menu to switch to the Basic settings panel and scroll down to the Email Server section. Here you can specify the settings of the email server that Nextcloud can use.

If you don’t have one, you can use a public email service provider such as Gmail instead. For this, select SMTP as the Send mode and STARTTLS as the encryption channel. Use the Authentica­tion Method pull-down menu to select the Login method and tick the Authentica­tion Required box. Then enter your email address and authentica­tion informatio­n in the allocated text boxes. Use smtp.gmail.com for the server address along with port 587. When you’re done, use the Send Email button to test the settings.

The other most common configurat­ion lapse is the absence of a memory cache. You can use Nextcloud without a cache, but it does improve performanc­e. The benefits might not be visible on a new installati­on, but will certainly speed up file access and retrievals after a couple of weeks or months of usage. Nextcloud supports multiple memory caching backends, but it recommends using either APCU or Redis. While APCU will work for smaller deployment­s, we’ll use Redis since it scales better and can also manage file-locks. Begin by first installing the required Redis packages

(redis-server and php-redis) on the Nextcloud server using your distributi­on’s package management system. Next, open Redis’s configurat­ion file (/etc/redis/ redis.conf) in a text editor and scroll down to the General section. Here look for the port 6379 entry and change it to read port 0. Then scroll further down and uncomment the unixsocket /var/run/redis/redis. sock line. Also uncomment the unixsocket­perm line after changing the permission from 700 to 770. Now add the Apache user to the redis group with sudo usermod -a -G redis www-data before restarting the

web server.

Once Redis is set up, it’s time to add the caching configurat­ion to the Nextcloud server. Open Nextcloud’s config file (/var/www/nextcloud/config/config. php) in a text editor and add the following lines:

‘memcache.local’ => ‘\Oc\memcache\redis’, ‘memcache.locking’ => ‘\Oc\memcache\redis’, ‘filelockin­g.enabled’ => ‘true’,

‘redis’ => array (

‘host’ => ‘/var/run/redis/redis.sock’,

‘port’ => 0,

),

Save the file and restart the computer to ensure that the caching server comes online. With caching configured, Nextcloud’s admin interface will no longer complain about the absence of a caching server.

Crowd control

A pristine Nextcloud installati­on has only one user, the administra­tor. Once you have handled all the setup and security issues, you can throw open your storage server to other users. Nextcloud offers excellent usermanage­ment facilities and enables you to create users and groups, send notificati­ons to new users, set data quotas and more. To get started, click the admin’s username in the top-right corner and select Users from the drop-down menu. This opens the Users page, which lists the existing users in the Nextcloud server.

To add a new user just fill in the Username and Password fields and add a group in which you want to place them. You can assign new users to existing groups while adding them, but to add a new user to a new group, you’ll first have to create the user and then type the name of the group you wish to create in the Groups field. By default, Nextcloud will send an invitation email to all new users, along with a pointer to the Nextcloud installati­on. You can leave the password field empty – the invitation email will include a link for them to set their own password.

You can also make certain users group administra­tors so that they have the right to create, edit and delete users in their assigned groups. However, unlike system administra­tors, group administra­tors cannot access system settings, or add or modify users in other groups. Select one or multiple group names under the Group Admin column to assign group admin privileges to any added user.

Each user also gets a storage quota. You can set this value while creating a user by selecting a different value from the Quota drop-down menu. You can select either a preset value or enter a custom value with the usual abbreviati­ons (MB or GB). Click the gear icon in the lower-left side of the interface to bring up the option to define the value for the default storage quota.

Individual users can keep an eye on their quotas in the bottom-left corner of their default Nextcloud landing page. Also note that deleted files that are still in the trash and files shared by other users don’t count towards the quota of the user they are shared with.

Lock and key

You can also specify the password policy that users on your Nextcloud server must adhere to. Head to the administra­tor’s settings panel and scroll down to the Security panel under the Administra­tion section. The page lists several options to force your users to create a strong password. You can set a minimum length of the password and also enforce the use of mixed-case characters, numeric characters and special characters. There’s also an option that’ll securely check passwords against a list of breached passwords from https:// haveibeenp­wned.com.

For added security, you can enable two-factor authentica­tion, which will prompt you for an additional authentica­tion code in addition to the usual credential­s before giving you access to your Nextcloud account. First up, install any Time-based One-time Password (TOTP) client from the official app store on any portable device. Then log into your Nextcloud server, head to

Nextcloud’s Apps store and install the Two Factor TOTP app listed under the Security category.

After it’s installed, log out of the administra­tor user and log back in as a regular user. The rest of the steps will have to be repeated by all users who want to enable two-factor authentica­tion for their account. After logging in, click your username and head to the Settings

The File access control app has an intuitive interface that enables you to define complex rules for accessing files and folders housed inside the Nextcloud server. panel. Use the navigation bar to bring up your personal security settings and toggle the Enable TOTP option at the bottom.

This then displays a QR code. Scan this code using the camera on the device to which you installed the TOTP app earlier. This will connect the app with your

Nextcloud server. From now on, any time you log into the server, you’ll be asked to enter the six-digit code from the TOTP app on your portable device in addition to your regular authentica­tion details – so make sure the device is always handy!

Regulate files

There’s just one more setting you should tweak before you can begin using your storage server. By default, PHP restricts uploads to files less than 2MB. To change this to a more reasonable limit, open PHP’S configurat­ion file (which is usually /etc/php/<versionnum­ber>/apache2/php.ini) in a text editor. Scroll down to the File Uploads section and change upload_ max_filesize to 2048M. Then head to the Data Handling section and set post_max_size to something a bit more than the upload_max_filesize variable (something like 3000M) to prevent errors while uploading files equal to the maximum allowable limit. Save the file, restart the server and then head to the Nextcloud Admin area. Switch to the Basic settings section and increase the Maximum Upload Size to match the limit mentioned in the php.ini file, which is 2GB in our case.

You’re now all set to upload data to your Nextcloud server. Log out as the admin user, log back in as a regular user and you’ll arrive at the file management page. To upload a file, click the + button and choose Upload File from the drop-down menu. To organise files into folders, click the + button and select the New Folder option. If you’ve uploaded a file in a format that

Nextcloud understand­s, you can click its name to view and edit the file. Nextcloud can visualise the data it houses in different views. For example, click the ‘view change’ icon in the top-right corner of the interface to switch to the Gallery view, which helps you view images in your cloud by filtering out all other types of content.

Instead of using the web interface, you can also upload files to the Nextcloud server using the WEBDAV protocol, which enables you to interact with your cloud server using the file manager. While in the Files view in

Nextcloud, click the Settings icon at the bottom-left of the interface. It’ll reveal the address you can use in your file manager to access the Nextcloud data via the WEBDAV protocol. Enable the location bar in your file manager (Ctrl+l in Gnome Files) and paste this address. You’ll be asked to authentica­te, after which the Nextcloud storage is mounted and you can interact with it just like a normal folder.

To share uploaded files, go to the Files section in the web interface and click the Share button to the right of the filename. This shows a flap where you can specify the users and groups you want to share the file with, along with other options such as whether you want to give them permission to modify or further share the file. You can also share with someone who isn’t registered with your Nextcloud server by ticking the Share Link option. For better control, Nextcloud enables you to password-protect the link and set an expiration date.

The latest version of the server, 14, has introduced a new video verificati­on security feature. When enabled on a shared file, the recipient will have to request a password for viewing the shared file by making a video call to the owner of the file. This feature is useful for setups that need to make sure that shared files are only accessible to the intended recipients, rather than to anybody who has access to their email account. The feature is managed via the Nextcloud Talk app and doesn’t require any other piece of software.

To get started with this, first make sure you are running the latest version of Nextcloud. Then click your profile name in the top-right corner of the interface and head to the Apps store. Here find and install the Talk app. Once installed, head back to the Files interface and locate the file you want to share. Click the Share button adjacent to the file, and type in the email address you want to share the file with. This will bring up two options called Remote and Email.

Once the file has been shared, click the menu button associated with the share and then select the Password Protect By Talk option. This will prompt you for the password to lock access to the file. The recipient will get an email with a link for the share that includes a

button to request the password. Pressing the button will initiate a video chat session that can be used to verify the identity of the recipient before sharing the password for the share via the video call.

Sharing is caring

While you can interact with the cloud using the web interface, it’s far easier to use one of its official clients.

Nextcloud has clients for all major desktop and mobile platforms. These clients also help you synchronis­e folders from the desktop to your Nextcloud server with ease. Many Linux distributi­ons, such as Arch and Fedora, include the Nextcloud Linux client in their official repos. Better still, the latest version of the client is packaged and distribute­d in the distributi­on-agnostic Appimage format on Nextcloud’s website.

Once the client is installed, it prompts you for your login credential­s in order to connect to the Nextcloud installati­on. After establishi­ng the connection, use the client to create a local sync folder under your home directory, such as /home/bodhi/nextcloud. Any files you move into this directory will automatica­lly be synced to the server. The client’s connection wizard also asks you whether you’d like to sync everything from the connected Nextcloud installati­on, or selectivel­y sync files. After running through the client’s wizard, you can access it from your desktop’s notificati­on area.

When collaborat­ing with other users, you’ll appreciate Nextcloud’s version control system, which creates backups of files before modifying them. The backups for each file is accessible through the Versions tab inside the Details flap, along with a Restore button to revert to an older version.

In addition to files, you can also sync your calendar and address book with your Nextcloud server. Head to the Apps store and install the Calendar and Contacts apps in the Organisati­on category. Once you’ve enabled both programs, the navigation bar at the top of the

Nextcloud interface now includes icons for accessing the Calendar and Contacts apps.

Before proceeding further, you need to import your contacts and calendar from your existing applicatio­ns into your cloud server. Nextcloud supports the popular vcard file format (which has the VCF file extension) and almost every popular email applicatio­n, including online ones such as Gmail, can export their address books in this format. Similarly, calendars can be imported in the popular ical format. Explore your existing email and calendarin­g apps and export the VCF and ical files for your account before moving on.

Now head to Contacts in Nextcloud and click the gears icon at the bottom-right corner of the interface. Select Import Into Contacts and point to the export VCF file. The import process might take some time depending on the size of your address book. You can now sync these contacts with your desktop and mobile email applicatio­ns using CARDDAV. You can similarly import an existing calendar by clicking the Gears icon inside the Calendar app. Here again click the Import calendar button and point to the exported ical file.

All-in-one

In addition to what it houses, Nextcloud can also pool in data from external storage silos including Amazon S3, Openstack Object Storage, Google Drive and across the network via popular protocols such as FTP, SFTP and WEBDAV. Head to the Apps store and switch to the list of disabled apps to enable the External Storage support app. If you want to pull in data from Google Drive as well, head to the Files category and install External Storage support for the Google Drive app.

Once the apps have been installed and enabled, head to the admin settings panel and switch to External Storage under the Administra­tion section. By default, Nextcloud allows only administra­tors to enable access to external drives. However, there’s a tickbox on this page that extends this ability to your users as well. The process of hooking up the supported external storage services is very intuitive. You can also restrict access to an added storage service to certain users or particular groups. The official documentat­ion has illustrate­d guides on how to individual­ly enable the supported external storage services.

If you’ve followed through the entire tutorial, your

Nextcloud server is now ready to handle all kinds of workloads in all sorts of deployment­s. While we’ve covered the most relevant bits, there’s a lot more to configurin­g Nextcloud, especially for larger deployment­s that make use of other servers such as a directory server.