Nextcloud 13: How to Get Started and Why You Should

Nextcloud could be the first step toward replacing proprietary services like Dropbox and Skype.

In its simplest form, theNextcloud server is"just" a personal, free software alternative to services like Dropboxor iCloud. You can set it up so your files are always accessiblevia the internet, from wherever you are, and share them with yourfriends. However, Nextcloud can do so much more.

In this article, I first describe what the Nextcloud server is andhow to install and set it up on GNU/Linux systems. Then I explain how toconfigure the optional Nextcloud features, which may be the firststeps toward making Nextcloud the shell of a complete replacement formany proprietary platforms existing today, such as Dropbox, Facebook and Skype.

Figure 1. A safe home forall your data that all your devices can reach—that's what Nextcloudwants to be.

Nextcloud, whose version 13 was released in February 2018, was spun offthe popularownCloud project in 2016, out oflicensing and other disagreements.See the Resources section forsome of the most complete feature-by-feature comparisons betweenNextcloud and ownCloud.The mostbasic capabilities are still almost identical, two years after thefork. Some of the functions described here, however, are easier tointegrate in Nextcloud than in its ancestor. In addition,my personal reasons for recommending Nextcloud over ownCloud are the following:

• Licensing and pricing policies: all the official components of Nextcloudare both free as in freedom and as in free beer. You pay only for supportand update services. That's not the case with ownCloud.
• Long-term roadmap: at the moment, ownCloud seems to be more focusedon corporate customers and more relevant for investors, while Nextcloud seems to be morefocused onextending "direct" user-to-user communication and cooperation features.

Figure 2. The OriginalNextcloud/ownCloud Functions: File and Picture Storage, Dropbox-Style

Several good reasons to choose Nextcloud as the online home for your ownfiles and data are related to security. I don't cover them in detailin this introductory article, but I want to mention at least some of them.

Nextcloud refuses continuous (that is, malicious) attemptsto authenticate from any computer, except those whose IP addresses areincluded in "brute-force IP whitelists". (Of course, the best possiblewhitelist you can configure is an empty one.)

Content Security Policy (CSP), instead, is the way a Nextcloudserver may, for example, tell a browser "if you found this script in,or linked from, a page from me, donot trust it. It must have beeninjected there by some attacker!"

SAML (Security Assertion Markup Language) is an XML-based open standardfor secure, single sign-on (SSO) to web-based applications acrossdifferent, independent servers. Nextcloud 13 supports SSO with SAMLnatively through a dedicated app. If you log in to your own Nextcloud,you then can use any service, on any other SAML-enabled website forwhich you have access rights, without entering any more credentials.

Figure 3. Configuring SAML forsecure single-sign-on is a delicate process, but the Nextcloud interfacemakes it simple with plenty of instructions.

In order to install Nextcloud, you need basic Linux administration skills,familiarity with the command line and some patience. Software-wise,the Nextcloud server is a PHP application that needs a LAMP (Linux,Apache, MySQL, PHP) or similar software stack to work. You can installit on almost any box permanently connected to the internet, from baremetal in a server farm to ordinary web-hosting accounts, or even home-basedminicomputers like the Raspberry Pi.

Nextcloud 13 can run in different environments, from shared hostingaccounts to servers using nginx instead of Apache or as an Ubuntu snappackage. The configuration officially recommended (quoting the website)"for the best compatibility, especially if you plan to use lots ofplugins", is Apache 2.4 or later, and a MySQL or MariaDB database. Thisis why I'm describing command-line installation of Nextcloud 13 serveron a computer running Ubuntu 16.04 LTS, PHP 7, Apache2 and a MariaDB10.0 database.

The procedure is relatively lengthy to explain, but it's worth it. Nextcloudhas many more features and options than what I describe here,and you can use it to store some of your most sensitive documents anddata. Therefore, I strongly suggest that before actually exposing it onthe internet, be sure to play with it locally on your home Linux box as muchas you can, even if it means re-installing it from scratch several times.

And, there's only one way to do all that testing efficiently: aninstallation method that can be entirely automated with a shell script.

First, getall the necessary software, because Nextcloud13 depends on several packages. In the case of Ubuntu 16.04, the onesyou must install withapt-get are these:

sudo apt-get install apache2 mariadb-server ↪libapache2-mod-php7.0sudo apt-get install php7.0-gd php7.0-json php7.0-mysql ↪php7.0-curl php7.0-mbstringsudo apt-get install php7.0-intl php7.0-mcrypt php-imagick ↪php7.0-xml php7.0-zip

(Don't worry if some of those packages are already installed on your system,apt-getwill just skip to the next one.)

After that, download the Nextcloud tarball from the website, unpackit, and copy it into its own folder under the Web server document root,which, in this example, is /var/www/html/:

tar -xjf nextcloud-13.0.0.tar.bz2sudo cp -r nextcloud /var/www/html/

On Ubuntu 16.04 (and, likely, on most Ubuntu derivatives), the command-lineinstallation of Nextcloud won't work unless there already isa MariaDB account that is not root, but does have all the privilegesneeded to create new users and databases. Here's how to create such anaccount, if needed, with name dbadmin and password dbadminpw (note that mdb is myown MariaDB prompt, not the default one):

sudo mysql -u rootmdb>use mysql;mdb>CREATE USER 'dbadmin'@'localhost' IDENTIFIED BY 'dbadminpw';mdb>GRANT ALL PRIVILEGES ON *.* TO 'dbadmin'@'localhost' ↪WITH GRANT OPTION;mdb>FLUSH PRIVILEGES;mdb>exit;

Apache, on the other hand, needs a dedicated configuration file, which on Ubuntu16.04 is /etc/apache2/sites-available/nextcloud.conf, to handleNextcloud properly. If your server is example.com, and you want yourNextcloud available at example.com/nextcloud, that file should looklike this:

##########################################################Alias /nextcloud "/var/www/html/nextcloud/"# the following two directives are needed for picoCMSProxyPass /nextcloud/sites/ http://localhost/nextcloud/↪index.php/apps/cms_pico/pico/ProxyPassReverse /nextcloud/sites/ http://localhost/nextcloud/↪index.php/apps/cms_pico/pico/<Directory /var/www/html/nextcloud/>  Options +FollowSymlinks  AllowOverride All <IfModule mod_dav.c>  Dav off </IfModule> SetEnv HOME /var/www/html/nextcloud SetEnv HTTP_HOME /var/www/html/nextcloud</Directory>##########################################################

Once that file is ready, type the following commands at the prompt to enablethe modules that Apache also needs to handle Nextcloud:

sudo a2enmod rewritesudo a2enmod headerssudo a2enmod envsudo a2enmod dirsudo a2enmod mimesudo a2enmod proxy_http

Finally, here are the commands to type to make the Apache user own theNextcloud files, enable the configuration files shown above and, finally,restart Apache:

sudo chown -R www-data:www-data /var/www/html/nextcloud/sudo ln -s /etc/apache2/sites-available/nextcloud.conf ↪/etc/apache2/sites-enabled/nextcloud.confsudo service apache2 restart

Once the Web and database servers are ready and the Nextcloud files arein place, the actual Nextcloud installation may happen entirely bypointing your browser (in the "local testing" phase I already recommended,at least) at http://localhost/nextcloud. As promised, however, I'mgoing to show you how to continue on the command line.

This is possible thanks to a PHP tool calledocc (from "ownCloudconsole") distributed with Nextcloud. To useocc, move to the nextcloudbase directory, and then, using the Apache server account (www-data, inthis example) to preserve the right permissions on files and folders,run it as follows:

cd /var/www/html/nextcloud/sudo -u www-data php occ maintenance:install --database "mysql" ↪--database-name "mynextcloud"  --database-user "dbadmin" ↪--database-pass "dbadminpw" --admin-user "nextcloudadmin" ↪--admin-pass "nextcloudadminpw"

If everything goes well,occ will exit with a "Nextcloud was successfullyinstalled" message. At that point, you'll finally be able to login to Nextcloud at http://localhost/nextcloud with the admin account("nextcloudadmin") and password "nextcloudadminpw".

Usingocc, you also can create users or enablepreviously downloaded Nextcloud apps, among other things. Theocc equivalent of the GUIprocedure for creating a user named marco in themycloudusers group, with display name "Marco F", is:

sudo -u www-data php occ user:add --display-name="Marco F" ↪--group="mycloudusers" marco

Nextcloud 13 has a tab, shown in Figure 4, that gives the administratora first, quick idea of how loaded it is. In order to avoid performancebottlenecks, the easiest solution seems to be the memory cache called OPcache. Toenable it, follow the instructions in the Nextcloud Administration/BasicSettings tab. You also can install the Redis database for local cachingand file locking. (For details, see"Tuning Nextcloud for OptimalPerformance".)

Figure 4. The Nextcloud13 Real-Time CPU and Memory Load Monitors

If Nextcloud were only a personal alternative to file-hosting serviceslike Dropbox, it wouldn't be such a big deal. Its real power, however,is in the many extensions, or "apps", that provide many additionalfunctions, often through extra buttons in Nextcloud's top bar. Figure5 shows only a partial idea of how diverse the apps can be.

Figure 5. Work, entertainment,administration, sharing—Nextcloud apps can do a lot.

To use an app not shown in the administration interface, downloadand unpack it in the apps subfolder of your Nextcloud installation,then make the Apache user owner of its files. After that, you just need toenable the app, withocc or in the Nextcloud interface.

In the Nextcloud interface, you also can enable bundles ofapps with one click or limit access to most apps to selected groupsof users. The app bundles in Nextcloud 13 are Enterprise, Groupware,Social sharing and an "Education Edition".

Even if you need it only to host your files online, Nextcloud cando much more than provide a container for keeping those files.To begin with, all users of a Nextcloud server can share singlefiles, or whole folders, with whomever they want by giving them a link,with or without an associated password. At the same time, a Nextcloudadministrator easily can prevent single apps from sharing files and data,or it can allow file sharing only inside a group of users.

Figure 6. A detail of howyou can share files and folders from your Nextcloud with any other userof other Nextcloud instances.

The really interesting thing, however, is "federation". This nameindicates the capability to connect totally independent installationsof this server in one, seamless "cloud of Nextclouds". It is thanks tofederation that, for example, all your relatives living in differentstates can see, each as a local folder of their own Nextcloud server,the same gallery of photographs that you host inside yours—even ifthat folder is not public and none of them has a user account onyour server. Another common usage of federation is merging the userprofiles of several servers in one common address book. This lets allthose users find each other more easily, with their Nextcloud interfaceauto-completing the names of the other users when they start typing them.

Nextcloud's federation-related features are accessible from the"Sharing" tab of the administration panel. From there,with a few clicks, you can define if and how users can share their owncontent with other Nextcloud servers, see the folders in those sameservers or access a "global address book".

Figure 7. Nextcloudrecognizes and auto-completes the addresses of all its users andthose of any other federated Nextclouds.

That sharing of user directories can happen only with the servers that youdeclare "trusted" in the same tab. Synchronization of the local addressbook with those of the trusted servers happens with thisocc commandthat you can put inside a cron job:

sudo -u www-data php occ federation:sync-addressbooks

Figure 8. Scheduling appointmentsand inviting your fellow Nextcloud users? No problem.

What's the next step after easily sharing pictures with distant familymembers or documents with colleagues? Discussing them in an easy-to-use,privacy-friendly environment, of course.

Figure 9. Video calls with integratedchats look really promising in Nextcloud 13.

Integration of the Calendar and users profiles of Nextcloud makesscheduling online meetings with them a snap. When the time comes, theNextcloud Talk app lets you chat, make audio or video calls and shareyour screen, without installing any software (except, of course, amodern browser, or the Nextcloud Android or iOS apps, on one's desktopor smartphone).

Both chats and calls are peer-to-peer and end-to-end encrypted, withoutembedded advertising, or any central organization logging everything. Oh,and users get instant notifications, in their browsers or in the mobileapps, whenever other users want to talk with them, or have commented onsome file they shared.

Now do you see why I say that Nextcloud, and its federation, may bethe first step toward replacing proprietary platforms, fromDropbox to Skype?

Online self-publishing for the masses, via blogs or social networks,is one of the greatest features (and sometimes problems, of course)of the current, still open web. The Nextcloud 13 server provides an easy,if basic way to do this by integratingpicoCMS, the pico ContentManagement System.

picoCMS creates websites by rendering as HTML, with menus and all, allthe Markdown plain-text files (with .md extension) that it finds insidesome predefined folder. In Nextcloud, the best tool to edit .md filesis the Markdown Editor app, so enable it if you decide to use picoCMS.

Figure 10. The Nextcloud Markdowneditor, with its optional live preview of what you type.

Nextcloud users can independently define, in the picoCMS tab ofthe "Settings" interface, both the folder that contains the sourcefiles and the name of the website. Running on your own computer,the Apache configuration shown here would make Nextcloud servethe home page of a picoCMS website called "ljdemo" at the URLhttp://localhost/nextcloud/sites/ljdemo/.

To let all the users of your Nextcloud create inside it all thepicoCMS websites they want,download the compressedarchive of the app, and unpack it on the computerrunning Nextcloud. Then move the resulting folder (cms_pico) inside theapps subfolder of Nextcloud, change its permission, and enable it withthese three commands:

sudo mv -i cms_pico              /var/www/html/nextcloud/apps/sudo chown -R www-data:www-data  /var/www/html/nextcloud/apps/cms_picosudo -u www-data php occ app:enable cms_picocms_pico enabled

(Of course, you even can put these commands into a script to makere-installations quicker!)

The next step is to tell the Apache Webserver how to cooperate with picoCMS. The meaning of the two "ProxyPass"directives in the nextcloud.conf file already shown is this:"whenever a browser asks for an URL in the /nextcloud/sites/ subfolder,pass that URL to picoCMS, and then pass to the browser whatever you getin return".

Note that those ProxyPass settings make picoCMS publishas websites only what it finds in certain folders of Nextcloud. They do notgenerate clean, short URLs for all the pages of those websites. To getthat, you must adapt theMOD_REWRITE suggestions contained in theAdministration→picoCMS tab of the Nextcloud panel to your specificApache configuration.

Once it's up and running, publishing a web page in a Nextcloud/picoCMSenvironment is surely not as simple as it would be with systems likeWordPress.

For example, the only way to add new Markdown files in any Nextcloudfolder, except uploading them from your desktop, seems to be to copy andrename an already existing one. To insert a figure in a post, instead,you must separately upload it in the asset" subfolder, and then pointto it in the Markdown source, as shown below.

If these annoyances are not an issue for you, you may reallylike the Nextcloud/picoCMS flow. The Markdown editor and itsintegrated preview work great, and whatever you write instantlygoes online. As a practical example, here'sthe source code, preview and rendering, at the local addresshttp://localhost/nextcloud/sites/ljdemo/testing/ of this index.md fileplaced in the Nextcloud folder ljdemo/content/testing/:

#############################################################Hello!## This is a first test of Nextcloud/picoCMS integration* Let's write a file with .md extension* just to check what happens when we load it with a browserWe can also embed images previously uploaded in the "assets" subfolder:![Image Title](%base_url%/assets/logo-lj.jpg)############################################################

Figure 11. This is what the firstpage of your Nextcloud/picoCMS website may look like.

Nextcloud seems to be a great platform for integrating online services ofall kinds. In this article, I explained how to set it up and tried toprovide an idea of its flexibility, but there is much more you coulddo with it. In future articles, I plan to coverhow to integrate with Nextcloud email, secure browsing with Let's Encryptand collaborative editing with Etherpad. Stay tuned!

• NextcloudSource Installation Manual
• Official Nextcloud AppsDirectory
• UsingNextcloud's Command Line
• PicoCMSInstallation and Configuration Instructions
• Tuning Nextcloudfor Optimal Performances
• The Nextcloud "Compare CloudTechnologies" Page
• ownCloudvs. Nextcloud: comparing cloud storage services (February 2018)
• Nextcloud vsownCloud—the Whole Story (February 2018)

Marco Fioretti is a freesoftware user and author since 1995, board member of theFree KnowledgeInstituteand author of thePercloud proposalfor a truly usable alternative to Facebook,Gmail and similar services.