Written in PHP, the self-hostable Nextcloud can serve as file-sharing solution, communication hub, and project management platform by it's extensible design. If you'd like to host your own Nextcloud take a look at the official site. I use it e.g. for collaboration and private file-sharing in a cloud-like fashion available at:

https://hea.ven.uber.space

Initial installation and basic setup instructions can be found in Installation and configuration chapter of Administration documentation and the Nextcloud — UberLab 7 documentation. After installation go to Settings > Overview (in the Administration section below) and look for security warnings. You may use the official security scan to check your installation, too.

For further hardening I recommend changing the password policy in the Security settings to enforce passwords with lower and uppercase as well as numeric characters. Also limit login attempts to 5 or less. If you need even more protection consider using Two-factor authentication.

Another optimization is to disable preview image generation, which is mentioned in the official Hardening and security guidance and can be achieved by adding the following parameter to config.php file:

enable_previews = 'false'

The safest way is to use the occ command for this task:

php occ config:system:set enable_previews --value="false"

When working with music projects, I found the Audio Player app to be essential for the playback of audio files in place (without download). Regarding file metadata (e.g. title, artist, album etc.), use Metadata to show that information in the details sidebar.

The Talk app offers video conferencing within Nextcloud and is supported by a STUN/TURN server, such as eturnal, to deal with users in NAT environments.

This section is about issues related to interaction with other services and tries to offer some quick and dirty solutions to keep it running rather than implementing secure and clean code.

If you're running Synapse and using delegation to enable Matrix IDs without subdomain part, the code integrity check complains about the extra file .well-known/matrix/server and invalid hash for .htaccess. As there is no option to exclude files by design and code alterations are also affecting the integrity check, there's currently no way to get rid of that error.

Category: Services