The free cloud storage software ownCloud has blossomed over the past years into a serious competitor for commercial services like Dropbox and Google Drive. Users wanting to take responsibility for storing their own data can enjoy convenient and frequent synchronization between computers and mobile devices by using a small server fitted with an ownCloud package. NAS device users often find it easy to install ownCloud packages in the official, and sometimes also unofficial, package sources of their system.
However, the ownCloud success story met with a serious setback at the end of last April. The ownCloud founder Frank Karlitschek [1] and a number of the original developers all left the project to pursue development of an ownCloud fork, which they call Nextcloud [2]. Jos Poortvliet, who was previously the community manager for ownCloud and is now responsible for communication for Nextcloud, refers to the undertaking as a "re-start." According to Karlitschek and Poortvliet, the new start was prompted by dissatisfaction arising out of structural problems and various business decisions occurring within the ownCloud organization.
Separation
To carry out this endeavor, Nextcloud is cooperating with Spreed.ME [3], a company that sells a computer named Spreedbox [4], which has a pre-installed video conferencing solution that combines a WebRTC server with ownCloud. Karlitschek and Niels Mache lead the new organization. Before joining Nextcloud, Mache was responsible for Spreed.ME. He was also a co-founder of Red Hat Germany. The goal of the new project is to expand the web application significantly beyond its core functionality and integrate something like the WebRTC server from Spreed and its accompanying application. Additionally, the project officially wants to maintain and support frequently used ownCoud applications, like the calendar and contact administration. They also have plans to cooperate with LibreOffice collaborative editing of office documents in the browser.
The current state of Nextcloud 9.0.50 is not very different from the most recent version of ownCloud (see the "Next- vs. ownCloud" box). Frequently, you can use the directions for installing ownCloud when installing Nextcloud. For my tests, Nextcloud shows what it can do on a system with an Ubuntu server 16.04 with Apache and MariaDB, which was previously known as MySQL. Port forwarding from the router makes it possible to access the home server through the Internet. A free SSL certificate from Let's Encrypt [5] protects the privacy of the user data as it traverses the Internet.
The current version of Nextcloud is still largely based on ownCloud 9. A write-only function is one example of the improvements that have already been been built into the fork. Write-only capability lets anonymous users upload data into the cloud, even though they themselves do not have access to files and directories that exist there. Likewise new is the log function that captures events such as a file release, update, or login. The developers also report that they have hardened the software to withstand attacks, and various bugs have been fixed.
Installation
Before beginning installation of Nextcloud, update the system package sources and install all available updates for the distribution (Listing 1); then, it is time to install the Apache web server and MariaDB, plus all of the Apache and PHP extensions that are needed for the service (Listing 2). Afterward, you should activate the Apache module mod_rewrite
for readable URLs and mod_headers
for the SSL connection. Next, you should start the web server and let it cycle through one time (Listing 3). Theoretically, SQLite would suffice, but MySQL/MariaDB is recommended for a larger installation when more than two or three users will have access.
$ sudo apt update
$ sudo apt full-upgrade
$ sudo apt install apache2 mariadb-server libapache2-mod-php php-gd php-json php-mysql php-curl php-intl php-mcrypt php-imagick php-xml php-zip php-mbstring
$ sudo a2enmod rewrite
$ sudo a2enmod headers
$ sudo service apache2 restart
The MariaDB database server, based on the MySQL project, requires a little bit of extra work (Listing 4) involving setting a root password (not to be confused with the root password for the Linux system). The mysql_secure_installation
script makes for a secure installation. It requires that you enter the current SQL root password. In the example, the password after running the first command would be secret
, although it can be changed easily in the installation script. As a rule, all of the other questions can be answered with Y
.
$ sudo mysql -u root
MariaDB [(none)]> update mysql.user set password=password(,secret') where user='root';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit;
$ sudo mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): secret
[...]
Change the root password? [Y/n] y
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
Now all that is missing from Nextcloud is a database to organize the data in the cloud. To create a database, you log in again on the MariaDB server and then use Listing 5, together with suitable rights and settings, to set up the database.
Set up Nextcloud Database
$ sudo mysql -u root -p
MariaDB [(none)]> CREATE DATABASE nextcloud;
MariaDB [(none)]> CREATE USER ,nextcloud'@'localhost' IDENTIFIED BY ,secret';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nextcloud.* TO ,nextcloud'@'localhost';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> exit;
Let's Encrypt
Next on the agenda is creating access to the server via the Internet, and procuring an SSL certificate from Let's Encrypt to secure the connection. The first step here is to forward ports 80 (HTTP) and 443 (HTTPS) from your router to the server. You also will need a static DynDNS address so that the local network is always accessible in the future. Typically, an Internet service provider assigns a new Internet address for each dial-up. The free DynDNS service [6] assumes absolutely necessary tasks, like logging in each month to the web interface, making the process of maintaining remote access to a user's computer and devices far less stressful.
Please note that every router is different, in general, you would log in to your router and look for a Port forwarding
or Port Mapping
menu. You will be asked for the internal IP address of your server, the protocol (TCP or UDP – you need TCP) and public ports that need to be forwarded there (80 and 443), and the internal ports the server will be receiving information on (also 80 and 443). If your server is on 192.168.1.112
, for example, you would create two entries in the table, one with 192.168.1.112
, TCP
, 80
(public port on the router) and 80
(internal port on the server), and another with 192.168.1.112
, TCP
, 443
(public port on the router) and 443
(internal port on the server).
The majority of modern routers also come with a Dynamic DNS
option that allows you to access your cloud from the Internet without having to remember your public IP address. Also, if you have a dynamic IP (as most of us do), the DynDNS service will keep track of that and resolve access to the server transparently. The downside is that most of these services are not free.
Use the form in your router to fill in details provided by your DynDNS provider (Figure 1). To test the setup, call the test site for the newly installed webserver using the DynDNS address. This will be an address that, if you are using the sample DynDNS service, looks like like this: http://<example>.ddns.net (Figure 2).
Figure 1: No-IP offers up to three free dynamic DNS names for your server.
Figure 2: The dynamic DNS data into your router.
Now you need to add a Let's Encrypt certificate to the web server. First, install the python-letsencrypt-apache
package and generate the certificate (Listing 6). The URL corresponds to the previously created DynDNS address. The dialog box for choosing the mode (Figure 3) causes the web server to route all queries automatically over the encrypted HTTPS protocol (Secure
), or you must explicitly call the HTTPS address (Easy
). For purposes of individual security, the better choice is the Secure
method. Using the
Let's Encrypt Certificate
$ sudo apt install python-letsencrypt-apache
$ sudo letsencrypt --apache
$ sudo letsencrypt renew --dry-run --agree-tos
Figure 3: To achieve optimal security, configure Let's Encrypt so that it routes all connections via HTTPS (the Secure option).
renew --dry-run --agree-tos
command, you can then check to see whether the certificate, which is only valid for 30 days, can be properly updated. Typically the system does not generate any error messages.
Ideally, Let's Encrypt should automatically renew the certificate. Therefore, you should install a system timer to make sure this happens. To do this, first go to the /etc/systemd/system
directory and create the files letsencrypt.service
and letsencrypt.timer
using the first two commands in Listing 7. You can see the contents for the files in Listings 8 and 9. Save and close your editor. The service assumes the actual task of renewing the certificate and causes the web server to reload its settings once renewal has taken place so that it is also accepted. The timer unit then automatically executes the Let's Encrypt service once each day.
Creating Let's Encrypt Services
$ sudo nano /etc/systemd/system/letsencrypt.service
$ sudo nano /etc/systemd/system/letsencrypt.timer
$ sudo systemctl enable letsencrypt.timer
$ systemctl list-timers --all | grep letsencrypt
Mi 2016-06-22 00:00:00 CEST 12h left n/a n/a letsencrypt.timer letsencrypt.service
[Unit]
Description=Let's Encrypt renewal service
[Service]
Type=oneshot
ExecStart=/usr/bin/letsencrypt renew
ExecStartPost=/bin/systemctl reload apache2
[Unit]
Description=Daily renewal timer of Let's Encrypt's certificates
[Timer]
OnCalendar=daily
Persistent=true
[Install]
WantedBy=timers.target
Nextcloud
Nextcloud comes in either a TAR BZ2 or ZIP archiving format. Listing 10 shows how you can download, uncompress, and install the files. Once downloaded, extract the file to the root directory of the web server at /var/www
and then transfer the rights to the data under /var/www/nextcloud
to the www-data
system user. Alternatively, the project homepage [7] offers the archive with PHP source code for the program.
Download and Install Nextcloud
$ wget https://download.nextcloud.com/server/releases/nextcloud-9.0.50.tar.bz2
$ sudo tar xf nextcloud*.bz2 -C /var/www
$ sudo chown -R www-data.www-data /var/www/nextcloud
You can then install a virtual host so that the Apache web server can access the data. To do this, create the configuration file nextcloud.conf
as shown in Listing 11 and put it in the /etc/apache2/sites-available
directory. Then execute the commands
Alias /nextcloud "/var/www/nextcloud/"
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
$ sudo a2ensite nextcloud
$ sudo service apache2 reload
These commands activate the virtual host and reload the configuration for the web server. It should now be possible to access the Nextcloud installation with the browser at http://<example>.ddns.net/nextcloud (Figure 4).
Figure 4: Once installation is complete, use the Nextcloud configuration wizard to install access to the database server.
The setup wizard asks you to enter the access data for the first administrative user. Farther down, you also enter the data assigned to the MariaDB server localhost
as part of the LAMP stack installation for the database host. In the example configuration, this would be nextcloud
for "Database user" and "Database name." Finally, enter the password chosen for the Nextcloud user of the database. Clicking on Finish setup
transfers the settings to the configuration, then the browser will automatically take you to the Nextcloud home (Figure 5). To get started with the setup, open the Admin
settings from the drop-down menu under your username. Here, you can also see potential problems in the web server configuration (Figure 6). (Also see the "Optimizing" box.)
OwnCloud recommends installing a PHP cache to avoid the need for continuously re-executing the power-hungry program instructions [8]. This is also a good approach when working with Nextcloud.
To install the cache, first install the php-apcu
package from the package administration, then enter the instruction
,memcache.local' => ,\OC\Memcache\APC'
in the /var/www/nextcloud/config/conFigurephp
as shown in Listing 12. The program automatically accepts the change to the configuration when the page is reloaded.
[...]
,installed' => true,
,memcache.local' => ,\OC\Memcache\APCu',
);
Figure 5: The web interface for Nextcloud still resembles that of its predecessor, ownCloud. The system can be used immediately once installation is complete.
Figure 6: Access to the settings used for installing the system is restricted to the system administrator. These settings contain helpful information about problems that can occur during installation.
Clients
You don't need to open a browser to access the Nextcloud installation. Network-capable file managers like Files, Nautilus from Gnome, or Dolphin from KDE can open the cloud storage platform via WebDAV without opening additional programs.
To use this method, open your files explorer (Files
in Unity), click on Connect to Server
and enter a URL corresponding to a file (e.g., davs://<yourserver>.ddns.net/nextcloud/remote.php/webdav
). If you are using Dolphin, replace the protocol component at the beginning of the URL with webdav://[...]
. Now you can work with data that is stored remotely in the same way you work with local files. To synchronize files and folders between connected computers with Nextcloud, you need a client program. Presently, Nextcloud only offers a proprietary app for Android users, and desktop users still have to rely on the ownCloud client (Figure 7).
Figure 7: Users with desktop computers still rely on the ownCloud client. Alternatively, you can open data stored in the cloud with a WebDAV-capable file manager.
Desktop clients have become part of the package sources for various distributions. For example, under Debian and Ubuntu, look for owncloud-client
. When you have installed the client, enter the URL https://<yourserver>.ddns.net/nextcloud as the server address. To avoid confusion, it is best to make the storage location ~/Nextcloud
instead of ~/ownCloud
. Once installation is complete, the client copies the data currently stored on the server to the directory that has been selected.
The Nextcloud app for Android is installed from the Google Play Store [9]. This smartphone app looks very much like the ownCloud original except that it has a different color scheme (Figure 8). Unlike the ownCloud app, the Nextcloud app comes free of charge. The ownCloud app is also covered by a free license, but you either have to pay EUR0.79 or install it via the F-Droid open source market [10]. The iOS app for Nextcloud [11] costs $0.99, and the ownCloud app for Apple devices [12] should also work with Nextcloud installations.
Figure 8: An official Nextcloud app exists for Android. Unlike the ownCloud version, it can be installed free of charge from the Play Store.
Conclusion
Poortvliet describes Nextcloud as a "reboot" of the ownCloud project. That said, Nextcloud still bears a close resemblance to its predecessor. Therefore it is easy for beginners to work with both the original and the fork. However, because Nextcloud now has many developers, it is fair to say that Nextcloud will probably experience the greater number of improvements. These enhancements might include audio and video chats via software created by Spreed.ME. It remains to be seen how ownCloud will fare compared with Nextcloud or whether it will suffer a fate similar to that of OpenOffice.org or MySQL.