Proto Himbo European

*Edit 2*: I got a (filtered) notification from nextcloud which reads: "Sorry about the confusion! This is a post by an anonymous forum user, not one of Nextcloud's official help pages. We're sorry if that wasn't clear. And the community's suggestions for your Nextcloud server here are great, thanks everyone!"

That was really nice to know.

Original post below-------

Nextcloud, this is kind of assholey. No, I don't "value low cost over root access to the machine." I value my time and my data. I don't have the knowledge to manage security threats to my own machine (therefore pretty much all of my family's data), opened to the Big Wide Internet, and I enjoy the fact that the environment (e.g., SQL+nginx etc.) is set up and managed by my host, so I don't have to become a sysadmin to have a low-budget, self-hosted dropbox.

*Edit*: Nextcloud has been great and also a huge hassle. Upgrading is always (ALWAYS) a multi-hour or multi-day process for me, and there are constant headaches with little things that don't work (e.g., authentication with my mobile sync app, for some reason). I'm already considering paying #proton for some stuff, so I think in about February, if I can't get my major NC hassles fixed, I'll just ditch it once and for all and use Proton Drive, which seems secure and easy to use, even though it's not #FOSS. I really don't have time to go get a second degree in systems administration right now.

#nothelpful #nextcloud #selfhosted

Jan 6, 2025 at 5:03pmWeb
Show threadOliver CalderJan 6, 2025
@guyjantic I self-hosted nextcloud manually for a year or two before discovering the nextcloud snap (github.com/nextcloud-snap/nextcloud-snap). It bundles all the dependencies (nextcloud, mysql, php, apache) in a single package, and all you have to do is `sudo snap install nextcloud`. It does automatic updates (with rollback support) and provides functions to backup and restore *everything* for trivial migration between servers. I ran this on a rpi4 for years, then migrated to a mini PC.
Show threadProto Himbo EuropeanJan 6, 2025

@oac I've seen people doing it with snap and also docker (which I need to learn more about anyway...). My biggest concern, and the reason I use shared hosting, is #security. How secure is that? And how easily does home/self-hosted #nextcloud become less secure due to things I will definitely (not) do, like configuring a setting wrong or failing to do maintenance/updates on a regular schedule?

(Edit: sorry about hashtags; hoping for broader visibility in case my question falls outside your experience).

Show threadOliver CalderJan 6, 2025
@guyjantic Snaps all run in an AppArmor sandbox which restricts their access to only those system resources explicitly granted via snap interfaces for the particular snap. So in the case of `nextcloud-snap`, that's `network` (internet access), `network-bind` (listen on port), and optionally `removable-media` (if you want to make a backup to a removable drive). Notably, no filesystem access outside of the snap's own files. If the service is compromized somehow, damage is contained to the snap.
Show threadOliver CalderJan 6, 2025

@guyjantic As for maintenance/updates, there's essentially nothing you need to do. The snap updates itself in the background and the service restarts automatically. Even if you migrate to a new server via export/import, clients should Just Workβ„’ since everything about the configuration should be identical on the new server after the import.

The configuration complexity is pushed to nginx, certbot, and port forwarding (or tailscale) configuration, which is easier for me to understand, at least.

Show threadOliver CalderJan 6, 2025
@guyjantic All you need is a single nginx config for the reverse proxy, which basically just tells it to forward traffic to your internal nextcloud snap port, and then run certbot once. After that, the nginx profile shouldn't need updating, and certbot should renew your certs automatically. There's basically nothing to manage, in my experience.
Show threadOliver CalderJan 6, 2025
@guyjantic It's a different approach, not integrated with your hosting provider's database. But the snap prevents all external access to the database backend. It's all sandboxed using snap interfaces, and doesn't expose any ports beyond 80 (and/or 443, both configurable). It does require root access to install and run, so might not be compatible with your current hosting provider. FWIW, I ran the nextcloud snap on a pi4 for years and it was totally usable, if you'd rather not pay a subscription.
Show threadProto Himbo EuropeanJan 6, 2025

@oac Seriously, thanks for this. It's seeming pretty doable. If I can feel good about security (and not having to learn all the ins and outs of SQL, Apache, Nginx, etc.) I'd love to host NC here in my house instead of having to use SSH to administer it on someone else's computer.

The host is @opalstack, which frankly kicks all the ass and does lots of stuff to help me (and others) manage shared stuff with tools some other hosts don't give their users, but it would still be (I think) simpler to do it locally.

I appreciate the help.

Show threadOliver CalderJan 6, 2025

@guyjantic In addition to my own server, I've helped a few other people set up nextcloud on their own hardware using the nextcloud-snap and nginx as a reverse-proxy, so you can run other services as well if desired, and have easy-to-manage SSL certs via certbot. One of them has been writing up a full guide (really, everything) about how to do this. I'd be happy to send it along once it's published.

Best of luck!

Show threadProto Himbo EuropeanJan 6, 2025
@oac Damn! Yes, if you happen to remember me when the guild is published, I would read that with great interest.
Show threadOliver CalderJan 12, 2025

@guyjantic All right, the guide is live: https://juliancalder.dev/blog/nextcloud/

My brother has been working on writing it to document his own setup process. Hope it can be useful to you! If you hit any snags or questions, please feel free to reply/email either of us and we'll be happy to help.

Nextcloud setup and configuration

Show threadProto Himbo EuropeanJan 12, 2025
@oac woo hoo! That was fast! Thank you and thanks to your brother!
Show threadthedoctorJan 6, 2025
@guyjantic Maybe this is worth looking at: https://www.hetzner.com/storage/storage-share/
It's pretty good value for money, a managed Nextcloud instance for which you get an admin account. Everything else is done for you.
Proton Drive is also decent enough but it's limited in terms of storage space. If you need more than 500GB, you're mostly out of luck there.
Managed nextcloud: cheap cloud storage

Managed nextcloud by Hetzner: safe, cheap cloud storage. βœ“ GDPR-compliant βœ“ simple and custom βœ“ 100 % green electricity

Show threadProto Himbo EuropeanJan 6, 2025
@thedoctor Oh, I've heard good things! This is an option for me. Thanks. 500GB is also just fine for me (I don't put everything on NC now; probably 100GB or less), so Proton is an option, too.
Show threadNextcloud πŸ“±β˜οΈπŸ’»Jan 8, 2025
@guyjantic Sorry about the confusion! This is a post by an anonymous forum user, not one of Nextcloud's official help pages. We're sorry if that wasn't clear. And the community's suggestions for your Nextcloud server here are great, thanks everyone!
Show threadProto Himbo EuropeanJan 8, 2025

@nextcloud That's actually really nice to know. I thought that was Nextcloud's official position on helping anyone with shared-hosting installs. I appreciate this.

BTW I had to dig to find your comment because apparently... (see image)