In May 2019, Linux Journal asked me to write a review and tutorial for NextCloud 16, and so I did. Then they shut down, so I decided to publish it here instead. Please use it!

NextCloud is the most promising self-hosted, Free/Open Source alternative for the services that companies like Dropbox, Google, Facebook or Skype provide in exchange for users’ data, privacy and more.

One installation of the Nextcloud server creates a website that supports both single individuals and large communities. Everybody with an account on that installation can then host and share files and data, read all the news they want straight from their sources, make video calls and more. All without any unaccountable entity filtering what they do, see or publish.

About one year ago, I explained “How to Get Started with NextCloud 13, and Why You Should” . In this article, I am going to do more or less the same thing for NextCloud 16, presenting some of its new features and commenting the ever growing relevance of this project in the FOSS landscape.

What you will find (or not find) here

NextCloud can host securely the most sensitive data of large groups of people, possibly connected in “circles”, while giving them (especially since version 16) many ways to work together and control what they share with whom. When connected to a Collabora Office server, NextCloud gives the same communities what is, in my opinion, the best (albeit not complete) “free as in freedom AND 100% private” alternative to Google Docs for collaborative work that you can have today.

Being a user of a large, Collabora-enabled NextCloud installation (more on this later) I can tell you two things: it works well, but an adequate description of its configuration and management procedures would fill a whole series, if not a short manual.

Consequently, this piece describes what is new in NextCloud 16, how to install it, and how to configure some of the new features of this version, for one specific use case: a single user, or a SMALL group, who want to self-host their files and data, and generally work, in a cloud that THEY own and control. Of course, what you find here is also good as starting point for more complex installations!

What is new in NextCloud 16

I would group the main selling points of NextCloud 16 in these categories: more flexible app management, better security and privacy functions, an improved “Talk” app for videoconferencing, and a feature called “Projects”, to group and label related files, chats or tasks.

All but the very basic functions of NextCloud are available as “apps”. Most of them are website components, available through any desktop or mobile browser, but a few ones are actual apps for iOS or Android devices. The latter category includes clients to sync folders and files, or read or write notes.

There is also a “guest app” that works more or less like the guest account in Ubuntu, to give limited access to some files and functions to certain users. In NextCloud 16, the administrators can also enable apps not yet officially ported to this release, to test them before making them available to all users. In general, adding an app to the NextCloud website is as simple as clicking to download it and, in some cases, entering a few general configuration parameters. For mobile apps, it can be even simpler: NextCloud 16 can generate QR codes that you can scan with your smartphone to avoid manually typing server name, user name and password.

For many people, the killer app of Nextcloud already was Talk, whose ambition is to replace services like Skype, WhatsApp or Telegram. I have already covered Talk in my review of NextCloud15 for Linux Journal, so this time I will only mention what is new in the version shipped with NextCloud 16: the user interface supports persistent one-to-one conversations, you can add chats to Projects, and share files directly from the Android and iOS clients for Talk. Last but not least, Talk 6.0 adds to its features set, or I should say “rediscovers”, commands in the traditional IRC style, like /help.

On the privacy and security front, the main news are better access control, both to files and to single apps, and better analysis of suspicious activities. By setting Access Control Lists (ACLs) both the system administrator and single users can decide who can see each file or folder. By default, ACLs settings on folders are inherited by all the files and subfolders you create in them.

In addition to that, a “Privacy center” detects and reports to users suspicious logins, showing also the approximate location of those attempts.

Installation and configuration of Nextcloud 16

All the screenshots and tips in this article are about version 16.0.1 of NextCloud, installed on a CentOS 7.6 Virtual Private Server (VPS) running the Apache 2.4 web server.

This version of NextCloud also needs a MySql or MariaDB database, and version 7.2 or higher of PHP, with a memory limit of at least 512 MB. At a high level, the complete installation procedure consists of these three main parts:

  1. create the database, and the corresponding user, that NextCloud will use to store its data
  2. install and configure PHP 7.2
  3. install the actual NextCloud software

The database is the simplest part. On my Centos VPS I only had to type these commands at the root prompt to download the server and its dependencies an make it start at every boot:

#> yum install mariadb mariadb-server
#> systemctl enable mariadb && systemctl start mariadbso

Then I started as root the mysql command line client to actually create the database, and the NextCloud user (nextcloud_db_user) that will access it:

#> mysql -u root

[MariaDB] create database mynextcloud16;
[MariaDB] grant all privileges on mynextcloud16.* to nextcloud_db_user@'localhost
' identified by 'nextcloud_password';
[MariaDB] #> flush privileges;

PHP 7.2 can be a bit more complicated. For CentOS, the NextCloud manual suggests to install the php packages, plus several other utilities, from the Epel repository. Eventually, running the exact commands described in the manual installed more than 80 packages on my server, and I had to manually fix some things anyway, as explained below. Your mileage may vary, of course, depending on the initial configuration of your own box.

Once all the required dependencies are in place, there are several ways to perform the actual installation of NextCloud. The ones I tried, and describe here, are the full command line procedure, and the Web installer.

The first method uses the occ PHP utility bundled with NextCloud. At the command prompt, move in the folder where you will install nextcloud, then download and unpack the corresponding archive:

#> cd  /var/www/html/
#> wget https://download.nextcloud.com/server/releases/nextcloud-16.0.1.zip
#> unzip extcloud-16.0.1.zip
#> cd nextcloud

At this point, you can run the occ utility that will install NextCloud with this command:

<#> sudo -u apache  /opt/rh/rh-php72/root/usr/bin/php occ maintenance:install --database "mysql" --database-name "mynextcloud16"  --database-user "nextcloud_dbuser" --database-pass  "nextcloud_db_passwd" --admin-user "nextcloudadmin" --admin-pass "nextcloudadmin_pw"

Please note the TWO accounts defined in this command: the first one is what the NextCloud software uses to access the MariaDB database created in the first step. The other (nextcloud_admin) is the administrator account of the NextCloud website, which should only be used for that purpose. Create a separate user to work in NextCloud, even if yours is a 100% personal installation!

Besides accounts, there are three things to note in that occ command. First, the “sudo” part: you have to use the user id (“apache” in my case) that runs the Apache web server, otherwise the folder permissions will not be right. Second, the path to the PHP command line interpreter: the one you see above is the path for php 7.2 as installed on CentOS with packages of the Epel repository. With other Linux packages and distributions, it will very likely be different.

The last parts of the command consists of the options that specify which database to use, and, finally, name and password of the NextCloud administrator account (that, of course, should ONLY be used for maintenance and configuration!).

Theoretically, this should be enough to give you a working installation. For me, it wasn’t. I had to create these links to make Apache use version 7.2 of PHP, and to run the corresponding version of the command line php interpreter:

ln -s /opt/rh/httpd24/root/etc/httpd/conf.d/rh-php72-php.conf /etc/httpd/conf.d/

ln -s /opt/rh/httpd24/root/etc/httpd/conf.modules.d/15-rh-php72-php.conf /etc/httpd/conf.modules.d/

ln -s /opt/rh/httpd24/root/etc/httpd/modules/librh-php72-php7.so /etc/httpd/modules/

At least part of this patching is my own fault, due to the fact that, for several reasons, I was forced to keep other versions of PHP installed on the same VPS during my test, which will continue after delivering this article.

Installing NextCloud 16 from the command line is good (once you know how to deal with the issues above) because it can be completely scripted. Please note, however, that before logging into NextCloud as administrator, you (or your script!) should also set a couple more things. One is add the domain name of your installation to the “trusted domains” in the file config/config.php:

  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => 'nexaima.net',
    ),

You also want to force connections to NextCloud to only happen over secure HTTPS connections. With Apache, this means adding this rule to the .htaccess file in the NextCloud root folder, and then restarting the server:

#> more ../.htaccess 
RewriteEngine On 
RewriteCond %{HTTPS}  !=on 
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

The NextCloud web installer procedure is simpler and requires less manual fiddling with folder permissions and other issues. Besides, it reports right away anything that may be wrong, or not optimized, in your web server and PHP setup. Therefore, unless you do want to completely script your installation, I suggest to use this method. Just run the following commands as root (assuming you want NextCloud installed into /var/www/html/nextcloud, and accessible online at https://example.com):

#> cd /var/www/html
#> mkdir nextcloud
#> cd nextcloud
#> wget https://download.nextcloud.com/server/installer/setup-nextcloud.php
#> cd ..
#> chown -R apache:apache nextcloud/

The last step is necessary to let the installer create all the files and folders it needs, with the right permissions. After those commands, load the page http://example.com/setup-nextcloud.php and follow the instructions.

Post installation configuration of NextCloud 16

Overall, working inside NextCloud 16, both as the administrator or as a simple user, seems a fairly user-friendly process, which also feels smoother and faster than in previous versions. On this front, I only have to (minor) complaints. One is that, in the administrator interface, not all settings and apps seem listed, or grouped, in the most efficient order. I had to scroll back and forth to find all the things I had to click on to properly configure email, or federation, for example.

Another minor annoyance is that a couple of times I had to log out and in again, as a user, to see new menu entries or other changes that I had just enabled as administrator.

NextCloud 16 review /img/figure-01-app-bundles.png
Figure 1: The most frequently used NextCloud apps are grouped in bundles that you can activate with one click.

The screenshots in this article show what the web user interface looks like after enabling the app bundles called “groupware” and “social sharing” (Figure 1) plus a few extra apps. The rest of this articles introduces the NextCloud 16 features that are most relevant in the scenario presented above.

NextCloud administrators, and users

NextCloud 16 review /img/figure-02-admin-vs-user-settings.png
Figure 2: The administrators (left) and user (right) NextCloud menus: remember to never confuse them!

As shown in Figure 2, NextCloud users and administrators have access to different options. As on Linux, you may create groups of users with administration privileges, but be careful, and never work as administrator unless absolutely needed.

NextCloud 16 review /img/figure-03-external-scripts.png
Figure 3: The NextCloud external workflow apps letts you process your files with any script installed on your system.

This is even more recommended with version 16 which (see Figure 3) also has an “external workflow” app that can “pass files to external scripts”, a powerful but potentially dangerous feature. As a normal user, you may be part of different “circles” (Figure 4) to better organize your work, and control who can access each set of your documents.

NextCloud 16 review /img/figure-04-public-circle.png
Figure 4: The users of a NextCloud installation can group themselves in public or private circles.

Reading and saving news and Web resources with NextCloud

NextCloud 16 review /img/figure-05-nextcloud-newsreader.png
Figure 5: The NextCloud RSS aggregator, called 'News': spartan, but functional.

In these days, you cannot get anything done without efficient ways to aggregate and browse online “news” as soon as they come, and to catalog them afterwards. NextCloud answers this need with a “News” app that aggregates RSS feeds (Figure 5) and a “Bookmarks” one (Figure 6) complete of its own bookmarklet to add pages while you read them in your browser (Figure 7).

NextCloud 16 review /img/figure-06-nextcloud-bookmarks.png
Figure 6: Bookmarks management, NextCloud style

Personally, I find the RSS app (also available for mobile devices) adequate, and the Bookmarks one a bit too limited for power users. One reason is that you have to cut and paste the text in the description by hand. Besides, you can only display bookmarks in chronological order. Finally, I feel that the list of tags in the sidebar of Figure 6 would not be practical to use with more than a few tens of tags.

NextCloud 16 review /img/figure-07-nextcloud-bookmarklet.png
Figure 7: You can directly add bookmarks to your NextCloud with the dedicated bookmarklet.

NextCLoud calendars!!

NextCloud 16 review /img/figure-08-nextcloud-calendar-entry.png
Figure 8: Adding entries in one of the calendars you can define in your NextCloud account...

The other things no one seems able to live up is online calendars. Nextcloud delivers that too. The interface to add entries (Figure 8) works as expected, and you can handle, import and export different calendars (Figure 9), in ways that should be adequate for everybody but very, very busy people (those who should slow down and relax anyway, rather than getting a better calendar interface…)

NextCloud 16 review /img/figure-09-nextcloud-calendar.png
Figure 9: ... and this is what your appointments look like in the NextCloud calendar.

NextCloud file storage and sharing

NextCloud folders let you store and share files of all sorts (including, as I showed last year, your own microblog!) and access from one interface all your accounts with several independent providers of online storage. In theory, at least. In NextCloud 16, I found sharing among users of different NextCloud installations easier to do than last year, and working smoother. With connections to Google Drive accounts, instead, the opposite is true.

NextCloud 16 review /img/figure-10-sharing-federated-cloud.png
Figure 10: The options available for sharing clouds and user directories among independent NextCloud installations.

Nextcloud installations can federate, that is share among themselves for transparent cooperation, both folders and user directories. These features must be first enabled by the administrator (Figure 10), who can also define “Trusted servers” that can share user directories. The same applies to “External Storage” (Figure 11): first, the administrator decides which connections are allowed, and how. Then, each user can add her own storages.

NextCloud 16 review /img/figure-11-setting-external-storages.png
Figure 11: Connecting folders on different NextClouds? Easy. Not so for Google Drives.

As I said, I also have an account on the big, Collabora-enabled, NextCloud-based service called CommonsCloud (disclosure: I am a Board Member of the Free Knowledge Institute, one of the partners of that project). Figures 12 shows how I shared a folder on that installation with my own account in my own personal NextCloud (marco@nexaima.net):

NextCloud 16 review /img/figure-12-sharing-with-other-nextcloud-userscts.png
Figure 12: When user directories are connected, the users of a NextCloud can easily find each other.

The user account to type in that fields is what NextCloud calls “Federated Cloud IDs. You can find what your ID is in the settings of your account. The result is shown in Figure 13:

NextCloud 16 review /img/figure-13-shared-nextcloud-folders.png
Figure 13: Same folder, accessible in two different NextClouds.

The FKI folder in my own private NextCloud (on the left) is nothing else but a transparent link to the original FKI folder visible in my CommonsCloud account (on the right). Cool, huh? You can play the same trick with every using a NextCloud server, or any other service adopting the Open Cloud Mesh protocol (as long as their administrators enabled this feature, of course).

With Google Drive, unfortunately, things are not so simple. To enable their users to access their own Google Drives from their NextCloud folders, NextCloud system administrators must obtain a valid OAuth key through the Google Developers Console As of May 2019, this whole process is not well documented on the NextCloud side, and not straigthforward enough on the Google side: to obtain a key, besides (obviously!) identifying yourself, you have to tweak the configuration of your NextCloud website [8], and then wait for Google authorization, or requests to provide more data. Google is right to be cautious, but… Overall, the whole process is complicated enough that it may not be worth the effort, for a single user or small group.

Email in NextCloud

NextCloud 16 review /img/figure-14-nextcloud-mail-app.png
Figure 14: The native NextCloud webmail app.

Maybe you hate it (I don’t!), but don’t expect email to vanish from your digital life for a few more years, at least. NextCloud 16 knows this, and that is why you can read and send email from inside it. Beware! To get a complete email service, of course, you still need to have a pre-existing, working email address, either from third party providers, or running your own email server. This also means that your mailboxes are NOT archived inside NextCloud, but in the email server, whoever that is!

NextCloud 16 review /img/figure-15-nextcloud-rainloop-app.png
Figure 15: Composing an email with the NextCloud version of Rainloop webmail.

This said, Nextcloud 16 offers support for at least three different webmail clients. They are, in order of complexity and completeness, a native app [Figure 14], a NextCloud-app version of Rainloop [Figure 15], and an interface to Afterlogic [Figure 16]. The latter two client need to be enabled and configured in the administrator panel before normal users can access them, but it only takes one minute.

NextCloud 16 review /img/figure-16-nextcloud-afterlogic-email.png
Figure 16: The Afterlogic webmail interface, running as a Nextcloud app.

The native app works, even if it sometimes does not shows the messages in a mailbox, unless you move to another mailbox and then go back to the first one. Its main limit is that, unlike the other two clients, it only supports one email account. Its biggest advantage is that it is the only one of the bunch that is connected to the “Contacts” function of NextCloud. If you install Rainloop or Afterlogic, instead, you can define as many accounts as you want, but you’ll have to re-enter any contact you have in THEIR address books.

Besides, to use Afterlogic’s interface, you must install the full package separately. On the plus side, making that extra effort means that you will still have your own webmail, even if NextCloud breaks. And this is the reason why I prefer Afterlogic as NextCloud email app. If only there were a way to have its address book automatically synchronized with NextCloud’s own contact list, it would be perfect. I will look at the code and see if I can implement it in some way as a cron job, but if you have any suggestion, please raise your hand!

Nextcloud Deck and Projects

The last feature of NextCloud 16 I want to highlight is the combination of its Task and Deck apps with the new “Project” feature. The Task app is just what its name says, that is a tool to create and organize lists of tasks and sub-tasks, each with its own priority, deadline and associated categories.

NextCloud 16 review /img/figure-17-nextcloud-deck-board.png
Figure 17: A project management board in the Deck app: each set of tasks is a stack of cards, each with its own responsible, tags and deadlines.

The Deck is what you see in Figure 17: a kanban-like interface in which you can define personal or shared boards, each containing several stacks of cards. Cards are similar to tasks, in that they have tags and timelines. However, unlike tasks, which are personal, cards can be assigned to other NextCloud users. In other words, the Deck supports collaborative group work, Tasks don’t. If you need the Deck, then I would suggest to NOT use the Tasks app at all, in order to have a unified view of both your personal and team work. Both Tasks and Deck boards, however, can be associated to “Projects” as shown in the bottom right corner of Figure 18:

NextCloud 16 review /img/figure-18-nextcloud-projects.png
Figure 18: Resources of different types (e.g. files, or Deck cards) can be grouped under common Projects labels.

In my opinion, calling this feature “Projects is a bit misleading, if not pretentious, at least in this release. In NextCloud 16, a “project” is just a common label that you can assign to tasks, chats, contacts, files and Deck boards that are all related to one specific project (of course) on which you must work. As a Nextcloud user said, “It would be nice if projects had their own icon type and a project admin app to tie things together.” As things stand now, if you want to see all the components of a project, you must first find any one of them, as I did in Figure 18 with the “OSCE 2019” board, and then click on its details. However, the NextCloud roadmap does foresee better integration of Deck, project and other apps in the next releases, and I really look forward to that. Even now, by grouping and connecting many elements and activities under one roof, NextCloud 16 may be all you know to keep all your tasks under control, in a very time-efficient way.

Conclusions

Before drawing some conclusions, here are two bits of practical advice. First, take your time, especially if version 16 is your first use of NextCloud.

Depending on which distribution you use and how you had configured it, NextCloud may be tricky to set up: if you have any chance to do it, I recommend to install a first time just to get familiar with it for a week or so, and then reinstall everything from scratch, with all and only the RIGHT settings and apps.

One reason why I say so is that it sometimes seems to me that NextCloud suffers of what I call “the Drupal curse”, or syndrome. I have a long standing love-hate relationship with Drupal, because I feel that Drupal makes very complex things always possible, but relatively easy things unnecessarily hard to do. NextCloud still gives to me that same feeling, sometimes.

A second advice is to avoid apps creep. NextCloud apps are like WordPress plugins, or Drupal modules: a lot (over 200!), each with its own roadmap and, sometimes, dependencies. It is obvious, but it is easy to overlook: what is not there cannot break. The fewer apps you install, the smaller the probability that one of them stops working (in the best case) when you update NextCloud.

With these caveats, I really like NextCloud and think it is one of the most important FOSS projects of our time. Partnerships like the one with Nitrokey, to secure private clouds with 2FA and open source encryption USB keys, make it even more interesting.

Today, the main real limit of NextCloud is not its fault, and is the refusal of interoperability by the providers of proprietary services. The simplest example of this problem is NextCloud’s Talk: use, and please make others use it as much as you can, but as long as you cannot use it to call Skype users, it cannot be your only voice-conferencing software.

Final thought, and wish: if I won the lottery tomorrow, and could thus donate a lot of money to (among other things, of course) FOSS project, here is what I would fund for NextCloud:

  • maximum integration of all the apps mentioned here with each other
  • complete, turn-key email server package, to work as backend for the email apps
  • above all: infrastructure to provision and manage personal NextCloud appliances as a service, each with its own domain name.

I am convinced that there are both a huge market and a huge social need for something like this, with NextCloud at its core. Getting a personal, totally portable NextCloud must become as easy as getting a Facebook or Google account. To see why I think so, please have a look at my Percloud proposal, try NextCloud yourself, and then let me know your opinion!