Migrating to Nextcloud from ownCloud
Once again ownCloud has become inoperative after a package update (OpenSuSE
Tumbleweed dist-upgrade) that included a minor version update for ownCloud.
This happens every year or two and is very annoying. I've decided to take
drastic action: to change to a different file sharing service.
Table of Contents
A file synchronization or file sharing service manages a designated
directory (or several) on a collection of hosts. If one host creates, changes
or removes a file in that directory (recursively), the change is propagated to
all the other hosts. An extension is collaborative editing: multiple users
have (instances of) the same file open at the same time in the service's
augmented editor, and they edit the file coordinately without trashing it.
Major goals, beyond what a file sharing service normally does:
- The types of data that jimc currently shares are contact lists,
calendars, web pages (see Pico CMS), and generic flat files.
- Possible future shared data types include web browser bookmarks and
- The text, voice and video chat features should also be investigated,
since on my net, generic XMPP seems to be having support problems.
- For keeping the package up to date, these are my preferences for
getting the software:
- RPMs from OpenSuSE Tumbleweed official repo (when pigs fly).
- SuSE Open Build Service experimental or community repo.
- Non-SuSE repo.
- Tarballs. (See below for finger of blame.)
- I'm making a new rule about backup: all content must be recoverable
after a total loss and reinstallation of the file sharing service, as
recently happened. The backups shall be in their native formats.
Particularly, contacts and calendars shall be in a form (VCF) that
can be imported into the new file sharing service instance; a database
backup isn't good enough (but will still be done).
Why not just resurrect ownCloud? I'm pretty sure that a disagreement
between the ownCloud tarball and directory ownership by a SuSE package killed
my ownCloud installation. In addition, ownCloud seems to have picked up some
political issues, referring to its style of support:
- They seem to be emphasizing enterprise deployments with paid support,
with residence either on the customer's I.T. infrastructure (the
original paradigm) or on ownCloud's servers.
- I see few recently added apps in the app store.
- A lot of the non-corporate developers have forked the project into
a new one called Nextcloud.
- A large and raucous user base have followed them over, who claim a
larger market share than ownCloud, probably referring to a lot of small
installations, versus a few installations with a lot of users on each.
- Oooo, Nextcloud has been deployed for GDPR compliance by:
- French Ministry of the Interior
- Dutch Ministry of Education
- German federal government
- Swedish federal government
- Your legal and security situation is a lot more sanitary if you host
your customers' data on your own servers, vs. a commercial service,
particularly if you are subject to GDPR in the European Union.
This category of software is referred to as a
file synchronization service (Wikipedia list).
What is available?
The Wikipedia list has been filtered to meet these requirements: must be hosted
on the user's net, not a commercial service; server must run locally on Linux;
must have a generic web interface; must have native clients for desktop Linux,
Android, and iOS. (Other people will want Windows and macOS too.)
- Nextcloud: well liked by the raucous user base.
- ownCloud (community edition): what I'm trying to get away from.
- Seafile (community edition): I hadn't heard about it before, but it's
mentioned frequently in research results as another alternative.
A big advantage of Nextcloud is that it's very similar technically, if not
culturally, to ownCloud, so my work in learning to manage it will be less than
for a new package like Seafile.
Preliminary investigation gives me some confidence that Nextcloud is the
way of the future, and so I'm going to resurrect my file sharing service by
migrating to Nextcloud. Of course ownCloud will not be de-installed until
Nextcloud has proven itself operational.
Features of Nextcloud, emphasizing those that Jimc is already using (U) or
should investigate (I). This list is summarized from the Wikipedia article.
- Shared use of files by multiple clients. (U)
- Includes Linux desktop, Android and iOS clients, as well as a
generic web browser interface. (U) There are also clients for
Microsoft Windows, macOS and FreeBSD, but I don't use them.
- Generic WebDAV API (Sabre/DAV) to be used by ad-hoc clients like the
contacts and calendar connector. (U)
- There is a backup app in the app store. (I)
- Kerberos authentication (coming someday).
- CalDAV and CardDAV plugins, interoperates with contact and calendar
apps on mobile devices, plus viewing and editing cards on the generic
web interface. (U)
- Streaming media (Ampache). (I)
- Bookmark server. (I)
- Plugin for Pico CMS, a Content Management System (website content
- Office suite: OnlyOffice and/or Collabora Online. (I)
- Text, voice and video chat extension, similar features as commercial
competitors (but not interoperable). (I)
The office suites, per Wikipedia:
Wikipedia article about it. It is allegedly FOSS, also available as SaaS (presumably paid).
- Document management and sharing. Includes audio and video player.
Includes editors for text, spreadsheets, presentation, forms.
Can handle collaborative editing.
- Project management: team management, Gantt charts, etc.
- Client Relationship Management. With billing and sales reports.
- Mail client.
- Calendar client inluding
- Community or corporate soclal network functions.
- Collabora Online
Wikipedia article about it. Built upon LibreOffice (with a formal
partnership/sponsorship) but enhanced
to handle collaborative realtime editing.
- Objects that can be edited: text documents, spreadsheets,
presentations, vector graphics.
- Revision history and control.
- Integrated text, voice or video chat (while editing) .
- Normally used with the generic web browser interface, but there
are native apps (for Collabora, not the Nextcloud native app)
for Andoid, ChromeOS, iOS, desktop Linux, Windows, macOS.
- It can work with no Internet connection (airplane mode). (How
does this jive with the philosophy that the document never leaves
Overall strategy to install Nextcloud:
- Relevant data in ownCloud has been backed up properly or has been
recovered from the database by cowboy programming.
- The ownCloud installation (damaged) will be left in place until
Nextcloud is confirmed working.
- Nextcloud will be installed from scratch. It has extensive features
to help migration from other services, particularly ownCloud, but
absent a working ownCloud instance, the migration tools will not be
feasible to use.
- Then the saved content will be restored and client apps (e.g. contacts
on Android) will be reconfigured to use it.
- Finally, when everything seems to be working, ownCloud can be removed.
The package to be installed is nextcloud-24.0.5-2.1.noarch in the
Factory/standard repo (Tumbleweed main repo) (not for Leap). 102Mb compressed,
noarch implies that it's all in PHP. It has a few dependencies (PHP modules),
under 1Mb. php7-bcmath php7-gmp are recommended; they need to be listed
explicitly in extra.sel. 338Mb installed, 22954 files, almost all of them are
in /srv/www/htdocs/nextcloud/ .
Product hype says it is currently available on the repos of OpenSuSE
Tumbleweed, Arch Linux, Fedora, Debian and Ubuntu, and Alpine Linux has a
special repo for it. It's all in PHP, so no architecture limitations. It does
require a database (see later for which ones are supported). Hardware that
people run it on ranges from Raspberry Pi to Intel NUC to enterprise servers.
Glossary and User Interface for Nextcloud:
- Avatar: A picture of you, uploaded to your profile page. 128x128px
should be plenty; a giant photo wastes space and time. Keep in mind
that it will be cropped to an inscribed circle. If no photo is set,
they use the initial letters of your name. The avatar is always(?)
visible at the right of the top border. When clicked on, it produces
a menu of the most important actions including Logout and Settings
(your profile page and more).
- Hamburger: an icon of three horizontal lines, which (at least to
Microsoft UI devs) looks a little like an edible hamburger. In the
Nextcloud UI it generally is at the upper left of the page. It opens
a toplevel navigation menu, including Settings, generally at or near
the bottom if existing. To close the navigation pane, either click
on the relocated hamburger again, or drag the main page to the left.
OK, how do you install it? RPM installation was uneventful but obviously
there's a lot more to be done. But the project page doesn't have an obvious
link to their installation guide and/or product manual.
- On the front page, scroll down to
Use Cases, and at the bottom of the section there's a button titled
Get Nextcloud at Home.
- This page gives you an overview of Nextcloud
features (product hype), and at the end is a link titled
How to Get
- This page turns out to be a set of three links:
- Commercial providers who host Nextcloud.
Nextcloud Install which is the real download page (or root of
a set of download pages) for clients, server, documentation, and
- Dedicated hardware (e.g. NAS boxes) that you can install Nextcloud on.
- The resulting page has a subtle nested list design, and what you want
is the Download Server major section, Community Projects, and then
under either the Web Installer or Archive paragraphs, find the link
Nextcloud Admin Manual (which includes installation and server
Now that the treasure hunt is complete, I'm going to read through most
of the document and take notes.
- System requirements for the server:
A 64bit CPU and 64bit OS is required for Nextcloud to run
well. Implying that you could run it on an old i586 but it
will be a slug.
- Operating system: Linux, OpenSuSE Leap 42.1 (ancient) or later.
Similarly for other Linux distros, Nextcloud will tolerate somewhat
old OS versions. Since it's all in PHP, if you can get a supported
PHP version onto the OS, there should be no problem executing
- You can actually run the Nextcloud server on Windows. A virtual
machine is recommended and several VM images are available.
- Database: MySQL 8.0+, MariaDB 10.2 to 10.5, PostgreSQL 10 to 13,
SQLite (only for testing and micro instances), Oracle 11g (only
with paid enterprise subscription).
- Webserver: Apache 2.4 with mod_php or php-fpm, or nginx with
- PHP version: 7.4, 8.0 (recommended), 8.1
Installation on Linux for required PHP modules and additional
- Recommended web browsers: Microsoft Edge, Mozilla Firefox, Google
Chrome or Chromium, Apple Safari. Or other browsers based on these.
- Nextcloud deployment recommendations: with a support subscription,
you can get detailed recommendations for three size examples:
150 users and 1e10 bytes data; 1000 users and 2e14 bytes data;
1e5 users and 1e15 bytes data. See Nextcloud Global Scale for up to
- Installation on Linux: You can install their tarball, or distro
provided packages, or a Snap Package, or a VM image. They list
required and optional PHP modules (investigate php-gmp). A persistent
memory cache is recommended such as redis (which I have).
You don't need mod_webdav because Sabre/DAV is included (but presence
- Webserver details: It needs an Apache conf file (provided). You can
put Nextcloud as a subdirectory of your webroot, or directly at the
root (normally for a vhost). See also the list of required Apache
modules. SSL is strongly recommended.
- Using the Installation Wizard: Once you have everything installed,
navigate to the magic URL, give the admin loginID and password (to
create the admin account), and answer the questions.
- Location of data directory (under Storage and Database). It is
hard to change after installation. It
should be outside of your DocumentRoot (web page storage). It must
already exist and be owned and writable by the HTTP user (wwwrun
- Choose the database. It will want the loginID and password of
the database root user (or an administrator authorized to create
databases and users, and to give permission to the newly created
admin user). It will
create a special database role (with the admin's name prefixed by
'oc_') and will never use the global admin's login again.
- Finally hit
Finish Setup and you're ready to begin setting
- The wizard will install recommended apps like Calendar and
- Before logging in as the admin user, you need to edit config.php
listing the trusted_domains. These are hostnames or IP addresses.
Clients must use a URL whose host part is one of these hostnames.
(These are the hostnames or IPs of the server, not the client.)
- The next step is to install more apps. Here's a
list of officially supported apps (vs. 3rd party apps). See below
for which ones I installed and how well they worked out.
- User management:
- You can use LDAP for authentication, if you installed the LDAP
app, which I did. Other authentication and single sign-on services
are available also.
- Lacking LDAP, the admin needs to create all the users, with
loginID, password, full name and group membership. And e-mail
address. Or let the user fill in the full name and the password.
- The admin group is special: to give admin rights to a user, put
them in the admin group. It is possible to delegate portions of
admin rights to particular groups. Group admins can control
membership of the group.
- If you forget your password: There is a link on the login screen;
if your e-mail address is in your profile, a password reset link
can be sent. Or you can ask your admin to reset it.
Or use the
occ user:resetpassword command (useful if you're
the only admin). See the admin manual for the actual command line.
- Checking required PHP modules:
- Missing: php7-libxml, php7-session, php7-SimpleXML; these are
not explicitly required by the Nextcloud package whereas most or
all of the other required ones are listed in the RPM. Nextcloud
is running fine without them.
- Installed with another spelling: php7-XMLReader →
php7-xmlreader, php7-XMLWriter → php7-xmlwriter .
- Required modules installed on Jacinth: php7-7.4.30-1.3.x86_64,
php7-ctype, php7-curl, php7-dom, php7-gd, php7-json, php7-mbstring,
php7-openssl, php7-posix, php7-zip, php7-zlib
- Recommended but not installed: (none)
- Recommended and is installed: php7-fileinfo, php7-intl, php7-bz2
- Required for specific apps, and installed: php7-ldap,
php7-imagick, php7-imap, php7-exif, php7-pcntl, php7-bcmath,
- Other modules: we have libxml2-2-2.10.1, minimum is 2.7.0.
We have php7-redis .
- Database connector: php-pdo_pgsql is provided by php7-pgsql,
- For preview generation: php7-imagick, ffmpeg,
LibreOffice (have all 3).
- All needed modules were already installed or otherwise provided,
except for the
missing set, which are nowhere to be found on
seems to run OK without them.
- Base URL will be https://www.jfcarter.net:1445/nextcloud .
The nextcloud RPM package installs into /srv/www/htdocs/nextcloud .
- Nextcloud uses an Apache conf file or snippet
that aliases the base URL. (For ownCloud I just used a symlink,
but Nextcloud needs some more tweaking.) The package provides
this file in /etc/apache2/conf.d/nextcloud.conf. I moved it
into vhosts.d/nextcloud.incl and made a dummy file under the
original name so package upgrades won't resurrect it.
The 1445 and 1446 vhosts will include it. [Done]
- The above conf file provides RewriteRules that create aliases in
/.well-known/ for carddav, caldav, and several others. Clients use
these aliases to autodetect DAV services.
- Nextcloud requires mod_rewrite and recommends mod_headers,
mod_env, mod_dir and mod_mime. mod_dav is not required (presence
is OK); Nextcloud instead uses Sabre/DAV.
- Restart Apache after making these changes.
By default they put the data dir in /srv/www/htdocs/nextcloud/data .
Pre-create a data directory in a place that my backup scheme will
accept, owned and writable by the HTTP user.
For many people, /home is a lot better place than in the
software installation directory.
- mkdir /home/nextcloud .
- chmod 750 /home/nextcloud
- chown wwwrun:www /home/nextcloud #The HTTP user in SuSE
Instructions for database configuration from the admin manual.
- I'm using PostgreSQL for my database. The procedure for MariaDB
(MySQL) is generally similar. You need to do some configuration in
PostgreSQL before you run the Setup Wizard (or manual equivalent).
- Decide whether you want PEERCRED authentication, in which the
Nextcloud administrator is a UNIX user, or password
authentication. PEERCRED is
better in that the client
connects to the PostgreSQL socket, and the engine knows
authoritatively the UID that the client is executing as. But that
would be wwwrun (Apache user), which therefore would have to do
su to the admin (or some equivalent) and would give a
password to do
su. Better to just do password auth, like
with MySQL. The notes below are for password auth.
- Edit /etc/php7/conf.d/pgsql.ini with the configuration they
- pgsql.allow_persistent = On
- pgsql.auto_reset_persistent = Off
- pgsql.max_persistent = -1
- pgsql.max_links = -1
- pgsql.ignore_notice = 0
- pgsql.log_notice = 0
- pdo_pgsql.ini is in the same directory; it contains
extension=pdo_pgsql.so and is correct as installed.
- Edit ~/pgsql/data//pg_hba.conf letting in oc_nextcloud_admin.
oc_ to the admin's name that you give.
The first matching row
is the only one used, so these additions should be early.
| (Type) || (Database) || (DB Role) || (From Host) || (Mechanism)
| local || nextcloud || oc_nextcloud_admin || || md5
| host || nextcloud || oc_nextcloud_admin || samehost || md5
- Now you're ready to run the Setup Wizard. Or to create the
database by hand.
Do one or the other of these instruction sets; this one is for
the Setup Wizard.
- Navigate to the
Lacking configuration, it will run the Setup Wizard.
Create an admin account. Fill in the new loginID and
password. For me the loginID is nextcloud_admin (without
oc_ prepended); password is (wouldn't you like to know; it's
in Bitwarden). Leave them filled in and continue to…
- Into the Data Folder box, fill in /home/nextcloud which you
just created and re-owned.
- Click on Storage & Database.
- For the database engine, I prefer PostgreSQL (click on it).
- A form appears; fill it out:
- Database user: postgres
- Database password: Find it in ~postgres/.pgpass
- Database name: nextcloud (without
- Hostname: localhost:5432
Install. It circulated for 5 to 10 mins, and finally
came up with a page of recommended apps that it wanted to install!
- When finished installing, in config.php it adds
'installed' => true, I'm not sure when or how this happens on a
These instructions are for creating the database by hand.
- Start a session as the postgres master user. (Or another user who
has permission to create users and databases.)
Normally the connect string (with password) is saved in
~postgres/.pgpass . Beware, check in /etc/passwd if the postgres
user has a shell, and if not, either fix it or provide
-s /bin/bash to the
su postgres -s /bin/bash -c "psql"
- Issue these commands via psql; this is for password auth. Mind
the ending semicolons. Pick or generate a decent password.
create user oc_nextcloud_admin with password 'qwerty';
create database nextcloud encoding 'UNICODE' owner oc_nextcloud_admin;
grant all privileges on database nextcloud to oc_nextcloud_admin;
\q (to quit)
- To check your work,
su to wwwrun and give this command:
su wwwrun -s /bin/bash -c "psql nextcloud oc_nextcloud_admin"
(It will ask for the admin password.)
(Should describe the nextcloud database with arcane
permissions for oc_nextcloud_admin.)
\q (to quit)
For both the Setup Wizard or hand creation, review and/or fix up
- Database type: PostgreSQL
- Database user: oc_nextcloud_admin (not postgres, needs
- Database PW: The one specified when this user was created
by hand, or the admin password given to the Setup Wizard
- Database name: nextcloud (without
- Database host: localhost:5432 (is the default; maybe '' is
- trusted_domains -- Add the rest of them, see below.
The trusted domains started out with just 'www.jfcarter.net:1445'
which is the official base URL. The complete list is:
This is what happens at the end of the Setup Wizard. I didn't do
a total manual installation so I'm only guessing that all these steps
need to be done by hand. The wizard auto logs you in as the admin
user; on the manual installation the login would be manual too.
- First it installs the recommended apps, which are:
- Collabora Online
- Collabora Online Builtin CODE Server (dependency) (which
failed, not much error info, fix later)
- Mail (later I de-installed it)
- Then it opens up the admin user's dashboard, taking a while to
init everything. You end with a big white rectangle and a right
arrow; action icons along the top are not active, except X(close).
This is a product hype intro slideshow for
Nextcloud Hub II,
but the first frame did not
auto start. Hitting the right arrow showed frame 2, and the left
arrow brought back frame 1 with animated content.
On about frame 4 there are links to native apps on your favorite
download sites, plus links to connect calendar, contacts, etc.
The next frame has links to the admin manual, forums, etc.
- Cute frog picture. The dashboard seems to be reasonable.
How to log out from the web interface: click on your avatar
(picture or initials at upper right), and in the
log out is the bottom item. If you don't log
out your cookie will remain valid (I'm not sure how long) and when you
navigate to Nextcloud again your session will resume.
I added to Bitwarden the userID and password for nextcloud_admin.
Anyone in the admin group can do administrative things. To find
admin settings, click on nextcloud_admin's avatar (upper right corner).
Pick Settings. The Personal Info page will open by default. Click on
the hamburger at the upper left corner. Scroll past
the Personal categories and find Administration, then choose from
there. The sections below are all the Administration activities.
Security and setup warnings (quite a lot of
them since I haven't set up anything):
- The PHP memory_limit is below recommended 512M.
Find it in /etc/php7/apache2/php.ini (we're using mod_php).
As installed it's 128M (megabytes). [Raised it.]
- You aren't resolving some URLs in /.well-known/ . I fixed up
the RewriteRules for this in /etc/apache2/conf.d/nextcloud.conf
and got rid of all the setup warnings, but some of the URLs
seem not too functional. /.well-known/$service (where service
is host-meta, host-meta.json, nodeinfo, webfinger) returns
message: $service not supported. But
/.well-known/caldav and carddav are functioning OK.
- Verify your e-mail server configuration under Basic Settings,
then hit the button to send a test message. [Set up.] This
is how the admin gets problem reports.
- In config.php, insert 'default_phone_region' => 'US'. [Done]
- You need a memory cache.
- Yes we do have redis running, but it's an instance:
redis@owncloud. Copy /etc/redis/owncloud.conf to
nextcloud.conf, and it needs mode 640 root:redis because
it contains a password. Change owncloud to nextcloud
occurring: unixsocket, pidfile, logfile, dir. Create the
dir directory. Start the redis instance now and
enable to start at boot:
systemctl enable --now redis@nextcloud
- Oops, permission denied on /run/redis/nextcloud.sock.
nextcloud.conf needs unixsocketperm 770, and wwwrun to be
in group redis. (And reload apache2 to get the new group.)
- Yes we do have package php7-redis.
- See the admin manual for the php7-redis parameters to add
to /etc/php7/apache2/php.ini .
- But the overview still thinks the cache is not configured.
Reasons why this message is bogus:
- strace on the redis process says something was using
- /var/log/redis/nextcloud.log says something was using
- The Nextcloud log GUI shows no log messages when
the overview is reloaded.
- Forum posters mention that this message sometimes
won't go away despite troubleshooting.
- The PHP OPcache needs configuration, and the default sized
buffer is nearly full. This message self healed, and
apparently correct config items were already present in
/etc/php7/apache2/php.ini and also cli and fastcgi. Values are
equal to those recommended in forum posts. I didn't do it; I
assume it's the default from PHP7.
- This is Nextcloud-24.0.5 which is up to date.
- Basic settings
- Background job(s) aren't getting run. Default is AJAX, but they want
you to use cron [doing it] to execute (by wwwrun) cron.php every 5 mins.
cron.php is in the Nextcloud installation root. A forum post had
one person's list of background jobs and I'm judging that once an
hour is plenty for me.
- Background jobs cont'd: Calendar event notifications are sent via
background jobs, so they must be run frequently enough. Reverting
to every 5 minutes.
- More on background jobs: The frequent job execution caused cronj
to fail its functional test (though other cronj jobs seemed to run
even so). Rather than diverting to debug cronj, I made a systemd
timer/service unit. Now cron.php gets run and other cronj jobs
also get run on schedule.
- Profile (for new users): Enabled (is the default)
- Email server: is set up and tested.
- Collaborative Tags: None have been set up.
Taking all defaults, which are:
- Allow apps to use the Share API.
- Allow users to share via links and emails; allow public
- Allow username autocompletion in share dialog.
- Default share permissions: Create, Change, Delete, Reshare
(i.e all permissions).
- Federated Cloud Sharing: Allow foreign shares in and out,
search public global address book, allow users to publish data
in a public global address book.
- No trusted servers have been configured. You can still federate
to arbitrary servers, but trusted servers get more privileges.
- User can share by mailing a link that contains (?) a
password. More likely it contais an encrypted field saying what
is shared plus a HMAC to reveal fraudulent alteration.
Reply to initiator is enabled.
- Security settings
Taking all defaults.
- Two factor authentication: Allowed but not required.
- Server-side encryption: Off. Mind the performance penalty if
you turn this on. It refers to encrypting everything in the data
directory (data at rest) and decrypting it when sent out.
- Password policies:
- Minimum length 10, no history, no expiry, don't block after
N failed logins.
- Blacklist common passwords.
- Rules about password complexity: all are disabled.
- Check on haveibeenpwned.com (list of stolen passwords).
- Note: Since I'm using LDAP for authentication, except
for nextcloud_admin, no users will ever change their password
through Nextcloud and these rules will never be consulted.
- Brute force attack resistance: no addresses are whitelisted.
- OAuth 2.0 Clients: None configured.
Taking all defaults.
Taking all defaults. No email provisioning is
- Administration privileges
You can delegate to particular
group(s) write access to admin setting sections. None are delegated.
Users could be notified of certain events by
email (once an hour, batched?) or push to an app. Events include
file/folder modification, sharing, access to a share, PIM object
modified, various miscellaneous.
I assume this is a workflow framework. None
are configured; find some in the app store or create your own.
Taking all defaults. They provide their own
STUN server which tells the originator its own wild-side address. A
TURN server is a proxy to get through the participant's firewall; it's
not configured. For high traffic sites a separate high performance
signaling server should be used (vs. the internal one, in PHP, wimpy).
This is required for SIP. They have a partner who can sell you this
service. See below for an actual test of Talk.
- Nextcloud Office
The local CODE (Collabora Online
Development Edition) server didn't get installed. Retry loading it
from the app store. Or exec:
php -d memory_limit=512M occ app:install richdocumentscode
Later I got this installed and working; see below.
- Usage Survey
Not sent by default, but they want to hear
This is a display of the server's log messages
(most recent first). It's in the data directory,
/home/nextcloud/nextcloud.log. The format is ugly and prolix (489kb);
if feasible you should read it on this logging page.
I created a file in /etc/logrotate.d/nextcloud.J .
I have a lot of defaults preset; other users may need more commands.
Here it is:
su wwwrun www
create 644 wwwrun www
It has a fairly comprehensive system status
display. Sections: OS version; load (stripchart); memory usage
(stripchart); disc usage by partition (torus graph); net interfaces
status; active users; shares; PHP version; database type and version;
external monitoring tool endpoint URL. Running this page runs the load
on Jacinth up to 2.5.
So the settings accessible to the admin user have been reviewed and
adjusted where appropriate. The next step is to install infrastructure
apps to support this workflow:
- A new user logs in using Kerberos (GSSAPI), X.509 certificate, or
- A small amount of
provisioning happens automatically.
- The user can use the various payload apps.
Infrastructure apps to be installed from the app store for these
- LDAP user and group backend
Most apps are enabled when
installed, but not this one, because it requires site-specific
configuration. Generic procedure to enable an app:
- Log in as nextcloud_admin.
- Click on your avatar (upper right corner).
- In the resulting menu pick Apps. You get a list of installed
- Apps that need updates are listed first. Do any necessary
paranoid research, then hit the
- Scroll down and find your app (LDAP backend). Hit Enable.
If it's already enabled the button will be labeled Disable, so
leave it alone. The other 4 apps installed in this phase were
- Click on your avatar again. Pick Settings. You get your
- Click on the hamburger (3 lines, upper left corner). A list
of activities appears, divided into Personal and Administration
sections. But focus is still in the profile page. Click on
the hamburger to close the activity list. Click on the
hamburger again to bring back the activity list. Now focus
is on the list and you can scroll it. Watch out for behavior
changes in this area due to
- Scroll down and find your app (LDAP backend). Some apps like
Pico CMS have two line items, one under Personal for your
personal use of the app, and another under Administration for
Specific settings for LDAP: Nextcloud runs on the same host as one
of the LDAP servers, so localhost is used and TLS/SSL is not needed.
- Server: name is localhost, port 389. Credential is not used,
leave blank. Base DN could not be auto detected; for me it's
the realm with each component prefixed by dc=:
dc=cft,dc=ca,dc=us (and test it: OK). Filters: leave
blank, mine is a small directory.
- Users: object class posixAccount (was autodetected). No group
restriction because server has no member-of index. I didn't
monkey with the LDAP query. Hit verify: 91 users found.
- Login attributes: search by user name (vs. email or other)
(is the default). I didn't monkey with the generated query.
Fill in a loginID known to exist, and hit Verify: it's there.
- Groups: object class posixGroup (was autodetected). Pick any
number of required groups:
users in my case. I assume,
but haven't seen documentation, that you can have zero groups
(no group restriction) or multiple groups and a user in any of
these groups can log in. I didn't monkey with the generated
query. Hit Verify: 1 group found.
- I read, but didn't alter, the Advanced and Expert tabs.
- I'm assuming that the configuration has already been saved
and I can just navigate to a different page. Confirmed.
- Logging out. The logout item is at the bottom of the avatar
menu. Logging in: it let me on! (With the welcome slideshow
that won't auto play.)
- SSO and SAML Authentication
Published by Nextcloud.
Supported auth providers: SAML 2.0 (Shibboleth, Active Directory
Federation Services), mod_auth_kerb and any others that use the
REMOTE_USER environment variable. mod_auth_kerb is deprecated and has
been replaced by mod_auth_gssapi. See
jimc's blog post for some hints on how to configure it.
- First choose between the builtin SAML provider, or an
environment variable (set by the webserver's auth module).
Logging in with your regular Nextcloud account won't be
possible any more, unless you go directly to this URL:
- Only allow authentication if an account exists in LDAP (or
alternative provider). Turn on.
- Attribute to map the UID to: What are they asking for?
In the SAML branch, with OneLogin as the provider,
PersonImmutableID is the correct attribute. It seems there are
a whole lot of SAML identity providers. But for environment
variables I get no hits on Google. But this has got to be the
name of the variable. Trying it.
- When you log in, the SAML app maunders
Your account is
not provisioned (before getting my loginID). Logging in
to the fallback URL above and deactivating SAML SSO. [Done,
it worked.] I'll try to debug this later.
- Pico CMS
(Under Tools.) I have important content here
and this should be one of the first payload apps installed. It needs
both Administrative and Personal setup.
Administrative setup for Pico CMS:
- Restrict to group(s): none configured, everyone can use it.
- Custom themes: none installed.
- Custom plugins: none installed.
- Custom templates: just the provides defaults:
- Webserver: enable short URLs (turn on). You can still use
the long style.
Short style: https://www.jfcarter.net:1445/nextcloud/site/itsname/
Long style: https://www.jfcarter.net:1445/nextcloud/index.php/apps/cms_pico/pico/itsname/
The trailing slash is required; if missing, links in the
index page will replace the website identifier, rather than
being appended as they should be.
- Webserver: mod_proxy (for Apache). To make the short style
happen, you need to enable Apache mod_proxy and mod_proxy_http,
and to add the code that they give you to the other Nextcloud
configurations in apache.conf or equivalent. You can also
use a RewriteRule but the result is to rewrite short URLs into
long URLs which get sent back to the client's web browser.
So mod_proxy is recommended. Equivalent code is also provided
for nginx. [Done.]
- Reviving my Pico CMS website
- On the web app, which you could have reached either by logging
in or via the activity icon group on the systray icon pop-up,
click on your avatar, pick Settings, Hamburger, Pico CMS, fill
out the New Website form. The website's name is free-format
text (short) and may contain blanks and punctuation. The
identifier becomes the name of the site's toplevel
directory. It may contain lower case letters, digits, hyphen
and underbar; no upper case, no blanks, no dots or other
- Give the desktop client a moment (under 1min) to sync,
signalled by the systray icon changing to blue circle arrows.
The systray icon popup also has a list of recent sync events
that you can check.
- Copy (rsync or a substitute) the backed-up content from
wherever you backed it up into the toplevel directory of the
newly created website, as found in your ~/Nextcloud directory.
The restored content will be synced to your server, and from
there to other logged-in clients.
- The Pico CMS settings page has a list of your websites, and
each one's row has a … menu including
Website. The resulting URL (for me) is
The short URL feature lets it accept this URL instead:
The trailing slash is needed (in both forms) so links in
the index page will be appended to the website identifier.
Without the slash, the link targets replace the website
identifier, and of course are not found.
These are the Contacts and Calendar connectors on Android and the
nextcloud-desktop native app on Linux.
To set up the Android client:
- Log in as the user (yourself) to the Nextcloud web app. From
the top row pick Contacts.
- It says,
There are no contacts yet, which is correct.
- Click the hamburger (upper left corner), producing an index pane.
Settings is at the bottom. Click it.
- Sort by: (I picked last name)
- Update avatars (leave it turned off)
- Contacts… You can copy the link, download the
address book, rename it, disable, or delete it. Under
sharing (branched icon) you could share your address book
with other users or groups.
Unfortunately the copied link is just a <li> tag,
not the URL. What it should have said is,
- Recently Contacted… You can copy a link to this,
download it, or delete it (on the server?). I just left
- Add Net Address Book. (I didn't.)
- Import Contacts. I'm going to import them from my phone,
which has the intact list. (Men plan, God laughs.)
- I have the latest contacts file squirreled away on the backup
server and I have permission to read it. (Should I have
permission? I don't think so.)
- On the Android-12 device, open Settings-Passwords &
Accounts-jimc(CardDAV)-Edit Settings-Well, you can't change
the provider URL on this page.
- Open the CardDAV Sync app. You can't edit the URL here either;
you have to delete the ownCloud account, losing the phone's cache
of the ownCloud contact list, and then add the Nextcloud
account. Go back to the Nextcloud web app.
- On the web app, I'm going to import the backup VCF file of my
contacts. Open Contacts-Settings-Import. Select local file. (Or I
could import from Nextcloud shared files if it were there.) Doing
it… 68 vCards imported, 1 error occurred, didn't say what
the problem was. Attila the Hun has 2 vCards; this is probably the
error. They differ in the Notes field, otherwise identical. I
counted 68 cards in the list.
- Testing: I inspected in detail the vCards for Tim Wang, Attila the
Hun, Jim Carter. They had all relevant fields except the group
(called CATEGORIES in the VCF file); jimc's photo was there.
- The cards used to be all in groups. 3 groups were honored
(correctly), the rest were forgotten. Hiss, boo, I'm going to have
to set most of their groups again. [Done.]
- Very nice, you can generate a QR code from the … menu on
the top row of an individual contact page, or download just that
one vCard (or delete it). Both Android and iOS can read this QR
code and import the contained vCard.
- Adding an account on the phone, from the CardDAV-Sync app:
- Click on Add Account.
- From the list of preconfigured providers, pick CardDAV (top
- Fill out the form: server name is www.jfcarter.net:1445
(no schema, it can auto-detect the path, and the port is needed
only if nonstandard, like mine). Yes use SSL (is
preselected). Give your user
name and password as if logging into the web app. No client
cert, later try to get this working. Hit Next.
- Yes it autodetected the correct path. Pick Contacts (and skip
Recently). Hit Next.
- Pick an account title. Default would be email@example.com.
I'm appending /NC. Hit Finish. It claims to have succeeded.
- Edit sync settings: I took all the defaults.
- Not one way sync, I want bidirectional.
- Policy: phone always wins.
- Auto sync: Yes (is the default).
- Sync interval: 1 day.
- Hit Done. Yes it synced and the contacts are all here, in
groups as seen on Nextcloud, i.e. minus all but 3 groups.
- In Settings, I now have the firstname.lastname@example.org/NC account,
and also Contacts(email@example.com/NC). The latter is
a workaround for an Android design glitch. Unless you have
multiple address books from the same server, ignore it and use
the main account for sync and other management. See the
About note for more explanation.
- Back on the accounts page, remove the ownCloud account.
Setting up the Android client
is similar but not identical to Contacts.
- Log in to the Nextcloud web app. From the top row pick Calendar.
- In Hamburger - Calendar Settings, the bottom item is Show Keyboard
Shortcuts. They actually work. The top item is to import a
- In the Hamburger's pane, the top row has a date navigator; click
in the center for a calendar widget. The second row has buttons
for New Event, Today (go to it), and View (meaning daily, weekly,
monthly; click for a menu). You can enable or disable calendars on
the following rows, and the … menu has an item to export the
- The calendar starts out empty. So we can tell that the calendar
is working, create an event.
- Adding an account on the phone, from the CalDAV-Sync app:
- Click on Add Account.
- From the list of preconfigured providers, pick CalDAV (top
- Fill out the form: server name is www.jfcarter.net:1445
(no schema, hope it auto-detects the path). Yes use SSL (is
preselected). Give your user
name and password as if logging into the web app. No client
cert, later try to get this working. Hit Next.
- Yes it autodetected the correct path. Pick Personal (and skip
Birthdays, it does just fine to get this from the local cache
of contacts). Hit Next.
- Provide (or fix) your e-mail address, for sending reminders.
It uses this e-mail address for the calendar's title; you could
have edited the title separately for Contacts.
Hit Finish. It claims to have synced successfully.
- Edit sync settings: I took all the defaults except raised the
sync interval from 6hr to 1day. Long term sync (1 week) was
- Hit Done. Yes it synced and the calendar event is there.
- Back on the accounts page, remove the ownCloud account.
- Nextcloud-Desktop for Linux
This is the native
client app for Linux, which interacts with the Nextcloud server to
synchronize files. The package name, in the SuSE Tumbleweed main
- Command line: zypper install --no-recommends --download-as-needed nextcloud-desktop
- It installs dependencies, total of 18 packages. Download size
59Mb, installed (decompressed) 189Mb (oink). Without
--no-recommends it would install GeoClue (geoclue2) and 3
dependencies, as well.
- See the
Nextcloud Client Manual, starting with
Synchronization Client, for how to configure it and to use it.
- On OpenSuSE It's in the desktop app menu under Accessories.
Launch it. Later you will want to make it start at login.
- A login screen appears. Pick Login. (Other choices are Sign Up
With Provider, or Host Your Own Server, which you've already done.)
- It wants the URL of the server:
- It opens a new tab/window in your browser. Log in.
- Hit the Grant Access button. Upon success, close the window. The
result of this is a persistent cookie on the client which it can
use to reconnect on subsequent restarts, without a password.
- Back in the client setup window, it has preset a connection
between you@server/nextcloud and the local directory
~you/Nextcloud, which does not exist yet. You can change the name.
- Below that, configure sync; I took the default, which is to sync
- Hit Connect. It reports sync progress (23Mb including a lot of
product hype), then closes the window. The systray now has an icon
of a green checkmark, which is good.
- In the
out of the box installation, the largest files are
Nextcloud\ manual.pdf (12.7Mb), introductory video (3,9Mb),
Photos/Library.jpg (2.2Mb), other photos (3.3Mb total). Many of
these could be deleted once you've taken a look at them.
- If you right click on the systray icon you get a menu, including
Settings. I took all the defaults, including Launch on System
System Startup for Linux has got to mean
login because the user lacks permission to start system
services at boot time. But on Windows, a user could actually have
this process start at boot time.
- Your default presence status is offline (invisible). To change
your presence status, you can left click on the systray icon, click
on your avatar, hit the … icon, and pick Status from the
menu. (This set of pop-up windows is volatile; if focus goes
elsewhere they vanish.)
- Similarly, left click on the systray icon, and notice at the right
side of the top row a grouping of four activity icons. Click on it
and you get a menu of 7 popular apps; click on one and its page will
open in a new tab/window of your browser.
- Next to the apps grouping is a Q for the talk app. See below for
- See the client manual for discussion of a lot more features.
- You should create needed directories and deposit files in them;
they will be synced to the Nextcloud server and will be shared with
yourself on other devices, and with other users according to your
sharing settings. You can also delete cruft like product hype,
once you have looked it over. Don't delete the sync metadata.
More apps that I should investigate, once basic operation (like contacts
and calendars) are working:
- Nextcloud Office and Friends
This is the Collabora Online
- The Collabora Online Builtin CODE Server (under Integration)
needs to be installed.
The Setup Wizard tried to install it, but there was an unspecified
error. Need to try this again. Now it's installed. There are
versions for ARM64 and x86_64; get the right one.
- You could also have installed the standalone server, which is
better if you have a lot of users, because the builtin one is in
PHP so it's a bit slow, and it lacks certain large-scale features
for which it is obviously unsuitable.
- It works with the Collabora Online frontend, which is titled
Nextcloud Office. The current version, for Nextcloud-24.x,
is v6.2.1. It's already installed and enabled, from the Setup
Wizard. Its icon seems to
be a standard document symbol (rectangle with text lines and a
folded corner). So why don't I see it in my apps bar? Because
you bring it into action by opening a file of the appropriate type,
which the program recognizes by its name extension.
- Log in as nextcloud_admin. Hit avatar, settings, hamburger,
scroll down into the admin half and find Office (icon of document).
I ended up taking all the defaults. If a server is reachable you
won't have to activate Nextcloud Office.
- It says Collabora Online server is reachable.
- 3 choices for which server to use: your separate server, the
CODE server (if you installed it, I did so), or a demo server.
The CODE server was preselected and I kept that.
- I left all the Advanced settings turned off. These are
Nextcloud Office App Settings.
- There are 4 slots for global templates. All are
- It does have a personal settings page. To find
this, log in as yourself (vs. nextcloud_admin), hit avatar,
settings, hamburger, scroll down in the navigation pane to find its
line item. The only configurable item is the template directory.
There's a file browser icon, for the Nextcloud shared file
collection. Do I have any templates? It turns out that there's
a toplevel directory called Templates with a bunch of them. Pick
- I copied the
Elegant.odp template to toplevel, and renamed
it to something more prosaic, testdoc.odp (using the Rename item
in its … menu in the file browser). Clicked in its name.
It turns out to be a presentation slideshow and it opens in an
editor. Hit the X in the upper right corner to close it.
- For a textual document the extension is
.odt. To create a
new document without copying a template, the top row of the file
browser has a '+' icon. Click; the menu has a bunch of object
format choices, of which one is
new document. Click on
that. Then pick a template, and hit Create. It opens in a rich
(Under Multimedia.) This is mainly a music
player, audio and video, but I'm trying out the streaming server
feature. I installed it. For the administrator it doesn't have any
setup page, but the user needs do these steps:
- Launch Music from your icon bar (2 eighth notes). It says
No Music Found, which is correct because it only looks in
the Nextcloud shared directory.
- Hit the hamburger. Find and click on Settings at the very bottom
of the navigation pane.
- Specify the path to your music collection. The first directory
name starts with a slash and refers to a directory in the root of
your Nextcloud directory. Whatever media files are in this dir
will be synced to all your participating devices.
- I already have a music colledtion, just on one server, served by
Icecast. I had hoped to try out Nextcloud's Ampache implementation
to send it out, maybe as an improvement over Icecast. But syncing
2Gb of music tracks to each of my devices is not exactly my
preferred use case.
- A symlink to the music files, outside
the Nextcloud directory, is ignored and is ineffective (but with no
error message), because if the symlink were synced to (e.g.) a
cellphone, its referent would definitely not exist on the
- Brainwave: let's try populating the music dir with hard links to
the existing media files. But now the files are
Nextcloud directory and they will be propagated to all
participating devices. Also if a track were synced back from
another device to the server, almost certainly the old directory
entry would be tossed, reducing the inode's llink count by 1, and
replaced by a link to the newly received instance of the file,
which would remain separate from the pre-existing, formerly
multi-linked instance of the file. Again that's not my desired
I installed it on Nextcloud (as admin) and
created a task list (as the user). Now, how do I want to use it on my
phone? [This turned out to be a messy tangle with success at the
end.] I have OpenTasks (org.dmfs.tasks v1.4.2), but never really used
it. It appears to be local only; I can't see how to sync it with a
server. Following a review I spotted, I replaced it with Tasks.org
(Java name: org.tasks) based on the no longer available Astrid. Key
features: FOSS; no
ads; can sync with generic CalDAV (Nextcloud) and many others. There is
pro version on a
begware basis; I don't know what
additional stuff you get for this. Setting it up:
- It opens with a blank screen. Hit the hamburger (lower left
corner). Select Settings (at the bottom).
Not Signed In: Select a protocol (CalDAV).
- Blecch, syncing with the nonlocal provider requires a
subscription. This means a Google Play subscription, or a
Github sponsorship. The latter means you create a persistent
relation (involving money) with a particular Github account
(an individual or a company account). Details, like the amount
of payment, are not clear yet. They take credit cards, or
- Once you set up your subscription, your Server Type is
Nextcloud. The URL can be just the schema and hostname; it
will use the server's .well-known RewriteRule to autodetect
the URL of the calendar collection. It requires your userID
and password on the Nextcloud server.
- I'm not sure I'm going to use this a lot on the phone; I'm
going to defer setting up the task app. The Nextcloud app has
a generic file browser including an editor, and a media player,
but does not include a user interface for other apps such as
Tasks. For the time being, I'll use the web interface on the
phone. Which is useable with the portrait oriented mobile
device theme for Tasks.
- A new day dawns, and my CalDAV Sync app notifies me that if I
would reinstall OpenTasks (org.dmfs.tasks) I could use the
tasks calendar that it found on Nextcloud. I reinstalled
OpenTasks, and this time it found the remote tasks calendar
with no help from the user. So I now have a working Tasks app
on the phone.
This is the text, voice and video chat client. It was
installed by the Setup Wizard as a recommended app. You use it between
web app instances (in your and the peer's browser). I thought the
Linux and/or Android clients could do Talk autonomously, but they
can't. An issue for testing: you aren't allowed to talk to yourself,
e.g. on different devices (though there are rumors that that's coming
Bob as the peers who are talking,
the traditional names in cryptographic documentation. It's also
possible to create a multi-user chat room.
- Global Setup
This is by nextcloud_admin. I ended up
taking all defaults. They have some integration aspects, most of
which are not installed by default. They are:
- Matterbridge Integration: This separate daemon acts as a
bridge between any of generic XMPP, Nextcloud, IRC, Whatsapp,
Microsoft Teams, and many others that I've never heard of, not
including Zoom, Apple's iMessage or FaceTime.
- Commands: You can execute scripts on the server. A
/help command is preset.
- stun.nextcloud.com:443 is preset as your STUN server (Session
Traversal Utilities for NAT, RFC 3489, 5780, 8489), which
tells you your wild-side IP address and port if you're behind a
NAT box. Your talk protocol will tell a peer to contact you at
- TURN server: Suppose your net has a firewall preventing remote
peers from connecting to you. The TURN server executes on the
wild side and it acts as a proxy or unencrypted VPN, and the
peers connect to it instead.
- High performance backend: The
low performance signaling
server is included, but if you're going to have over 4
participants in a chat, they recommend a separate daemon. The
shared secret should be configured in this daemon and in
Nextcloud (globally). It appears to not be needed for the low
performance signaling server. Self-hosted backend(s) are
available, and Nextcloud has a partner that offers (sells, I
assume) this service.
- User Setup
Each participating user needs to set
up Talk, like this:
- Log in to the web client as the user.
- Click on the Q icon for Talk.
- Hamburger - Talk Settings. (Many apps, but not this one, have
their settings dialog in user settings, i.e. avatar -
Settings - find the line item for the app if any.) Settable
- Choose which mic and camera, if not unique. Give
permission to use the microphone and camera (and remember
the decision). The test picture is showing my face, and
if I speak, there's a bargraph showing mic activity.
- Attachments Folder: /Talk (is the default).
- Share Read-Status
- Play a sound when a participant joins or leaves the call.
- There's a table of keyboard shortcuts.
- Use the X in the upper right corner to close settings.
- Create a Conversation and Test It
- Alice, in the navigation pane, enters
bob in the top
Search Conversations or Users. He is found. Hit
'+' to the right of the box to add him to (a new) conversation.
- It is also possible to create a multi-user conversation, the
same idea as an IRC chat room or a Zoom meeting. But I didn't
test that feature.
- The conversation now exists. Alice clicks on its navigation
line item to join it. But we haven't actually started the
call yet. (Close the navigation pane by clicking on the
- Test one: there's a text entry field at the bottom. Send a
text message. Return key, or the right wedge icon at the right
of the box, will send out the message, which appears as a
pop-up on the peer's Talk window (and various other places can
be turned on). I wonder what is the maximum length, if any?
I sent 300 bytes at once and it was delivered OK.
- Test two: there's a microphone icon to the right of the text
box. The tooltip says it's for recording a voice message.
I didn't do anything more with it.
- Video Chat
- Test three: In the top row, click on Start Call. It shows a
camera and mic check picture (Yes I'm on camera). Click on
Start Call in the picture. It plays a ringtone.
- Bob does the same thing except his button is labelled Join
- When he has joined, a two-part window opens (for each) with
the peer's scene and a small instance of the sender's scene.
If both of you are in the same room, beware of echoes, which
are annoying but seem to avoid diverging to infinity.
- Along the bottom of the main scene are a microphone and
camera icon. If clicked, they mean that you don't receive the
audio or video in that scene. But the peer still receives
your audio or video. On the top row are mic and camera icons
which mute what you send out. Use these to shut up echoes.
- The Talk app does not influence DPMS. If you don't use the
keyboard or mouse for a while, the display will go to sleep.
Not impairing the conversation, just your ability to see it.
Hit the shift key to wake up the display.
- To send text during a video call, at the right of the top row
there's an icon that looks like a text message. Click; there
are several actions on the resulting pane including a text box
at the bottom. Type your message and hit Return or the right
wedge next to the box.
- In the top row there's an icon with an up-arrow, which the
tooltip identifies as Screen Sharing. One person clicks on it.
Select one window, or the entire screen (bottom of the window
list). This content is what is sent out as your scene, and
both people see it. The cursor is visible when over the
window. The icon changes to an X, meaning to stop Screen
- I got stuck in Screen Sharing once: disabled it, but the peer
continued to see the shared window (without updates). To
recover, I re-enabled Screen Sharing and disabled again; it
went back to my camera's view.
- The … menu in the top row has more actions. Most are
- Raise Hand: on other peoples' views (and your own) a hand
icon appears next to your name. And the action label
changes to Lower Hand.
- Blur background: It works, but it takes at least twice as
much CPU as sending the background as-is.
- Grid view: everyone's scene is in an equal sized
sub-window, vs. using most of the space for the peer or
- Device Settings: Do things to your mic or camera, same
dialog as in Talk Settings.
- Ending the Call
- When everyone has clicked on Leave Call, it will end. The
last to leave will hear a ringtone, until either someone else
joins, or they leave.
- There is a difference between leaving the call, and leaving
the conversation. The conversation still exists and can be
revived if participants rejoin the call later. When every
participant has left the conversation, it will disappear,
unless it has been made persistent in settings.
- Right Click
Provides a menu with actions like save, edit,
delete… (Under Tools.) Yes it works, except I think the menu
only appears in the Files app.
(Under Tools.) First, find out what it backs
up and in what format.
In summary, I already have Roundcube Webmail and I prefer it to Nextcloud's
core app, so none of these mail apps made it into production. Nor did any
of the etc. apps.
This is the mail app in the core How to set
- Each user sets it up individually, except there's an app that
presets a template for newly appearing users, which I haven't
- When you start it for the first time, it wants you to tell it
the IMAP and SMTP servers. First trying the Auto tab; it pre-fills
Name, which I take to be your full name for the From
header, your e-mail address (but you have to add the realm), and
your password, which presumably is your Nextcloud password. Is it
going to try to use MailRoute as my IMAP provider?
an error while setting up your account (but it doesn't say
what the error was).
- Trying the manual tab. For the IMAP protocol it preselects
intrinsic SSL/TLS (port 993). This is deprecated in favor of
STARTTLS on 143 (which I changed to), but it will never die.
STARTTLS on 587 is the default for SMTP. I just had to fill in
smtp.jfcarter.net for both the servers.
- It failed to contact smtp.jfcarter.net. Duh, this is just a
MX record, not a CNAME.
- I changed servers to jacinth.cft.ca.us. IMAP connection failed.
telnet jacinth.cft.ca.us 143 works and offers STARTTLS,
but if you accepted that offer, Jacinth's host cert (the one used
by the Dovecot IMAP server) certifies (various).jfcarter.net but
not jacinth.cft.ca.us, and things go downhill from there.
- I retyped my password for IMAP. Its length is the same as the
prefilled one. I wonder exactly where it came from and how
securely it's stored.
- I changed servers to jacinth.jfcarter.net. Now it connects!
- The UI shows your inbox (the whole thing, scroll through it)
including the subect and the first line of each message. In the
hamburger pane you have an option to Show All Mailboxes (to revert,
pick Collapse Mailboxes at the end). Click on
a line item and it shows the message, in HTML if
available or neatened text/plain if not.
- In Mail Settings, top posting is the default but you can tell it
to use proper etiquette on this. For encryption they encourage
you to install Mailvelope (which I've tangled with…) But my
interest is in signing mail, not encrypting it.
- I composed and sent a test message to myself. It showed up in my inbox after about 30 secs, and
Nextcloud popped a notification on the desktop. The message was
automatically classifed as
important (you can turn this
off). It was purely text/plain; HTML and MD were rendered as-is.
If there was an option to switch to a real HTML composer, I didn't
find it. I don't see any setting to have the composer include a
- From Roundcube I sent a text/html message. In the mailbox list
the HTML was stripped out (just the element's body), though the
emoji was rendered. In the message viewer the HTML was shown
properly, plus the emoji. Roundcube's Enigma plugin signed the
message, and in Nextcloud I could have downloaded it and checked
it by hand, but Nextcloud does not know how to vaildate it.
- Conclusion: this app isn't bad as a simple mail reader, but I get
a lot more, that I need, from Roundcube. Keep it simple: I'm going
to deinstall/deactivate Nextcloud's mail app.
- Auto Mail Accounts
When a new user appears, it creates a
mail account for them. (Under Tools.) Since I'm not going to use
Nextcloud's Mail, I'm also not going to install this one.
- RainLoop Webmail
(Under Tools.) Different from the core
Mail app. It's specialized for a particular commercial(?) server which
seems to be in the process of disappearing. Forget this one.
(Under Integration). It displays a welcome
message when a new user first logs in. User turnover doesn't happen on
my system, so forget this one.
- OIDC Identity Provider and Login
I think this is intended for OpenID, and I shouldn't try to improve
my single sign-on service at this time.