Hacker News new | past | comments | ask | show | jobs | submit login
Setting up your own Nextcloud instance to get off of Google (kiramclean.com)
283 points by kmclean on Dec 19, 2020 | hide | past | favorite | 172 comments



I had a few instances of OwnCloud and various NAS setups over the years. Then I had a kid and dumped everything into iCloud when I realized I’d no longer have time to keep it all secure/patched. Time cost of these setups is real.


I have a lot of self-hosted services, including Nextcloud, and by far the majority of my time spent on the infrastructure is messing around with new stuff and changing things for fun. Actual maintenance time is nearly 0.


That's really reassuring to hear! I'm planning to stick with this for a year or two to see what pain it actually causes me, but I could definitely see maintenance headaches being thing to motivate a switch to something else. Hopefully I have the same experience as you, though!


To be fair... I think the learning curve causes higher maintenance time cost at the beginning. But eventually you get stable infrastructure as code set up with good log monitoring and backups and you really don't have to think about it anymore. Any problems and you'll get an alert.


The infrastructure might be stable now, but could break with an update.


Very true. Which is why I don't do automatic updates except for security updates. 99/100 times, though, if I update a docker container the new one works just fine.


Yeah I'm a little worried about the maintenance burden, tbh. I'm not actually a linux/sysadmin type person, but I was pretty keen to achieve my goal of being Google free by 2021 (which I'm happy to announce with this migration that I did :), though I still watch youtube anonymously sometimes). But I'm not sure it'll be the most ideal solution for the long term. I'll see what the maintenance burden actually is like through next year. Some folks have suggested looking at the docker installation options (as opposed to the snap package, which I use here), since it's apparently really easy to maintain. We'll see.


One option which is what I've been doing is just using SFTP.

I find that that reduces the maintenance burden to just keeping a machine running and patched.

I also set up a read-only web frontend with NGINX's directory indexing + htaccess so I can share files easily.


A client that works really well with SFTP is lftp. It is in most linux distros and is available for mac in brew and in cygwin for windows. It has a mirror subsystem that works nearly like rsync and can support SFTP + chroot. Combine that with rsnapshot for diffs and you can fall back to earlier versions without using a lot of disk space. You can put that rsnapshot location outside of the SFTP chroot so that malicious access can't wreck your data, or just make the directory above your rsnapshots root-only access so regular users in a non chroot environment can't get there.


That sounds super nice, I'll have to look into it.

Thanks!


This is also the direction I'm taking. It makes everything just easier when everything is file-driven, backups are simpler, and when nothing works anymore the basics always work.


I think buying a NAS with all the built in software you need is a more sensible approach for the average enthusiast. But nextcloud is cool too.


I can attest that -even with kids- this is almost set-and-forget.

  sudo docker run -d --restart=always -v <LOCAL_PATH_TO_NEXCLOUD_DATA>:/var/www/html --name nextcloud --network=host nextcloud
If you want to get fancy with a MySQL database just make:

  sudo docker run -d --restart=always -v <LOCAL_PATH_TO_MYSQL_DATA>:/var/lib/mysql --name=mysql --network=host -e MYSQL_ROOT_PASSWORD=hunter2 mysql


> Time cost of these setups is real.

Compared to the maintenance cost of something equivalent 10 years ago, it's a lot better now. I don't find it meaningfully inconvenient, even with kids.


I hear your point (2 young kids) and there’s plenty of things I’ve done that with, but this isn’t one of them. I have a Synology NAS and probably spend less than 5 mins a month on it.


You can even run Nextcloud on your Synology NAS with a Docker container (provided that your model is one of those that supports Docker)


I think synology NAS are great, and thats exactly what they are designed to do.

My problem with them is, i don't need as much storage and would orefer more CPU

Synology has this habbit of equipping their lower end models eith too little RAM and underpowered CPU

It is also harder to share it, as the 'owner' can usually see all data thats in it


To respond to a few points, my calculation was thus:

1) could I fail to detect a failure of an auto-update or novel exploit because I’m more busy now?

2) if so, could something very bad happen?

I got two “yes”s. It still annoys me to have everything in iCloud, but I also have local copies so I’m not too stressed about account lock out.

Otherwise to each their own, it wasn’t an easy decision to give up the autonomy, but the risk/reward equation changes when my time became more scarce.


You could have local copies of what you had in OwnCloud too, so I don't understand the point of going to iCloud.


Apple Pays very competent people to keep everything online. My major issue is syncing across several devices. Also, backups on premise aren’t really backups, so you still have to trust somebody even if it’s just keeping the link up in a VM.


I use ownCloud and I log into my Digital Ocean VM running Debian about once a week to do `apt update && apt full-upgrade`. Doesn't feel like major drain of my time.


Have you considered using the unattended-upgrades package?


I have, but I like keeping an eye on things.


Snap has auto update. So this shouldn’t be a problem here. Only the restarts are manual (to apply the update).


However, the time cost may be substantially lower than if Google or Apple locks you out of your account ...


why not put it behind VPN?


I would suggest Hetzner's storage share (their managed Nextcloud hosting) [1]. Their pricing starts at €2.90/mo for 100GB of storage, which is significantly cheaper than what is mentioned in the post ($5/mo for 25GB).

[1] https://www.hetzner.com/storage/storage-share


Yeah it's actually cheaper (and simpler :) ) to sign up with a nextcloud provider if all you want is a nextcloud account. There are other reasons to run your own instance, but honestly I think most of them come down to the hacker novelty factor. One noteworthy one is having total control over your own data, I guess. Depending on the provider it's not always simple to export all of your data to migrate somewhere else if you ever want to.

For folks who would use nextcloud if they didn't have to care about all this server admin stuff I would definitely recommend Hetzner. Cloudamo [1] is also a good option with servers in North America, for people there who care about location.

[1] https://cloudamo.com/store/nextcloud


Wasabi is likely even cheaper at $6 a month for 1000 GB (minimum) [0] and free egress to go with it (similar plans from Backblaze too [1]).

Scaleway is pretty impressive with its pricing too with 75 GB (storage + egress) free per month [2]

[0] https://wasabi.com/cloud-storage-pricing/#three-info

[1] https://www.backblaze.com/b2/cloud-storage-pricing.html

[2] https://www.scaleway.com/en/object-storage/


Wait, you're not talking about the same thing as the comment you responded to. Parent comment was about managed Nextcloud hosting.


Yes, Scaleway and Wasabi don't, but Backblaze does in some limited form: https://www.backblaze.com/cloud-backup.html


Does Hetzner's storage share also have snapshots or backups?


That page seems focused on the file storage aspect. Does Storage Share also include other Nextcloud features like calendar?


Yes, I'm also using Hetzner and have not run into any limits in what plugins you can install and use yet. They used to call 'storage share' just 'Nextcloud', but moved it to the new name for licensing reasons.

I don't know what type of hardware they're running their Nextcloud instances on, but I've been using calendar/contacts and public file sharing (since Firefox Send went down) on the cheapest plan for a while now and it's fine. I also dabbled a bit in using Nextcloud's maps, video calling, bookmarks and rss reader applications and it all works OK, although I didn't stick to them because they're not the most rich in features. I had to Hetzner email support a few times and got a helpful reply within 1-2 work days, sometimes quicker, which I thought was fine.


I noticed the Storage Share page doesn't mention anything about server-side encryption - is this an option?


Yes, you can enable the "default encryption module" in the apps page like any other Nextcloud instance, as well as other apps, e.g., 2FA.


Why can't these services have a more realistic pricing model. Like you pay once for storage, and per amount of data used, and power?

Paying a monthly fee for data you don't access seems like a dishonest pricing model. (I can see that a part of the fee has to be per-month, but it shouldn't be so large).


How is it more realistic to have somebody maintain hardware and software over time, and not pay for that service over time? Their business doesn't care if "you only buy the hard drive once".


The point is that a subscription with a 2TB harddrive is much more expensive than a subscription with a 100GB harddrive.

I just want a to pay a fair price. Not a price based on ungrounded assumptions.

It's like going to a restaurant where the food is cheap but the drinks are crazy expensive.


Whatever disk capacity you buy your data sits on multiple disks running 24/7. It costs electricity + maintenance when disks break.

If you want a fixed price you have to do it your self. It will be cheaper, but less safe, less accessible and more involved.


Again, I totally understand this. What I don't understand is the huge price difference.


I would strongly advise against nextcloud. I installed it for about 8 months before giving up. I spent too many nights getting it to work properly, and recovering from various failures. I never felt safe putting my data on it.

In my opinion, Nextcloud favours quantity over quality, and many of its core features are subpar. Upgrades are messy, and the docker images fail at reproducible builds. The android client is also buggy.


I actually recently encountered issues which broke the system, when attempting to upgrade between major versions. I wrote about it briefly on my blog, as incomplete as it may be, here: https://blog.kronis.dev/everything%20is%20broken/nextcloud-i...

In summary:

- Nextcloud failed to update from the version 17 to 20 - it did inform me that it can't do this, but not before attempting to update the version number and essentially breaking itself. That said, other software, such as phpBB is also known for brittle updates between major versions.

- After a re-install of the latest version, it failed to allow clients to connect to it through HTTPS (reverse proxy setup), though this proved to be a problem in the default configuration.

- It then also failed to synchronize all of my files once i dumped them into the sync folder, though that's a lesser issue.

- The new Talk ( https://nextcloud.com/talk/ ) application is enabled by default and for some reason noticeably slowed down the whole system, even when not in active use - page loads went from 1-2 seconds to approx. 3-10.

Despite all of that, i would still recommend Nextcloud, because there isn't much software like it out there, and when it works, it is actually pretty okay.

Provided you follow these suggestions:

- Always have working backups. I personally use BackupPC ( https://backuppc.github.io/backuppc/ ) which i self-host, cloud vendors also offer managed options.

- Stick to a single major version, update manually. In the case of Docker, i just stick to a particular image tag, such as :20.0.2-apache.

- When updating, have the backups ready and be prepared to wipe and reinstall the application. Never store anything in Nextcloud that you're not prepared to have unavailable for a while. As for the apps (like Talk or Calendar), where you can't export the data to later import it, be prepared to lose it, or use another alternative.

Sadly this will mean that for a while your instance will be insecure, but the current circumstances force me to prefer working software over secure software.


I had exactly the same issue last week!

https://nicolasbouliane.com/blog/nextcloud-docker-upgrade-er...

However, this is the straw that broke the camel's back:

https://github.com/nextcloud/docker/issues/420#issuecomment-...


Huh, the idea of manually downgrading the version number seems like a nice hack!

It does feel kind of unfortunate, however, that while containers themselves are immutable most of the time, the tags themselves will point to different images over time.

If you do want something like a rolling release model, where you always use ":latest" (or ":master" or ":trunk", or ":stable" or whatever), then it feels like you'd need to constantly pull the latest versions of the image, with something like shepherd for Swarm ( https://github.com/djmaze/shepherd ), watchtower for regular Docker ( https://github.com/containrrr/watchtower ) or whatever the Kubernetes alternative is.

The whole DB user thing feels unfortunate, however! Especially on systems, where you have a single "fat" DB instance which is shared amongst different pieces of software (with separate schemas for each), as opposed to a more distributed approach, where each DB instance is separate and used by only one application.

Personally i've come to use the latter approach and run all of my DBs as containers, with bind-mounted /var/lib/$DATA_DIRECTORY_FOR_DB_HERE directories, for easier data backups. Though i guess that's also in part because i want to cap the resources available to each instance and also because i don't trust any piece of software to let it impact others in a shared resource situation.


I really tried to like Nextcloud. I set it up multiple times. And it was a giant cluttered mess of a UI, things worked poorly, and as much as I want to be ok with a PHP app, I don't trust PHP.

And its not because I want it to be JS web app or anything like that. Just the core HTML/CSS is poorly implemented and just doesn't look good.

The calendar and addons system just work so poorly. I just cant use it. I just use Seafile for filesharing.

I've run my own email before, also a pain in the ass for spam management. I do own my own domain and use ImprovMX.com to forward it to a free Gmail account. So if I ever need move, I can do it quickly and easily by just changing the forward.

I'm not privacy conscious so I don't really care to run from Google for that reason, I just am tired of them shutting down and killing services I use often.

I just haven't hit an email service that matches the spam fighting powers of Google yet. or the UI. Everything else looks so traditional. and I don't want to pay $99 for Hey, mostly only do month to month so I can easily cancel and not waste money if I want to stop using it.

Anyways, I digress. I just haven't found the right combination of tools for me, but Nextcloud was not it. I honestly think its horribly designed. We need an alternative to it, but I know its a huge undertaking to make something like this, so I am not sure it will happen any time soon.


I use Nextcloud for the calendar, the to-do deck and to access my Samba shares over HTTPS.

That said, I would never put anything important on it. I had at least 5 upgrades in the past 2 years result in total failure, with an unrecoverable instance and corrupted DB.


I've been hosting Nextcloud since version 13 and have upgraded 7 times in total, to version 20 now. Never had a single issue upgrading. I'm hosting via Docker, so upgrading is as simple as pulling and starting a new image. Nextcloud takes care of upgrading tables etc itself and has never failed on me.


Same here. Upgrades always went without a hitch. I run it in Compose but the database is on the host (I much prefer that setup in general).


I think I've been using it since version 9 when I switched to it from whatever version of ownCloud I had been running some years prior (I'm not sure if their versions were still in sync or not) and I have the exact opposite experience. I have never used anything more stable. Database upgrades are always seamless (I've never had to even touch the db since install) and all I have to do is occasionally add some indices through the CLI when it asks me to. The automatic updater seems to also make some sort of backups and even if it doesn't, a standard mysqldump backup should be enough to restore pretty much everything. It even survived two migrations to new servers.


I run several nextcloud instances and never had the slightest trouble upgrading through several Debian versions and many Nextcloud releases.


I'm curious about this.

I used Nextcloud for a few years already and never, ever I had a corrupted DB in any of the upgrades.


I've also experienced upgrades corrupting my DB a couple times over the years, and once emptying the trash caused DB issues as well.


Less than 1 year and 3 "there goes my evening" issues so far, one which resulted in data loss.


Does anybody have a good recommendation for an automated Gmail backup? I am happy using Gmail for now, I just want my own copy of all of my emails that I can search and read - offline if necessary.

I tried to use Nextcloud's email app to backup my gmail, but after sending it up I realized that it is just an alternate interface to access email on Google's server, not a proper backup solution. (It only supports IMAP, not POP3.)

If I can't find a better solution, I may just set up Thunderbird and put it and POP3 mode, but I'd really prefer something that could sit on a server and run automatically without me having to touch it.

(For what it's worth, I ended up keeping my Nextcloud server set up because I found that I really like the notes app. I also have it doing a daily backup of my contacts from my phone and it's replaced Dropbox for small file storage. I already had my photos backing up to a Plex instance on the same server, or else I would probably be using the photo backup feature as well. )


I recommend using isync (aka mbsync) https://isync.sourceforge.io/ to download an offline, IMAP-style copy of your email; it seems to be faster than offlineimap http://www.offlineimap.org/ which does the same thing. Many people have it run on a simple cron job. You can then use Thunderbird etc. on your full local copy of the mailbox.


Thank you, I'll try that out!


https://github.com/jay0lee/got-your-back Got Your Back (GYB) is a command line tool for backing up your Gmail messages to your computer using Gmail's API over HTTPS.


Cool, I'll check it out. Thanks!


Getmail is probably your best bet for an automated email backup - that will fetch your email over IMAP (getmail-gmail-xoauth-tokens can use oauth to connect to IMAP) and store it as a maildir or mbox. You can then use that with whatever client or search system you like.

You could then use this maildir as the backend for a dovecot IMAP server and use any webmail client of your choosing to connect to this and search it etc.

I'd avoid POP3 - very old protocol and it removes your mail from the server (is this your goal?). You're definitely better using IMAP. Even if you want to delete mail from the server, you're probably safer to fetch it by IMAP, then delete it.


Thanks! That sounds like about what I'm looking for!

And, yea, I'm not so concerned about which protocol to use or deleting the email from Google's server, I just want my own local copy of it.


If you use a local mail client, you could drag all your gmail folders to the local folder area. Most clients will then copy all the emails to a local destination. Then you could have a rule that copies all incoming mail into the local folder, catching any future mails.


In don’t use Gmail but I use offlineimap which would do what you want. You can then use the files with thunderbird as a regular mailbox but off your local copy instead of gmail’s.

I have it run with a systemd timer at regular intervals and it’s backed up with borgmatic at regular intervals using another systemd timer.


I’m a solo person on google enterprise for $20 a month. It sadly cannot be beat. Unlimited storage (almost 40TB) and email is all I care about and it works pretty much flawlessly (besides this weeks outage). I wouldn’t want to have the hassle of running it myself nor the price of storing all that data. So sadly I remain with google.


Yeah I think Google is pretty hard to beat for anyone who only cares about cheap storage, unfortunately. One argument I have for that crowd is that there's nothing stopping Google from coming seeking rent in the future (like they're currently doing with Photos), once they successfully kill off all viable competition by offering their products at a loss, which they can afford to do but a lot of companies who only do one thing (like e.g. email) can't.

But yeah I also don't think Nextcloud or other alternatives will really take over unless security/privacy/ethics become a higher priority than cost for most people, which seems unlikely to me.

Edit: Typo (of -> off)


Not to mention you’re less likely to get hit with ransomware. Nextcloud pwnage seems much more likely.


Putting anything behind a firewall in combination with a VPN can be relatively turn key and self patching without too much effort.

Docker wi5 a tool like proxmox can go a very, very long way in a matter of a few days... and provide near identical vps maintainability.

Hardware is much more reliable and self monitoring than it used to be.


None of this deals with ransomware


Do you mean you don't know how it could deal with Ransomware? Or that there's no possible way local setups could could deal with Ransomware because you aren't aware of it?

Ransomware attack vectors are often clicking malicious websites, emails, or software opening stuff that is risky.

Keeping you access point patches system patched and browser up to date is a big line of defence, with or without cloud backups. Those identities can be as easily hacked if the weak spot is our computer.. Using browser and email plug-ins to increase security and safety can be helpful too.

One can run pihole locally at home as well and filter out a great deal of trackers that can get hacked.

It's also relatively easy to setup multiple vlans on your local network to separate your devices.

Having multiple current backups of your computer, physically and locallu is also an important defence against ransomware.


I'm on a similar plan, but I'm worried about the forced upgrade to Google Workspace, which would reduce the amount of storage to 2-5TB per user. I imagine it'll be mandatory soon.


> Unlimited storage (almost 40TB)

Huh? One of those is finite and the other is not.


It means he has 40TB stored I guess.


i am using 40TB out of unlimited. you are right, that was not clear in my comment


40TB is essentially infinite unless you're doing something with large amounts of media content.


I'm glad some of yall are mentioning cost. These articles while awesome usually don't mention the cost to operate and support such endeavors.

I would like to host my own Matrix instance, but I have no idea what the cost would be monthly.


Oracle Cloud has the best Compute/VM Always Free Tier around (2x 1G RAM/50G VMs), which is likely sufficient for a small matrix/synapse server, so realistically you could do it for zero. I don’t know how much network transfer is included in their free tier, however (I’ve looked but never seen it clearly stated anywhere).


So, what, Google is bad now, and Oracle good? Funny world.


Good until they capture enough market share to stop bribing people to switch.


I thought I was just talking about vm/compute, which is quite a lot different than using a mail service where you are essentially the product.


Bad guys are bad guys whatever service they sell. I've created an Oracle Technology Network account (luckily, with my ex-company email) in order to download something from OTN and soon was swamped with spam from various companies they sold my address to, with no way to unsubscribe. Should I mention that I always untick the "send me marketing offers" checkbox?


Switching from Google Products to hosting parallel products in Oracle Cloud is basically the same as one step forwards, two steps back.


It’s not switching from Google to Oracle. It’s just a place to spin up your own vm/instance, and for very little. You are conflating services.


thank you so much for this, didnt know they had such a gracious free tier. The only thing I saw was "Outbound Data Transfer: 10 TB per month." but you are absolutely right, it isn't spelt out directly.


Ah ok I think I remember that and I wasn’t sure it that was linked to the LB service or the VMs. Perhaps/likely it’s either/both. In any case, wow 10TB is awesome. I think Google Cloud’s Free Tier transfer limit is 1G, which is one of the reasons I powered it down (the other being they started charging for external IP’s on the free tier compute instances).


Also they have Oracle Linux 8 as an OS option for free tier, so you’re covered if you prefer the EL ecosystem (eg given the current CentOS situation).


As an alternative to all the US products being suggested, let me suggest an EU alternative: Contabo.

Their cheapest offering (€4/month including tax) is more than enough for even the heavy web applications and their lowest storage tier will net you 300GiB to play with. The big downside is that networking is limited to 100Mbps, but for casual use that's not that big a deal in practice. That's plenty for a NextCloud instance, a matrix server, a bridge or two, a mail server and more with RAM to spare. The benefit of the classic VPS model over auto scaling cloud compute with a free tier is that a runaway script won't cost you a few hundred bucks if something goes wrong.


I've been using them for some random projects and they have been pretty decent for the price.


That's a good point! I should add the total cost to the post. I mentioned I use the cheapest Linode server but didn't actually say how much that is. I pay $5/month (USD) for the server (except I got the first two months for free from some promo code I found on another blog), and $10/year (CAD) for carbon offsets. I also paid $5/year (USD) for the domain name I use.


awesome thank you so much for updating. Unless I missed it in your post, who is your domain registrar for the low price?


I use namecheap.com. The prices vary a lot, I use a .cloud domain, I think obscure TLDs and domain name choices are cheaper, but I'm not exactly sure how their pricing actually works.


Synapse is essentially invisible on a $5/mo digitalocean VM, in my experience. I don't have too many people on it, but I've run my own server for about a year and a half now and I've had no issues whatsoever. Throw it on a VM if you have one lying around, and if not you can always spin up a new one and use it for any other services you want to host in the future.


It was fine for me until I federated and the avatar folder grew over the gigabyte because joining another room triggers the downloading and caching of pictures and there are no thumbnails.


someone please help me understand all the hype about nextcloud. I've tried it and found it to be a bloated mess. Why would I want to run this over several smaller apps that do the job better, just without a fancy (if you could call it that) UI to tie it all together


For me it was just the convenience of being able to have most of my cloud things in one place (like calendar, reminders, contacts, notes, etc). I suspect it's probably not the best solution for each of those individually, and I'm definitely curious what other options are out there, but it's quite a convenient drop-in replacement for a lot of Google's cloud offerings for people who are looking for alternatives. Also I should note I don't actually ever use the nextcloud UI itself, I don't disagree it can feel a bit clunky sometimes. I use 3rd party clients and use my personal cloud to sync everything via webDAV and cardDAV.


Agreed. I used it for about two months and spent dozens of hours trying to help friends/family troubleshoot random glitches the clients had, the unintuitive encryption settings and hugely underwhelming performance that comes with S3-type storage. I loved the idea but it really is a bloated mess and I couldn’t trust it to work when I needed it to.


Tried remote storage and its slow like you mention, but once I ran it on a ryzen desktop with a hdd for storage the whole thing is incredibly fast and works great.


Hmmm, I have a small BuyVM Ryzen-based KVM vm (I think lives on local SSD storage but can’t remember) that’s been idling for quite some time— might have to give it a whirl, thanks.


Still waiting on a Luxembourg KVM slice to come in stock.


I use it over gigabit fios and get 68MB/sec transfer speeds to/from my nextcloud instance at home. I don't usually get that much with google drive/etc...


It seems to have remained quite popular, so there must be reasons why people like it. Someone else just replied “less maintenance,” but I think a lot of it does have to do with a single webpage/all-in-one portal type application where you can do all the “my things” at. Eg, sandstorm is in that sort of category. It is pretty convenient. Note I have played around with sandstorm but never used next cloud. And sandstorm is very different too, don’t want to get too carried away in comparing them.


Sandstorm was a neat idea, but unfortunately it seems like it is nearly dead: https://sandstorm.io/news/2019-09-15-shutting-down-oasis

> As much as I love Sandstorm, it’s hard to come home from my successful day job to work on an unsuccessful side project. And so, I have been spending less and less time on Sandstorm. I still push updates every month to keep the dependencies fresh, but hadn’t worked on any new features in about a year and a half before adding mass transfers recently.

> Meanwhile, without leadership, the community has mostly disbanded. The only app that gets regular updates anymore is Wekan, thanks to its maintainer Lauri “xet7” Ojansivu. Jake Weisz heroically continues to carry the Sandstorm flag, reviewing app submissions (mostly from Lauri), replying to questions and bug reports, and advocating Sandstorm around the internet. A couple others lurk on the mailing list and IRC. Most people have moved on.

> Almost all the app packages are from 2015-2016; many of those apps have had significant updates in their standalone versions since then which are missing on Sandstorm.


FWIW, this post came after that one, and there has been somewhat more development activity this year compared to last:

https://sandstorm.io/news/2020-02-03-reviving-sandstorm



bloated mess

Same. Setting up v20 for a customer these days. Heavy, slow. Buggy LDAP. Not easily containerized: official Docker image tries to rsync ALL the distribution from /usr to /var/www/html every time your start run the container, and you can't mount individual volumes (e.g. just data), because they keep the config at /var/www/html/config.php

Customer just wants a UI for a filesystem, and I'd gladly replace it if I could.


I concur. I am happy with my lean setup:

- SyncThing: decentralized, fast & unix aligned

- CryptPad: end-to-end encrypted, real-time collaborative editing


It just works and does everything. I run it on a ryzen "server" and its super snappy and does everything I need. Its the glue between my apple and linux devices which makes interacting with files between them almost seamless.


Low / no maintenance of services and software is huge.

The cloud seems maintenance free until the plan or features change or go away altogether.


less maintanance? Which apps do you use?


Wondering what you use instead?

I run nextcloud on a $5 vps just like in this article, it's still underutilised. Out of the box my family can have access to certain folders and their own account, they can watch videos in the browser and I can have a selfhosted google docs/sheets alternative. All encrypted at rest.


Setup nextcloud 2 years ago as part of a FreeNAS install. It runs in a jail and dumps my files to the local, shared filesystem as a result. I also put the nextcloud clients on my phone so that my photos auto-upload to my NAS vs google photos. It's been quite nice to be able to just drop files to it, right click, then share someone a link to those files.


Is this hosted on dynamic IP? How do you handle that so mobile clients can auto-upload to the server?


Non-static IP, all done via dns updates. Never had an issue.


There are two options I think: a VPN or a dynamic DNS like duckdns.


The hardest thing people need to ween themselves off of is email, which I didn't see mentioned here at all.

Many people don't think there are viable Gmail alternatives, but on Drew DeVault's recommendation I recently switched myself over to using Migadu[1] and the experience has been fantastic.

That said, I am running CalDAV and CardDAV at home on my own hardware, but they do offer a simple version of both that should be usable.

[1]:https://migadu.com


Take care with Migadu if you use mailing lists. I troubleshooted some issues with bounces earlier this year and both users in question were using Migadu - they had ended up with the unusually strict "p=reject" DMARC policy. Every time they sent an email to the list I was on, my account would (correctly) trigger a bounce and after several of these incidents _my_ subscription would be removed from the mailing list for too many bounces. I'm not even sure whose fault this situation is, but it's something to keep in mind.


I use Protonmail (with a custom domain) for email, so I didn't include anything about that here. It's possible to do with Nextcloud, too (and maybe I should look into it now that I have this.. would probably be cheaper), but seems like a bit more work to set up your own mail server. Several people have recommended mailinabox to me.


I've been using Nextcloud for a few years now, starting with my mail-in-a-box instance. Before that, I played around with owncloud a bit over the years.

I'm now at the point where I'm trying to find a different solution. I don't even use all the web UI stuff, but desktop sync is unusable to me now. It all started a few months ago when the new desktop client version came out, and would always crash when opening that new view. When it was updated on the server side, I started getting signed out every time I shut down one of the computers I'm using, which gets especially frustrating on the computer where I'm using two nextcloud accounts, because I have to log in, wait 30s because apparently there are bad logins from my IP (??), grant access, log out, log in with the other account, grant access again, and then do the same dance again on the next computer I start. And ever since I've been using it, I kept getting "undefined states" and weird database errors.

It just seems like they don't do a lot of testing and focus more on features than stability. Any suggestions for a very stable open source service hosted in linux that does good desktop sync with a windows client?


Nextcloud and owncloud are written in PHP like so are many other web server apps, especially wiki servers.

I've always had misgivings about the security of using and running PHP. Does PHP software still tend to be insecure as in the past? Why are there so many web apps (especially wiki servers) written in PHP instead of e.g. Python, Rust or some other language?


They even had to come up with their own security scanner (https://scan.nextcloud.com/). I assume because they don't even trust their own code mess or cause you can f-up your PHP conf in so many ways that your server becomes vulnerable.


Yeah, only PHP software needs audits and quality testing. /s


Yeah it is, don't use it.

All the advancements on PHP are great, it's becoming a JAVA more and more, but likely any PHP legacy apps will never see an upgrade to the latest version. And starting a new project in PHP, nah, there are better more well designed programming languages.


Has anyone setup/used multi user calendaring and contacts on NextCloud?

Currently considering this vs. a few standalone docker instances for calendars/contacts for one of my downtime projects over the next few weeks...


Yes, it works well. I moved all my contacts and calendaring from Gmail to a self-hosted Nextcloud instance about two years ago. My wife and I have a calendars in common, both of which are set up as the default calendars on our mobile devices. We recently discussed having a shared address book too. Shouldn't be any trouble to set up. One of us will own it, farm out r/w access to the other, and we'll transfer contacts we ought to have in common piecemeal. CalDAV and CardDAV.

In general, Nextcloud has been transformative in allowing us to move off Google products. All our music and photos are on Nextcloud too.


I've been thinking of switching to my gmail calendar and contacts to nextcloud. But I've been wondering what you then do about contacts you email. Do you somehow keep gmail in sync with the nextcloud contacts?


I have been running OwnCloud/Nextcloud for a very long time. For me, the Calendar is the killer feature. It Just Works. Everyone in the household has an account and we share calendars with each other. You can use whatever client you want (Thunderbird, Android, Apple devices) but the web UI is really excellent and easy to use as well.

My biggest gripe with Nextcloud is that upgrading between major versions is a pain and they release upgrades often. If my VPS didn't have other duties as well, I would probably switch to a hosted version.


yep! using it for my family for about five years now. completely painless across devices.

apples can access it via builtin caldav/carddav, android needs an app.


Does nextcloud still use caldav/carddav?


Yes


Selfhosting is neat until you really start thinking about durability, reliability, quality, integrity. Never self-host important data with at least doubly redundant backups incl. regular offline backups. On that thought, also never have a single authoritative copy without backup online. If all important photos are on Google Photos with no backup, you're doing it wrong. If you have important data in Onedrive with the convenient sync enabled from multiple PCs and maybe your phone, it's not safe, all these clients have write access. Same for nextcloud.

I employ a "spider" system. I use paid online storage like Onedrive, S3, Azureblob or Gdrive, or Fastmail for email and calendar and contacts, but pull all data from their primary hosting location and then disperse it into multiple cloud copies plus local plus distributed local offline (in intervals). All spider copies are encrypted either using GPG or symmetric encryption. I can access all spider target locations with credentials I know by heart or have offline backups of them, and I can also access or know the encryption keys required to access the data itself.

I also keep an encrypted emergency copy of my most important data on my phone's storage.

In such a system, it's perfectly fine to use Google storage + Azure storage + S3 and whatnot provider, as long as you have a sound system and encrypt your data. They can deliver important features you cannot deliver yourself at reasonable cost.

Nothing is free.

Essentially, to safeguard the most important personal data, the exact same methods and knowledge that a system engineer who designs a storage layer as part of business critical infrastructure should be applied.

Nextcloud is just too messy and complex. I don't want to spent a lot of time managing its lifecycle, testing updates before deploying them to production, etc. I trust accomplished vendors to host production copies of my data as a service, and take responsibility from there. Sure it's easy enough to deploy some piece of open source software and update it continuously, but I suppose the work that goes into making it a high-quality service, like testing updates with duplicate data before letting a new software version lose on your important personal data master copies, is something I doubt few people are putting in.


Would you mind to explain the encryption part?

— what software and algorithm do you use?

There could be problems with some of these programs.

— how do you handle the key management to ensure that you are not locked out of your data?

I am not sure if memorization of the secrets is a good approach.


I use NextCloud for some years now. I hate the syncing which destroyed several files. Another problem is files that need to go together like git source directories e.g NextCloud easily screws that up, my with "lost" the text of her novel if we didn't had backups.

Their technology is miles behind OneDrive/Dropbox and they seam to not care but add features that enable them to attract new customers instead of fixing the core. When you need to use Office products nothing beats OneDrive.


Can any nextcloud user suggest why to use nextcloud instead of a network drive for a small office where everything is done offline and within LAN ? Mapped network drive is painlessly easy. Open file manager, click any file and you are there. There isnt much for "collaboration" when you can just talk face to face.

I really want to use nextcloud for managing files but I could not find a satisfactory answer.

Oh, I have a daily file backup meaning I can get any copy of a file from last year so that is covered.


I've used FreeNas for some years in out startup and now NextCloud for some years at home.

FreeNas feels much more stable. If you only work in an office I'd use network drives they are less hassle than syncing (though mixed environments with osx and smb are a pain) If you need the files with you, use NextCloud.


Oh.. yeah. A bunch of laptops have Linux on them and it gets tiring sometimes to having to overwrite each file when saving. Though fuse is supposed to fix that on plasma at least.

I kinda havent switched because of that reason only. I dont need data outside of the lan network and for outside I use zerotier so I always have that network drive.

Good to have options. Maybe one day I might switch everyone but that would be a lot of trouble


+1 for zerotier - I use NextCloud over zerotier.


Here are many negative experiences with Nextcloud at the top of the comments, so I'll share my 2 cents - I started using Nextcloud when it was ownCloud and generally haven't got any issues running a small instance.

If my memory serves me well, then at the beginning updates caused a lot of issues, but for past couple of years I'm pretty confident when doing updates. I update only via web UI when new version becomes available for my instance. Currently running v19 though v20 has been released 2 months ago. That way I believe I avoid some of the bugs when major version is released :).

Some negatives aspects that I have encountered, but don't see as a big deal -

newer Nextcloud versions require newer PHP versions that are not provided by Ubuntu LTS, that means, that I'm no really benefiting from LTS and I have to upgrade the distribution if I want latest Nextcloud (don't want to upgrade PHP separately).

and couldn't get Talk working reliably, whatever I'm missing, it feels that documentation could have been better.


shameless ad: looking for a simpler way to host nextcloud? try homedrive[1] :)

[1]: https://homedrive.io


This is great! Self-promotion or not, thanks for sharing.


so no recurring changes for upgrade and maintenance?


no recurring charges (at least for now).

the only recurring cost is electricity cost for self-serving at home.


one month ago, I set up nextcloud on a rasperry pi with snap. It required very little work to get going, and most services are pretty decent.

The only thing in the pack that I didnt like that much was the document editor, where letters appeared in the wrong order when typing too fast. this could possibly be due to running the ARM version of the backbone.

But then there are other ways to edit documents, and the rest of the default tools well done.

it is also possible to get different plugins as well as there are many apps on f-droid that integrate nicely


> this could possibly be due to running the ARM version of the backbone.

As someone who's worked on more than a few collaborative text editors through the years, this just sounds like a correctness bug in how they're processing typing events.


It sounds like it to me as well. We had the same bug with content editable fields and changing then index of the selection, which is where the cursor appears.


NextCloud is awesome, been running my Calendar, Contacts, files and ToDO on it for the last 3 years without any hiccup.

At most I spent 10min/month to update to the next version.


happy nextcloud admin here - sticking with v18 for now since I have no use for office-calendar things. File sharing links and the video chat working just fine, using it for small team meetings and it works well enough. At some later date, I might look at some of the many, many cloud transfer protocols supported under-the-hood (as seen by looking through the installed php source files).


FileCloud Community Edition (https://www.getfilecloud.com/filecloud-community-edition/) is another viable option for self-hosted file sync and sharing. It runs on top of windows and linux. The installation takes just couple of seconds


I recommend NethServer or YunoHost which can install nextcloud as a module, along with many other services, and can be easily updated with security patches. Freedombox may become a contender some day too.

Its one thing to set it up, and it's another thing to keep it running stable and secure.


"If you choose the cheapest Linode server like I did it doesn't come with much"

Storage - the biggest issue with rolling your own cloud. For some reason storage cost is usually the killer in these scenarios.


The one thing really keeping me from getting off Google is YouTube. For everything else there are good alternatives. But YouTube really is the only viable player in the online video game.


>The one thing really keeping me from getting off Google is YouTube. For everything else there are good alternatives. But YouTube really is the only viable player in the online video game.

The thing I hate most is ads. And YouTube (unless you pay them) gets ever more aggressive with showing ads.

The pre-roll ads are bad enough, but interrupting a playing video with a couple of ads (as happened to me the other day) is way beyond the pale.

I guess I need to take a closer look at integrating youtube-dl into my Mythtv environment and otherwise just ignore YT (as I do all of Google's other herding tools).


It's usually the content creator who chooses how many ads run in a video and where they appear. I can't really blame them for putting in enough ads to make a living off of it. And nobody is forcing you to watch the ads -- you can get rid of them for $12/mo. Or are you saying that you expect people to produce quality content for you for free?


>And nobody is forcing you to watch the ads -- you can get rid of them for $12/mo. Or are you saying that you expect people to produce quality content for you for free?

They are not. And I generally don't. In fact, I rarely watch YouTube. When I do, it's generally to find a specific song or video clip (both usually decades old) to forward along to someone else.

In those situations, I would be shocked if the "owner" of the content (the YT channel owner) had actually paid license fees to the actual copyright owner.

As for paying $12/month to get rid of ads, that seems an awful lot like a protection racket. "It'd be a real shame if you had to waste all that time watching ads. We don't care about the money, we just want to help you make your viewing experience better."

Given that the video in question[0] wasn't actually created (or even directly licensed) by the owner of the YT channel, your point is moot for that particular piece of content.

As for actual content creators, I absolutely believe they should be fairly compensated for their work.

However, simply repackaging the work of others isn't "content creation."

Regardless, I make every effort to shun all platforms that attempt to show me ads. That's my choice. Because I don't care to be presented with a bunch of garbage or pay the same people who profit from it to not see such crap.

If there's something I want, I'll buy (not stream or rent or license) it.

There's far too much of that going on and I refuse to support it. If I buy music or a phone or a car or a tractor or seed or anything else, I should be able to use it as I see fit, without restriction, data exfiltration or a bunch of scum trying to sell me stuff.

[0] https://www.youtube.com/watch?v=Va8Uz6MoKLg


I don't see your point. You didn't buy the YouTube content. You're watching it for free. How about you just don't watch YouTube?


>I don't see your point. You didn't buy the YouTube content. You're watching it for free. How about you just don't watch YouTube?

As a general rule, I don't. And if you'd actually read/comprehended the post you replied to, you'd know that.


If you're watching on non-mobile device, why not just use ublock origin extension? I haven't seen a youtube ad in ages.


You've never heard of a commercial break? Find that hard to believe.


>You've never heard of a commercial break? Find that hard to believe.

I don't tolerate that garbage from TV (via time-shifting/fast-forwarding), why should I accept it from online sources?

And I don't. Show me a site that has ads I can't skip and I'll show you a site I won't use.


I am still looking for a decent Google Maps alternative. And not about navigation, I never use that, what I care about it's reviews. TripAdvisor is okish when it comes to restaurants but Google just have the advantage of having review for ANYTHING. Still haven't found a competitor that does anything close to that.


I'm always surprised at the lack of content on OpenStreetMaps, 99 times out of 100 when you click a point of interest there are no photos, reviews, or even a basic description


Yet they still have that restaurant that closed 5 years ago.


Yeah I still use youtube sometimes, but I do it without an account. You do lose a lot, like remembering what you watched and better recommendations, but you also win some, like Google not remembering what you watched :)


I created a dedicated throwaway gmail account just for YouTube premium, it was the last/only service on Google I was still using. It seems they've killed off all of the working public invidious instances.


I set up a public facing nextcloud server on my own domain. The login got hammered within days. I took it down and plan to only bring it up behind a wireguard connection. Lesson learnt.


Ok I have the nextcloud setup, now how can I backup my iphone gallery? Haven't found a frictionless way to do that except icloud.


There's an iOS app you can configure to automatically upload your photos to your nextcloud so they're available from anywhere (https://apps.apple.com/us/app/nextcloud/id1125420102). You might want to set up Backblaze or similar for external storage, though, if you're using a small VPS you might fill up the storage pretty quickly.


Additional note: Nextcloud also comes as part of Mail-in-a-Box (MIAB). If you are using that version of Nextcloud, you need to know the following:

1- It uses SQLite, you can't change this easily as the same SQLite is also accessed by MIAB to sync contacts and calendar functionality. The Nextcloud devs don't recommend SQLite for multi user servers. [1]

2- MIAB supports using Nextcloud for managing contacts and calendar but file management is not officially supported so if you want to use that same installation of Nextcloud for storing your files, you won't get support from the MIAB devs in relation to any issue related to files storage [2] (in that case you will have to seek help from the Nexcloud community).

3- As a result of the 2 points above, for multiuser installations you may want to have a second instance of Nextcloud, backed by Postgres or MariaDB, just for your files storage, while you can keep using the version included in MIAB for contacts and calendar. However, for a single user installation, you would be fine using the version of Nextcloud that comes in MIAB (I have been doing that for a long time and I'm fine, mine is a single-user system).

4- The version of Nextcloud that is included in MIAB by default locks access to the admin interface, this can be unlocked using the provided script [3]

5- The automated backups that MIAB creates, will also include all your Nextcloud flies, not just email, calendar and contacts. So if you have a lot of files it's a good idea to use the S3 backup functionality instead of the default on-disk backup method (otherwise backups files will soon eat up all your storage). In my case I use the MIAB S3 backups feature, and I save my data in Digitalocean Spaces which is S3-compatible [4]

[1] https://docs.nextcloud.com/server/stable/admin_manual/config...

[2] See par. "What’s inside the box?" https://mailinabox.email/

[3] https://github.com/mail-in-a-box/mailinabox/blob/master/tool...

[4] https://www.digitalocean.com/docs/spaces/resources/s3-sdk-ex...


Great to see this article here :-) nextcloud is easily one of the most popular apps on our platform cloudron and it's for selfhosters what wordpress is for web hosters (meaning: a love/hate relationship). Happy to answer any questions on next cloud.


Really appreciate


Wow


I tried nextcloud for a couple months earlier this year and found it to be overcomplicated poorly engineered junk. It was super unreliable on iPhone. Simple things that should have worked perfectly, like uploading or downloading files, were very unreliable. There’s a certain class of software, usually written these days in a PHP, python, or JS, where there’s a big focus on making it “easy to use” or having a nice UI that usually accomplishes neither and you also have to contend with the underlying software being bad.

At this point, the only solution I’ve found to the kind of self-hosting stuff nextcloud provides are various utilities built on top of SSH — like rsync (which works perfectly) - or samba (which works OK). I haven’t found anything that really works well on iOS.


Very same experience here, except that I ended up with a simple webdav server to share with family and friends. And it was already quite frustrating to realize how few servers are available and how many client applications pretending to support that rather simple protocol were actually not working properly. Tells a lot about how badly selfhosting have fallen out of fashion. I can remember a time when you would get better service when hosting your own file sharing, emails, DNS, VoIP... and plenty of good free software servers for everything to choose from, but it seems not to be the case any more.


I learned the hard way that you should never, ever put huge (as in many files) directories on Nextcloud. In my case a couple Git repos.

It worked fine at first but after a while it got really confused, to a point where Nextcloud randomly decided that the older version on the server was actually the more recent one, and synced that folder back onto my local, updated repository. And I was the only person touching those folders, the Nextcloud server was only used as a backup during that period.

It's got a couple neat features, but problems like this are really not excusable. When the one core feature breaks in everyday situations for users doing version control it's not a good look.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: