| Both sides previous revisionPrevious revision | |
| services:nextcloud [2022/09/30 13:31] – [Basic setup] Updated link to lab guide this.ven | services:nextcloud [2023/05/20 06:13] (current) – [Talk] Linked to eturnal this.ven |
|---|
| | ====== Nextcloud ====== |
| |
| | Written in [[wp>PHP|PHP]], the self-hostable [[https://nextcloud.com|Nextcloud]] can serve as file-sharing solution, communication hub, and project management platform by it's extensible design. If you'd like to host your own Nextcloud take a look at the [[https://nextcloud.com/athome/|official site]]. I use it e.g. for collaboration and private file-sharing in a cloud-like fashion available at: |
| | |
| | [[https://hea.ven.uber.space|{{https://hea.ven.uber.space/core/img/logo/logo.svg?128|https://hea.ven.uber.space}}]] [[https://hea.ven.uber.space|https://hea.ven.uber.space]] |
| | |
| | ===== Basic setup ===== |
| | |
| | Initial installation and basic setup instructions can be found in [[https://docs.nextcloud.com/server/latest/admin_manual/installation/index.html|Installation and configuration chapter of Administration documentation]] and the [[https://lab.uberspace.de/guide_nextcloud|Nextcloud — UberLab 7 documentation]]. After installation go to //Settings// > //Overview// (in the //Administration// section below) and look for security warnings. You may use the [[https://scan.nextcloud.com|official security scan]] to check your installation, too. |
| | |
| | ===== More security ===== |
| | |
| | For further hardening I recommend changing the [[https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_password_policy.html|password policy]] in the //Security// settings to enforce passwords with lower and uppercase as well as numeric characters. Also limit login attempts to 5 or less. If you need even more protection consider using [[https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/two_factor-auth.html|Two-factor authentication]]. |
| | |
| | Another optimization is to disable preview image generation, which is mentioned in the official [[https://docs.nextcloud.com/server/latest/admin_manual/installation/harden_server.html#disable-preview-image-generation|Hardening and security guidance]] and can be achieved by adding the following parameter to ''config.php'' file: |
| | |
| | <code php>enable_previews = 'false'</code> |
| | |
| | The safest way is to use the [[https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html|occ command]] for this task: |
| | |
| | <code bash>php occ config:system:set enable_previews --value="false"</code> |
| | |
| | ===== Useful apps ===== |
| | |
| | When working with music projects, I found the [[https://apps.nextcloud.com/apps/audioplayer|Audio Player]] app to be essential for the playback of audio files in place (without download). Regarding file metadata (e.g. title, artist, album etc.), use [[https://apps.nextcloud.com/apps/metadata|Metadata]] to show that information in the details sidebar. |
| | |
| | ==== Talk ==== |
| | |
| | The [[https://nextcloud.com/talk|Talk]] app offers video conferencing within Nextcloud and is supported by a STUN/TURN server, such as [[services/eturnal|eturnal]], to deal with users in [[wp>Network_address_translation|NAT]] environments. |
| | |
| | ===== Known issues ===== |
| | |
| | FIXME This section is about issues related to interaction with other [[..services|services]] and tries to offer some **quick and dirty** solutions to keep it running rather than implementing secure and clean code. |
| | |
| | ==== Code integrity check ==== |
| | |
| | If you're running [[services/matrix/synapse|Synapse]] and using [[services/matrix/synapse#delegation|delegation]] to enable Matrix IDs without subdomain part, the [[https://docs.nextcloud.com/server/latest/admin_manual/issues/code_signing.html#code-signing-fix-warning-label|code integrity check]] complains about the extra file ''.well-known/matrix/server'' and invalid hash for ''.htaccess''. As there is no option to exclude files by design and code alterations are also affecting the integrity check, there's currently no way to get rid of that error. |
| | |
| | {{tag>collaboration federation file-sharing project_management }} |
| | |
| | Category: [[./|Services]] |
