First if all, it wants to do everything and does none well (or better than specialized apps)
Its internals are a shitshow - a question about getting the real IP of the calling client raised a 10 pages discussion where people said "it works" and other days "it does not". The "solution" required you to change a volatile setting within the docker container (and do it again when the container changes)
Finally the upgrade is insane. I once tried to upgrade my installation, was told that n+2 upgrades are not possible (fair enough) and ... the installer destroyed the database. What a piece of crap. Thanks god for backups.
I've run Nextcloud for almost 3 years now via docker on a vps , it hosts my contacts, calendars and files. There is a apache reverse proxy in front of it, and a postgresql-database in the back.
Not once had I any serious issues updating when pulling new updated images.
Occasionally it whines about missing indices, but that is easily fixed using the occ command line tool. The clients real IP is forwarded by the proxy.
What I want to say is just that Nextcloud works fine.
I have also found that if you stick to the core functionality it works fine.
As soon as I started to add apps from the store it starts to be a pain. An upgrade comes out and you’re stuck on that version until they all update, OR you update not realizing and lose the functionality for some time.
Since I self-host a bunch of apps, it made more sense to use different apps dedicated to those features, like Miniflux or Navidrome. Not for everybody though.
I ran NextCloud for some years, just for the file sharing. I was the only user. About every third upgrade cocked up in some critical way that required bespoke DB fixes. Twice I basically blew away all state and recreated my entire file store from scratch from a backup because it was easier than fixing the install. Worked for me but is infeasible for any larger install. I tried using the office functionality for one document and I lost the document entirely on an upgrade because apparently the mirroring as a file is an illusion and the real office data is stored buried in the database in a way I never did manage to recover; I ended up just recreating the document. Thank goodness it was just the one document.
It is constantly screaming for upgrades but I don't know what they are doing with those upgrades because it doesn't seem to make the core any more reliable. It's just an opportunity for the upgrade to fail and lose data, which it frequently took advantage of.
The key thing that really annoyed me is that I couldn't hardly have used it more lightly than I did, and it took about every other opportunity to fall over and lose data. I can't even imagine the plight of someone trying to run this in an office environment.
You haven't necessarily gained anything by going to managing standalone apps individually, though. You've removed the unifying layer, but you're now having to keep up with the app versions and upgrade them individually by hand instead of letting the unifying layer handle it.
It's really just those three steps in a loop, nothing fancy
SHOT_TIME="$(date +'%Y-%m-%d_%H-%M')"
for dir in /docker/*
do
cd $dir;
btrfs subvolume snapshot "${dir}" "/docker/.snapshots/$(basename $dir)-${SHOT_TIME}"
docker compose pull --quiet
docker compose up -d
done
I mount a btrfs subvolume at /docker, and create a .snapshots subvolume inside.
Each subvolume is an app and its dependencies, you want everything snapshotted as one. This is probably the biggest pitfall, if you don't take that snapshot of all the pieces.
> Not once had I any serious issues updating when pulling new updated images
I've run it for about a year until the upgrade tipped me over. I am sure that correct upgrades (n to n+1) are fine - I tried n to n+2 and instead of explaining to me that this is not possible, Nextcloud explained to me that this is not possible and fucked up big my install. I had to recover from a backup.
Strange, my experience is that, if I don't upgrade in a while, the automatic updater goes to the next version, and after installing it it tells me there's another update and so on. Or maybe you didn't use the built-in updater?
I don't understand why this attitude is so prevalent in the tech industry. The person writing the upgrade script knows if upgrades can't support n+2 jumps and it takes about 30s to build in a check:
if(target_version > current_version + 1) // not allowed
It's more work to add it to the docs than it is to put a fail-fast check in the upgrade script, so why put it in the docs where 250k+ admins need to be aware of the limitation and avoid it?
It might be creating 100k hours of waste on the sysadmin side to save 30m of work on the dev side. I just don't get it.
This is, of course, exactly what Nextcloud does. It will most certainly refuse to run and break your system. And yes, it also refused that 3-4 years ago.
Not saying it never breaks anything, but since 2016 we for example check PHP versions and other infra to not update to a broken system. We rewrote the updater in 2016 for this purpose. It's possible this has had a bug at some point of course - but it is more likely that the original poster who had this issue had this in the ownCloud times before 2016.
So they told you that’s not supported and don’t do it. You then did it and seem surprised at a bad outcome. And you’re blaming the software and/or vendor?
Seriously do you think that for software that manages data the proper way is for someone who starts the upgrade process to say "this is not supported, and now we fucked up your database and you cannot recover from that"? They knew that I was upgrading N+2, this is not a surprise - and I did not realize that upgrading N+2 is not supported.
The proper way would be to abort the upgrade upon discovering that I am going for an unsupported way.
I don't understand how commenters here can seriously argue this. There should be no UX for "oh this is not supported? Eh give it a shot anyway, I don't care about literally all my files".
If you don't support upgrading, don't expose that in the UI. There's no excuse for having UI that will let the user do something unsupported and then screw up their data.
It's risky business, though, as code of course gets reviewed a few times (at least at Nextcloud). If it gets detected once ppl are put on notice. If somebody can squirrel out that the code came from a competitor, a lawsuit is waiting... And just imagine the bad publicity it causes.
Besides that, it is unethical and I wouldn't want to work at a company that pulls such stunts. I think a lot of people wouldn't. It'd be hard to keep secret, too, I mean, 5 years later the employee that was asked to do it works somewhere else and BOOM.
So all together, I think it's extremely unlikely to happen.
I CAN imagine a disgruntled ex employee or angry employee at a competitor would pull something like this. We have seen employees at a competitor create social media sock puppet accounts to spread FUD about us - but management at the competitor put a stop to that once we notified them.
After using Nextcloud for a while i stopped, since it was to buggy, and always took an eternity to load simple pages like the dashboard.
So i decided to switch to dedicated services, instead of using nextcloud to handle everything.
For images i can recommend Immich which is a new open source project specializing in storing your images with local AI support. I can highly recommend it.
I had version 17 installed, I wanted to upgrade to version 20.
I launched the container for the new version, but got an error: "Exception: Updates between multiple major versions and downgrades are unsupported."
I then tried launching the container for version 18, which should be supported, which initially seemed to succeed! However, I was greeted by "Internal Server Error" in the web UI, since apparently instead of just quitting, the initial upgrade had ruined the DB schema.
After restoring version 17 from backup, migrating to 18 and onwards, then trying to register my local apps with it, I then got CSP errors in the console when signing in. After manually editing the configuration file (which you seemingly can't do through environment variables) that seemed to be resolved.
Then, I tried syncing my local files but realized that the size of all of them is suddenly 0 KB. The files would show up in the web UI, but the size would be 0 KB. I had to rename the files a few times, which eventually fixed that, no matter how odd.
Finally, I realized that trying to open any of the pages in the web UI would take around 3-10 seconds. It seemed that there was a bug in the Talk application, disabling which then gave me the expected performance, even if it affecting how the Files application works also seems odd.
I like the utility Nextcloud provides me, but despise updating it. At this point I just stick to the core apps and wipe the whole thing when I need to update to something newer, manually carrying over the files I want to sync in the new instance.
Oh, also, out of the box the DB file locking configuration causes large file uploads (a few GB) to just hang, in a way where I cannot delete them. I had to disable locking altogether.
Honestly, it's just weird. If you need 1000 SQL migrations to go from version 1 of your software to version 20, just include all of them and don't mess around with disallowing migrating across multiple major versions. Same for any changes that might impact the persisted files on the FS. Just have updates be one continuous, long stream of patches, applied sequentially. If you do that and have sane defaults, you're good.
To not be overly negative: it's good that Nextcloud exists, is free, has a somewhat nice ecosystem around it and both the desktop apps and the phone apps for iOS/Android are okay.
I remeber having some issues when I first attemped running a Nextcloud Docker container years ago. I don't know it it was because it was one of my first times with Docker or if it was Nextcloud that was screwing-up, but a native (non Docker) install solved all my problems. Was rock-solid ever since, up when I retired it recently due to unrelated reasons.
Maintaining a server can be a pita, and not upgrading frequently is both a security risk as well as problematic from a stability pov.
My recommendation would be to use our All-in-One docker image. It takes care of updates and is supremely easy to use, plus likely to bring nice performance benefits as it has all this stuff that makes it fast like the HPB for Files.
I can't speak to the other points you made because this has always stopped me from investing in it. What I need in my stack is a focused Google Docs alternative, but every time I've installed it (3-4 times at this point) I'm quickly overwhelmed by the quantity of stuff it includes and by how complicated actually setting up the Docs replacement was (at the time the recommendation was to install Collabora and link it up with Nextcloud, which I never could get working).
What I did see out of the box was a slow and bloated web portal, a bad calendar, a bad video conferencing app, a file backup solution, and a terrifying app store filled with add-ons that may or may not be maintained. Oh, and now it looks like they have an AI assistant?
I'm honestly relieved to see this here and know it's not just me. I ended up going with Seafile for file backups and have been very happy with it, though I'd still love to find a focused collaboration tool I can run.
> I ended up going with Seafile for file backups and have been very happy with it
I went through probably dozens of solutions and ended up with Syncthing for synchronization of data (it requires understanding how it works but once you do (usually an eureka kind of moment) this is a very powerful system.
For me using synchronization software (Seafile, Syncthing, ...) to do backups is dangerous. Borg is a very good solution (or Restik, or Kopia)
>> What I need in my stack is a focused Google Docs alternative
> Try Etherpad (https://etherpad.org/)
He should better use OnlyOffice, Collabora or Cryptpad office suite. The Cryptpad server is the only one which is not a nightmare to install and setup.
I like Etherpad very much, but it is very lite as a Google docs alternative. Collabora, Only Office or the Cryptpad suite are better, but from the 3, the cryptpad server is the easiest to install.
> For me using synchronization software (Seafile, Syncthing, ...) to do backups is dangerous.
Yep. Just synchronisation on its own for backup is at best better than nothing, a first step. It fails to protect from at least three very common occurrences you need backups for: accidental deletion, incorrect update, or corruption - the broken data is quickly synced everywhere. Adding snapshots and regular integrity checks is essential.
I guess to be clear, I do both—the central Seafile server is backed up by Borg.
Seafile has file version history, so it's more than pure syncing and has so far been sufficient for backups, but I also run it on site so it's not safe in that sense and the data matters enough to be worth redundancy.
Ah ok, same as me. I gather data from other places with Seafile to a ToBackup older (with a subfolder per system) and this gets backed up together with the main server key data.
On that topic, it’s amusing to see when the “are we a product or a platform?” confusion jumps from its native host (publicly listed tech corps) to FOSS projects – different species altogether.
The idea of owning your own server just like any other device like laptops, smartphones and tablets, is just wonderful. But that means Linux! And Linux is absolutely infamous for poor application distribution (well technically the Linux distros). So now people make their own half-assed “app stores”, which is infinitely worse.
We would need a platform spec so that application developers can publish, users can discover and deploy, and platform providers can implement against a shared spec. That would be such a major step away from the surveillance economy and towards data sovereignty.
Maybe I misunderstand what you're suggesting, but aren't containers pretty much that application platform? Or stuff like Helm, when you're talking about larger, more complex deployments? I imagine Nextcloud needs at least a database, web server and the ability to send emails, and possibly some form of backup and high availability if you really want to rely on it. There are a lot of non-trivial ways to skin that cat.
> Maybe I misunderstand what you're suggesting, but aren't containers pretty much that application platform?
That’s right. And for UI, web is the obvious choice. But it’s not an application platform alone. You need at the very least file systems and networking/routing over https and maybe lower level protocol support too, that apps can use/discover without having to have a phd in Linux configuration. But to be truly useful, you need a lot more stuff wrt identity & auth, server-to-server networking, service discovery, cross-app communication, etc. Something more like Dokku probably.
> Or stuff like Helm, when you're talking about larger, more complex deployments?
Well fortunately you don’t need to open the Pandora’s box of consensus problems for a personal node (again like any other device). Also too much Yaml to make it sane probably?
> We would need a platform spec so that application developers can publish, users can discover and deploy, and platform providers can implement against a shared spec.
That's been tried with Linux Standard base, but it seems 'standardise on glibc 2.31 and Qt 3' is not a viable way to describe system dependencies.
Such a spec also doesn't exist for Windows or macOS systems.
If you target 'living' operating systems you need living applications that are updated to keep working. We're well past the point you can assume some 20 year old binary will work unless you're running it in an emulator.
Microsoft is so committed to backwards compatibility for Windows that you are very likely to be able to run 20 year old binaries without any heroics. They don't need any kind of platform spec, because they put in serious work to maintaining that kind of compatibility.
Honestly I realized I don’t need a web editor to change the documents, I just needed the documents on whatever device I was using. I set up syncthing to sync my Documents folder with a whitelist for specific directories and a $5 vps lets me get access to whatever documents I need. No need for a domain name and web ui when it’s all desktop apps all the way down.
For collaborative editing LibreOffice Writer has a collaboration feature. Otherwise I’ll send a copy via message service of some kind (email, txt, chat, whatever) or download a copy to my Documents folder if someone sends me a google docs link or whatever.
Does LibreOffice now allow collaborating on one document at the same time? I can use local synced files for most things, but when I need to work with my wife on a document together I always have to fall back on Google.
<< I'm honestly relieved to see this here and know it's not just me.
In a way, I have the same feeling. I really wanted it to work, but the install ( in my case via unraid ) broke multiple times after I started doing anything outside the basic functionality.
Eventually, I gave up on it and moved to dedicated apps for each portion I wanted and I have not looked back.
edit: syncthing for file sync
wps-office for general doc work
photoprism for pic library
Look, it's not without its quirks, but it's pretty reliable. Speed and responsiveness can be further upped by using an in-memory cache like Redis/Valkey.
Nextcloud can try to be everything it wants, but as users we can ignore that and stick to file-sharing/online/cloud storage.
If one is using it primarily for file storage/sharing, it works reasonably well. We have ~1TB of Nextcloud data on an NFS share (itself snapshotted ZFS), backed up to B2 regularly.
If something happens to a Nextcloud server (and it has), restoring the data is as simple as recreating the users and copying over the data directory for each user (provided you're not using it for calendaring and such). A quick OCC command to re-index user data and we're back.
We haven't had any issues running the docker image (orchestrated via HCP Nomad).
We have also helped a friend run Nextcloud for their small non-profit, as a snap on an EC2 instance in AWS. It keeps itself up-to-date and has been pretty-much problem free for years. EBS Snapshots cover backups there.
I run my own nextcloud server now for over 5 years. There are some frustrations like the photo app which is uselessly slow.
But for the files sync, contacts/calendar and some other apps it works well.
It _does_ offer a million different things and some of those are half baked but the core functionality (a dropbox-like file storage) is decent in my experience.
Updates have never been an issue. And honestly I am always a bit surprised by that. I don’t update to a new version right away but when I’m ready, I change the version in the docker compose, pull, re-up the container. It performs the database migration and brings up everything.
Never had an issue after using it for years. Not sure what your exact setup is, but it’s certainly not a nightmare to use.
The file syncing is not very good either. It's based off WebDAV and very slow. If you only have a few files it's workable, but it isn't competitive with Dropbox, SyncThing or any of the popular alternatives.
I've noticed issue with older hardware. After a recent upgrade to modern hardware (LAN based), all performance issues have been resolved. Currently serving to >30 devices, including 4K media to multiple endpoints and 100Ks files.
It is also workable if you have more than just a few files. I sync several GB of data, books, papers, notes, photos, videos, etc. Constantly changing and it has been pretty fast. Webdav is just the interface used for external services that support the protocol. Which may not be the best tech but it certainly is supported by many, many apps and services. I cannot connect a random e.g. pdf reading app with Syncthing and maybe not with Nextcloud directly but certainly via webdav.
Nextcloud's "internals are a shitshow" because Docker's networking stack prevents it from getting the IP of the calling client? That's an unreasonable take. Why single out Nextcloud here?
I found keeping it in docker makes it less of a nightmare, but it's definitely not something I'd trust with anything important.
There's like dozen scenarios where you end up with 0 byte files with no warning, error, etc. Sometimes it's an uploading issue, sometimes it's a syncing issue, etc. And they are still open, mutli-year, issues.
I ran into a version of it where existing uploads were replaced with zero byte versions, so I had to manually run a script to find them and I restore a pervious version. If it tried to do other things, like photos, document editing, collab, etc and did those poorly that would be fine. Failing at the most central task of just storing the data is not. It's still alpha quality, and if one intends to use it, it's critical you setup monitoring infrastructure to ensure file integrity (backups should go without saying).
This might be true but I finally deployed nextcloud for our co-op because I couldn't find any other solution to easily have a shared calendar with granular permissions to accounts I assign for write privileges, but also a dynamic ICS file download endpoint I can publicly expose. I tried a couple other caldav servers and none had this. So it does at least one thing better than specialized apps, which I typically prefer to use.
I handle several nextcloud instances, one of them updated from owncloud, I'm very happy, it does a lot of stuff well and when you need specialized software you can because it's just files. Updates have been painless.
That's cool! Other people have had problems with it, and losing data is bad enough that it outweighs good experiences, even if they are a majority. So it's a good thing that people share their less positive experiences rather than just "it works fine for me", as one is more actionable than the other when we are discussing a "home cloud" solution.
Running it on k8s has similar issues. I only used it as sync for my obsidian notes with occasional (maybe once a month) access to those notes via web ui. I wasn’t happy with how it would reformat my notes on save.
Sync thing supports encrypted storage in VPS and is trivial to run in k8s and it’s been much better for my needs.
With AIO upgrade is a piece of cake. -- For us, Nextcloud is a godsend, some things could be improved, true, but they are improving; we are more than grateful for this comprehensive software. Much less hassle (and even less expensive) than Microsoft before.
Last week, I noticed that one of my contacts had an invalid date for their birthday. Try as I may, I cannot get Nextcloud to recognize 1/5/2000 as a valid date.
Wait until you see the "solution" for dealing with the client mangling timestamps [1]. After you've been burned by server updates, and then burned by client updates, with solutions that push the problems onto the system admin, you start to wonder if using it in the first place was a mistake.
IIRC, part of the reason they forked was because OwnCloud wasn't moving fast enough. My experience makes me think OwnCloud might have been right.
> First if all, it wants to do everything and does none well (or better than specialized apps)
Yep. And any extra apps beyond the default just make upgrades go sideways. I've given up on it. Using syncthing instead (just for file syncing) and haven't looked back. It's not my favorite either, but just because it's a pain to configure. Once configured, it's been rock solid.
> Using syncthing instead (just for file syncing) and haven't looked back
After giving up on Nextcloud I tried syncthing too - hated it - and most of that time was pandemic and not like I was syncing outside of my own home network.
Went back to dropbox instead (just for file syncing) and haven't looked back.
The insane thing when I tried to update Nextcloud, was that it kept timing out the download because it was too slow, and then required me to delete the upgrade in progress file in order to try again...
Nextcloud ate my data on a single user installation with no fancy settings turned on, with no upgrades attempted.
The sync client on desktop said it was fully synced. Only 200GB of 800GB was on the machine.
It’s some of the worst software I have ever used. It’s the pentagon house with the inverted roof built with the two-clawed hammer that eevee described.
I had a similar experience with ownCloud. Regularly, file uploads were timing out, leaving the database in an inconsistent state (apparently), which then later caused the files to be deleted on my desktop where the files were coming from. I'm still not sure why I put up so long with it. It was a slow mess, especially on the single-board computer I ran it on, and SyncThing was a breeze compared to it, with no data loss at all (and much faster on the same SBC).
> The sync client on desktop said it was fully synced. Only 200GB of 800GB was on the machine.
Did you read the manual? It is recommended for such size to do the first sync using rsync (or similar) followed by the CLI command to build the files database.
A service that manages data cannot fail on such things. Nextcloud could refuse this first sync and point to solutions but losing data just "because the manual says rsync" is not acceptable
I started using Nextcloud first to have an alternative to big-tech in case Google locks me out of my account, and then it became my daily driver. It's fast, private, and has mature clients for all major desktop and mobile platforms. Together with OnlyOffice, it's a good-enough substitute for Google Docs Editors (the office suite) for non-collaborative editing.
I love self-hosting but file storage is one thing that I don't want to risk. I've been paying for Hetzner Storage Share [0] happily to save myself the headache.
If you want a different hosting provider, Nextcloud now has Simple Signup program[1] which helps new users to sign up for a free plan with a provider near them, offering ≥ 2GB of storage. You can also browse the entire list if you want to pick one manually.[2]
The desktop clients are anything but “mature”, and the whole point of GDocs is collaborative editing. If you don’t want to collaborate, syncthing works fine and doesn’t need a server.
> the whole point of GDocs is collaborative editing
Strong disagree. Collaborative editing is one of the major points but not the only one. For me and I believe many others, being able to view and edit my documents in a web browser is a huge convenience.
(Speaking of collaborative editing, OnlyOffice too supports it. [0] However, you might need to setup a standalone “document server” [1] if you’ve a lot of collaborators.)
I supported a NextCloud + OnlyOffice server for 4 years for a 100-person company, and have since moved to Collabora Code (which has been running for ~2 years now). IME Code has better performance, is easier to upgrade, provides better compatibility with MS Office (since it's basically LibreOffice with a web UI), and is easier to integrate with (I wrote some integrations for a couple of internal systems and it's been a breeze).
Good to know. I’ve been sticking with OnlyOffice only because it’s supported out of the box on Hetzner [0] (as in, I don’t need to setup and maintain any “document server”). Surprisingly, this is what they say about Collabora:
> Due to performance reasons, we cannot support the built-in version of Collabora. So if you still want to use Collabora, you will need to provide your own server. You could use, for example, one of our unmanaged dedicated root servers or a Hetzner Cloud server. You can activate Collabora via the App Store, but you will need to use the other server for data processing. You as the customer are responsible for configuring this server yourself in the app's settings.
If you start on a free plan but then ultimately switch to another provider do you have any idea of how hard it would be to export and import all your tasks, files, etc?
I have moved twice now. First from my raspberry pi to cloud and the second time between cloud providers.
There might be other ways but you can share folders between Nextcloud instances.
I have shared my whole nextcloud from the old one to a folder in the new one. Then in the new instance you copy folders from the shared drive to your new instance. For ~300-400 GB in takes a moment and I do some spot checks, but after half a day it's done. And you don't actually do things, you just wait that a folder copy finishes, check and then start the new one.
There might be more automated ways, but this worked for me.
Files are files so you can download them to your computer and upload them to the new provider. Unfortunately I am not aware of any direct provider-to-provider sync.
Application data depends on the app. For example, Notes [0] save your notes as Markdown files so you can move them (along with your files) wherever you want. However, News [1] don't and don't have export/import features at the moment either [2].
Nextcloud as a file storage solution and a non-collaborative office suite is great, but I cannot recommend its apps the same way. They are very convenient to install, but the quality varies a lot in my opinion so evaluate before you adopt.
> I've been paying for Hetzner Storage Share [0] happily to save myself the headache.
Assuming you start with NX11, which has 1TB storage, and before hitting the limit you want to upgrade to the 5TB storage, NX21.
Can you just call Hetzner and tell them they should upgrade your NX11 plan to NX21 in-place, or will you have to order NX21 and then move all the data over to the new instance yourself?
Scalability
Stay flexible with your Storage Share. Regardless of how your requirements change over time, you can upgrade or downgrade your Storage Share in a few quick steps and without worrying about data loss. Simply switch between the Storage Share package size you need by going to your account on the konsoleH, and then to "Account type".
It's nice to see that they also offer the ability to downgrade.
I'm also having that problem right now, my solution so far is to host an elasticsearch server somewhere else (at home on an old laptop via a tuns.sh ssh tunnel)
A common misconception IMO is that running and owning your own infrastructure is somehow more secure. To that I lol, and I’m confident that the thousands of AWS/GCP/Azure/iCloud security engineers are all doing a more thorough job than you can. At the very very least they receive embargoed bugs which they often mitigate before the general public.
One doesn't have to expose it to malicious actors. It is most-useful that way, sure. Mine is at 10.27.0.68. Have fun, hackers!
Also, I lol at most CVEs. Butterfly farted outside, oh uh.
Take the top one:
In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.
You mean to tell me a few minor point releases imitated umask, making world-readable [and possibly added writable]? Oh no! The tragedy! Keep in mind most clients are single user systems anyway.
Judge them on their facts, there are vulns and then there are vulns. CVEs are a sign of attention on a project. No more or less.
I find that one concerning in an enterprise setup (which they target). Or the fact that the desktop client has 999 open issues. Or that the last version silently takes you off the stable channel. I could go on … Nextcloud desktop has severe quality control issues.
Yeah, one CVE is literally "You can use the MacOS variant of LD_PRELOAD on the client to hook libc calls! Oh no!!" This is a bogus CVE; any application can perform arbitrary actions when its system calls are hooked, but it requires such a strong threat model that the adversary realistically gains no ground by doing so.
("A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment")
Yeah, it's strange to me that's a CVE. That seems like "working as intended" if I, the owner of the machine, want to load other libraries, why shouldn't it respect that?
Your right of course. No way an individual can compete with an army of specialists.
But for some of us it is a bit of a hobby to run our own infrastructure. And some of it only ever runs on a private network.
I rolled my own docker setup for Nextcloud a few years ago, and couldn't be happier with the outcome. It does require me to log in and update the system and setup from time to time, but that's just a good time to drink a hot bevarage and listen to podcasts in my mind.
For anyone hosting their own instance, Nextcloud offers this scan[0] of your public facing url which might come up with something worth fixing.
"Do everything" solutions go against the principle of minimizing the attack surface.
EDIT: More is not always better in security. With more people doing more things, the statistical odds of miscommunication and misconfiguration increases.
As well as if this reflects a systemic issue with the codebase or if it is just getting much needed attention from security researchers. More CVEs can just mean they're cleaning up after vulns really well. But at the same time, if they have critical vulns over and over again, that might indicate bad coding practices or carelessness.
Generally you use these disclosures to make directional decisions about infrastructure. The list of fixed and disclosed CVEs combined with the legacy PHP code base doesn’t really pass the security sniff test. You really wouldn’t know for sure without doing a full code audit.
>A common misconception IMO is that running and owning your own infrastructure is somehow more secure.
If done properly cve-s don't matter that much. You create a headscale install on a pi and the headscale port and your router's ssh (key only) are the only things visible from the outside. Take any other than a home router - aka something with support. And you are done.
I think it depends on the CVEs and where they are. If it's a software vuln that requires root or some other complex prerequisites then w/e. But, if we're talking about low level problems in either the OS or network layer (e.g. firewalls, routers) then big clouds are most likely going to have that patched and rolled out more quickly IMO.
> thousands of AWS/GCP/Azure/iCloud security engineers are all doing a more thorough job than you
All these cloud services are just attack surfaces with a huge target on their backs. And the security engineers slip up too [0], in the case of Microsoft it's become more of a meme now. The North Korean hackers basically own them.
Somewhat depends on your threat model. The relative value of an iCloud/aws/gDrive 0day is going to be higher than Nextcloud. If you’re in the category of people concerned about this type of breach, self-hosting a PHP web app and claiming it’s somehow safer wont save you either. For this risky population, neither solution works since attackers are willing to throw expensive exploits at your data in either scenario.
If you aren’t being specifically targeted, then you would care about low hanging fruits discovered by something like automated scanning. Not exposing your service to the internet does solve this assuming you’re confident in the stack which provides this isolation. But managing this stack and performing risk calculus here is actually where the security horse trading happens. I think most people aren’t safer managing this themselves — arguably they’re actually worse off.
I have high standards for the confidentiality of my data. I care about things like lateral movement and the massive attack surface that isolation tech to prevent such movement has. I also won’t design monitoring and alerting, ensure a patch state, or perform code audits on Nextcloud and all the isolation tech required to secure it to a comporable level of security. Because of this, I instead reason around the cost of exploitation. I want it to be higher than what I believe Nextcloud provides and I’d rather require an attacker to use an expensive 0day to extract my data off a cloud provider like Google versus a potentially cheap one against my own infra.
Yes, there is a concept of "shared responsibility" in the cloud. Obviously the provider is going to handle some things and you have to take care of others.
I'm not a security specialist, but it seems to me that while managed services typically have better security and sysadmin resourcing, they also have the downside that their security can fail at a massive scale. If someone defeated the security of, say, GitHub, they could leak all the private repos stored there.
Managed services also have to accept connections from the public Internet, which on-premises solutions do not.
banks aren't safe because they're unrobbable, they get robbed all the time. They're safe because they're the ones taking on the risk. Data isn't fungible like cash though.
Running and owning your own infrastructure exposed to the outside world can be more insecure, running your own infrastructure at home in segmented networks with wireguard will solve most problems.
I think the threat model isn't that these popular services are going to be attacked, but that they will engage in the denial of service themselves without legal recourse.
Like sure, someone particularly interested in your home nextcloud instance could probably find their way in eventually.
But if you are concerned more about dropbox killing your account due to nonpayment, cloud backups getting encrypted and the master key being lost, cloud engineers snooping on your files, cloud platforms targeting ads based on your downloaded files etc etc etc it offers an alternative.
I've been using Nextcloud for some years now. Overall it's an ok replacement for Google Cloud. But for some time now their focus has been on developing features for business collaboration as opposed to personal & family ones. For example, their photo library is quite limited. There's Memories app for Nextcluod, but it isn't much better. I'm in the process of migrating to Immich. Nextcluod notes app on Android has been broken for some time.
As a self hosting afficionado, I feel like the perfect Google photo replacement doesn't exist yet.
I have a synology nas and I use the synology photos app for auto uploading without loss of quality to my nas. Don't forget any picture or videos, deduplicate, figure out what you can safely delete from my phone,... All of that works great and is reliable.
The synology photos app to watch your photos though, isn't very good. Neither on mobile nor the desktop nor android TV. It's bare minimum and even that has failures.
Next cloud,... It gives a weird "I don't trust it" vibe. I want my stuff unedited unaltered, unmoved from their folder and keep your metadata elsewhere, and it just give me a wrong vibe for that. This is 100% feeling and not facts.
Immich is great but high maintenance, any update is a risk that you have way more work that planned. Their upload app need works but I use the synology one. I don't feel safe having that handle the main copies of my picture, and the dev are being super clear that I shouldn't.
Photoprism has been my go to. You need to pay for any advanced features, and unless you're solo you need them for permissions only. I love it but I feel like it's still not quite as good as I would like.
Is there any major, reliable app for that I missed?
> As a self hosting afficionado, I feel like the perfect Google photo replacement doesn't exist yet.
>
> The synology photos app (...)
> Next cloud (...)
> Immich (...)
> Photoprism (...)
>
> Is there any major, reliable app for that I missed?
What about Piwigo ?
They have a mobile client in F-Droid. I've not used it myself, but a friend is happy hosting his own photo gallery with it.
Try Immich (pronounce “image”) in a couple of months from now. At the moment it’s in super fast development, first stable release planned for later this year, probably early 2025. The development effort looks very sustainable, FUTO is funding them a lot.
I still miss editing mostly, but it’s on the roadmap.
I want to like it but it’s quasi-open source. As far as I understand, from the convoluted FAQ, paid Essentials members can’t access the source code, and they are gatekeeping some quite basic features behind Essentials membership.
Reading between the lines I think it is closer to dual licensed. With extra conditions for the non-public source.
I’ve been using Ente for a month and have been loving it so far. The lack of feature parity between iOS and desktop/Electron is a bit frustrating sometimes but workable as I always have a phone and iPad nearby. I reported a bug in the desktop app and they fixed it nearly instantly.
Looking forward to it receiving more polish, but it is workable in the interim. The public e2ee web gallery sharing feature is killer.
> their focus has been on developing features for business collaboration as opposed to personal & family ones
For people like me, who have to contend with GDPR and NIS 2 requirements on an organizational level in Germany this actually is a god-send. MS and Google don't play nice with the local law, e.g. refusing order processing agreements, although MS has recently started to move on this topic.
We replaced MS stuff (all of Sharepoint, most of PIM) with Nextcloud and MS ADS via SAML without too much of a hassle. The sync client has its nuisances (e.g. can't name Nextcloud instances) and it's getting worse for the last few versions! But it does its job, i.e. syncing, and you can always use the cloud itself.
IMHO, the mail app is very slow and need a large screen. Also it doesn't help to manage emails when you need to delete, to search for something, to put in folders and to deal with spams. But I am a power users who like to keep thing clean. Some employees works with it without complaining. Nextcloud recently "bought" Roundcube and it might become the prefered mail app sooner.
> Do you have one NC instance or do you federate (or plan to) ?
We actually have three instances. Currently they are running side-by-side but federation is planned, I think, starting October. Account management is still done in ADS and will stay there for now. SAML works as intended.
> Do you use the mail app ?
Yes, we use the Nextcloud Mail app without the AI features. Most people are using desktop clients, ie. Outlook, for daily work and it is important to us to keep Nextcloud Mail and Outlook in sync. Since the recent changes by MS new Outlook, it is also on the clock, but we are not there yet.
> Which applications do you use to replace sharepoint features ?
We used Sharepoint for centralized file storage, project management, and department sites and not much else. File storage is a given. For projects we moved to Jira some time ago, so little to do here. For department sites we use the Pico CMS integration.
> Do you use the business version of NC ?
Not yet. We are well below 200 FTE, so too small ;) We are interested, however, in the compliance and GDPR certification and we have already contacted their sales. But I don't know what became of it.
YMMV but any issue you have with Immich that may lead you to migrate to NCM you will find again there,IMHO. Update are easier but lots of other stuff are very much work in progress, even when it works well.
My criteria is "when I want to show my vacation to X on the TV at a dinner 6 to 12 months after setup is it reliable or does it always need some tweak or whatever and ruin the moment".
I dont know the apple ecosystem, for me Google photos is king but I want to own and host my data, Photoprism is my current goto.
I would like to switch to Immich, but it is still unclear to me whether my existing directory structure will be preserved or not. In the beginning, Immich used his own structure, which is a no go for any photographer.
But that's only a half-baked one-way functionality, since the set of variables for the template are minimal. Immich can't intake my existing folder structure, or am I wrong?
I've been looking into NextCloud to recommend to a government agency. The world desperately need competition or at least something compatible with the m365 stack, because it's eating the world and taking a lot of choice away and killing a lot of innovation outside the Microsoft funnel, since Microsoft is not interested in a lot of tech (for example, network schemas, useful for "tell us once" type applications, since they'd rather you just use their tech for everything, and the messier it is behind the scenes, the better for them).
Anyway, I have mixed feelings. I admire the community and the support it has by many governments, its staunch Open Source basis so it's useful for an individual or a large organization. But it is building on a lot of crufty PHP, their collection of apps is very uneven and it's hard to know what works well without a lot of research, and it's going in a few directions to upgrade. AppApi in particular is on one hand very innovative, on the other going in some odd directions. I know it is successfully used by very large organizations, but without spending a lot of time with it, it's hard to get a sense of the commitment and considerations required.
I think more than anything they need advocacy and good quality product contributions (support, documentation, code). From what I know, a lot of the development happens via a few consulting firms that support their larger clients.
Lets not forget iPhone vendor lock in that specifically slows down or entirely closes background connections for all other vendors except Apple. So syncing files with Nextcloud or any other app except Apple cloud is an exercise in undocumented futility.
You can put it as a front application and wait (if corporate hasn’t forced a screen turning off timeout)
Not sure how the apple rant is related to the post but;
I use syncthing (via mobius sync) on my iphone and am quite happy with it. It seems to be OK with enough background syncs as it is, but to top it off i added a shortcut that keeps the app in the foreground while the phone is charging and im always up to date, pretty much instantly. Used to keep a couple hundred gb in sync that way (books, papers, org files, passwords, etc).
It always leaves a bad taste in my mouth when opportunists charge money for software they didn’t produce, simply by capitalizing on the fact that it’s difficult and annoying to sideload on iPhones.
It’s a one time $5 fee, integrates with the files app and generally has a few features that are not part of the base OSS app, such as the background syncs. It also sometimes gets affected by bugs that are not do not affect the “vanilla” syncthing, which takes some non-zero time to resolve and which indicate there is some effort going into creating this “port”.
That took some time for the dev to create and would take me at least an hour of my time to reproduce, for which im happy to exchange $5.
I could probably set up an ST instance inside iSH but it won’t work as smoothly, or create a native port myself, but I would rather not and feel thus is a fair exchange.
Of course, I would welcome and am waiting for the release of your alternative free version. Until this time I’ll take your comment as yet another “i hate apple” post.
Judging by your comment I suppose you don’t use generic drugs or any products based on expired patents not by the original patent inventor.
I cannot enter into the Apple Developer Program, or I would have released a lot of free builds of f/oss iOS apps already.
Sadly Apple requires doxxing yourself to publish apps, which IMO is a human rights violation. You also need to provide a working phone number to be able to install even free apps on a phone or tablet you have already purchased. These policies stand directly in opposition to their stated value that “privacy is a human right”.
The time of forced side loading support cannot come soon enough.
> Of course, I would welcome and am waiting for the release of your alternative free version. Until this time I’ll take your comment as yet another “i hate apple” post.
In my home a few minutes ago I just re-hung a framed, signed, and numbered print of some of Susan Kare’s pixel art for the original Macintosh System 1.0. It’s a common misconception that I hate Apple, but nothing could be further from the truth. Of course, you are free to continue believing incorrect things. :)
FWIW, I paid the $5 and have Möbius Sync Pro installed on my phone. But, as a Syncthing contributor, fuck them.
(Separately, it doesn’t even work right, whilst iCloud does, because of Apple’s anticompetitive bias against third party apps replicating OS functionality.)
> Judging by your comment I suppose you don’t use generic drugs or any products based on expired patents not by the original patent inventor.
I don’t believe in the concept of intellectual property. You misunderstand where I’m coming from. It’s a dick move to profit directly off the misfortune or hard work of others, which is precisely what the Möbius Sync authors are doing. It has nothing to do with patents or copyrights or what is or is not legally permitted to be done with the code.
You will note that I release all of my own software into the public domain, not under copyleft licenses. People should be free to be a dick, just as I’m free to point it out.
If what the Möbius dev did is so easy and they are indeed freeloading, why doesn't anyone replicate it in the open?
It's not because of the forced doxxing, syncthing has a foundation with a legal address and real people, using that info on the app store is a non-issue. It's not because of the $99 fee, syncthing has some cash flow.
You could also ask the question of Blink, a f/oss SSH client for iOS that charges money for IAPs.
It is trivial to remove the feature gating and republish. Yet no one has. Would Apple deny it as being too similar to an existing app? Who knows?
I can’t test any of these theories as I am not in the ADP. I even tried applying one time like a dozen years ago and was denied because I didn’t have a DUNS number.
You don’t believe in intellectual property? Well, I don’t believe in gravity.
Ill be waiting for your public domain repo with ios syncthing build instructions - no need to doxx yourself. ill happily build it for myself - i don’t have a dev account either.
FWIW that app works much better than icloud has ever worked for me. eg with icloud you never know when the device decides to remove a file from local cache until youre offline and need to use it.
Intellectual property is a fiction, created to prop up an industry. It was invented and established and promulgated and maintained by modern human beings.
Gravity existed long before humans, and will exist after them.
Syncthing (via Möbius Sync) works quite (surispsibgly!) well on iOS, but there are still many paper cuts. I‘d have hoped the DMA would have forced platforms to be decoupled from services.
Legally, Apple must not provide its own services with an advantage over the competition. I think the background sync restrictions are a DMA violation legally speaking.
Give the EU some time, I'm sure there'll be a lawsuit about iOS doing this stuff some day.
The solution shouldn’t be to forbid anyone but apple from doing stuff in the background but to make permissions very clear, allow for stuff like scheduling background tasks and/or limiting background resources and, for power users, to outright allow specified apps to run in the background. So no, apple isn’t right here
Well, no. This argument might be correct if this policy wouldn't very strongly incentive people to use (possibly paid!) iCloud instead and if Apple would just allow any app onto the app store (or effortless sideloading like on Android). Instead, they heavily scrutinize everything that gets submitted. They could just have special permissions for apps like Nextcloud that would only be enabled if the app behaves correctly regarding this background sync functionality.
Snaps are not popular in hacker news, but if you want basic functionality, try nextcloud snap. It is good, and takes care of itself.
I like nextcloud, and always have an instance for file sharing with people. For basic features, it works good.
That said, I think it would have been better if they could focus on core features, remove code complexity, make it faster, remove bugs around the edges, make sure it just works and upgrades reliably. It could not possibly do such diverse range of applications, and now AI.
I love my nextcloud server. I set up an instant upload for my phones camera photos to replace Google photos. Now I get all my photos automatically synced to my server at home.
Sort of. At some point, you need a platform that orchestrates all those "do one thing well" outputs. I'm using NextCloud for that -- too early to totally be satisfied, but nothing crazy going on yet! Waiting to see a few upgrades and backups to see how things go.
If you're using Mailinabox for your mail server, it comes with a copy of NextCloud by navigating to "/cloud" -- you can sign in with your mailinabox credentials! I'm using it for everything from my keepass database to gnucash syncing, calendar and contacts too!
The idea of using a private cloud sounded wonderful, ran an instance of Next Cloud using encrypted storage, it didn't take long when my files disappeared due to a bug on the encryption and los my files for ever.
Never went back to it
No comment on anything else, but the tone of the page is so schoolyard. For a company that targets enterprise and government clients, petty jabs at the weather app look unprofessional.
The "Comparison" section of the Product Ownership also seems rather ridiculous, where NextCloud is just a questionable "fork" while ownCloud glouriously carries the torch of product ownership. Especially since it's placed directly below the "License" section. Apparently, someone didn't quite understand the idea behind the GPL.
I use Nextcloud, but I'm disappointed in their transition from a file host/sync solution to a "do everything" solution. Their sync client has languished and their server-side sync software has severe performance issues; the core of what made Nextcloud valuable to me has seemingly remained untouched for half a decade as they chase everything else.
I agree with this but at the same time I find NC very useful as a hub that centrally hosts my data and can then speak to other software using common protocols. For example my calendars, contacts, todo lists and notes are all hosted via NC, and I use WebDAV/CalDAV/CardDAV clients on my laptop and phone to interact with it.
I definitely agree NC's core functionality could be more polished though. Performance issues don't bother me as I only host for myself but there are UI issues and bugs that get in the way of functionality. I feel like everything is 90% there but there seems to be little interest in making it to 100%. The collaboration stuff they are mostly focused on is useless to me but I can understand why it's their priority, commercially speaking.
Occasionally I toy with the idea of replacing it with separate tools for file sync, photos, calendars, contacts, notes, etc, but it's very convenient to have it all as one.
The performance issues are noticeable to me because I'm hosting it on a Raspberry Pi 4. I figured that the bottleneck when syncing etc would be network and disk IO so the Pi would be fine; however when I'm syncing, all cores are pegged at 100% by the PHP processes. I've enabled bytecode cache and Redis and all the other normal performance things, PHP itself is just too slow. And I imagine that at least part of the issue is that every tiny file request or directory listing is its own, separately authenticated HTTP request.
But I definitely agree that all the other things are half baked. The media player in the iOS app is extremely buggy. There's jank all over the place. The photos UI is pretty much unusable if you have a lot of photos.
And then there are the constant updates; I get notifications all the time that Calendar or some other app has received an update. I wish they'd coordinate releases of their official apps so that I can get a notification every now and then that I need to update all the apps, rather than constant individual app update notifications.
In short, as you say, everything is 90% the way there.
I boot from the SD card but I have a USB SSD connected which I use for file storage. I have also configured stuff and set up bind mounts such that everything that gets written to regularly (such as logs, the Nextcloud install itself, Postgres, ...) is on the SSD.
I have looked into Seafile, but the thing is that I like some of the extra Nextcloud things, especially the calendar. I just wish that file sync was the main focus and not an afterthought.
But honestly, I should probably just use Seafile and get another, more lightweight CalDAV server.
I use syncthing for files and radicale for calendar and contacts. Very lightweight and stable for years.
Radicale sits behind a proxy with basic auth, so dont have to worry about patching vulns to much.
I ran OwnCloud for a while, until that project died. I liked that it focused on file sharing/syncing only. Reluctantly migrated to NextCloud and it's bloated beyond belief. It works though, and I've been too lazy to look into alternatives.
There are plenty of things to not like about Go, but it's certainly not a meme language. It's one of the first languages I'd personally seriously consider if I were to write server-side file sync software. (PHP, on the other hand, would be way far down on the list.)
Honestly I do not favor this paradigm, no matter if NextCloud, O360, SandStorm and alike: the point is that we should teach the desktop paradigm, syncing data around, not using desktops as monsters, hyper-expensive thin clients or more properly dumb terminals of a remote "mainframe".
It's easy today because current IT evolution is totally skewed, derailed for commercial reasons, but that's untenable. Who think it's normal being even unable to access already made documents only because "the remote service or the network is down"?
I agree -- to a degree. But the "cloud first" paradigm broke MS' chokehold on the desktop and arguably enabled Linux and Mac to become viable alternatives in that space. Today I can use any major Linux dsitribution and just don't have to worry about interoperability in bread and butter use cases. Even MSO365 works fine.
Considering the continued shrieks of pain coming from the graphics design people this is not the case. Those people are still tied to desktop applications and look what freedom of choice they have. Virtually none.
I think you are not alone, but I also wouldn't be surprised if this frog is boiled so slow that our opinion eventually becomes irrelevant: today's teenagers are *less* proficient on a keyboard than their elders, because they no longer "type" but "tap" instead. When the average exposure to computing is reduced to dumbed-down "consumption-only" devices running iOS/Android, and that goes for a generation or more, the perception of us would likely be that of old folks yelling at clouds.
I definitely follow you but noting a thing: the more we "advance" the more we implement again very old solutions, back for the pioneering Xerox PARC era, some random examples:
- most UIs actually have switched from the "commercial menu" model to a "search&narrow" one, now are kind of very rudimentary CLIs;
- from "commercial widget-based GUIs" back to some kind of DocUIs, today they are web, back than PostScript and alike, but the idea is essentially the same;
- NotebookUIs (like Jupyter, IDEs like R-Studio where some "GUI elements exists mixed with text) are more and more common and well, tomorrow someone will rediscover Emacs buffers ideas...
So, while most computer users are consumer only, those who can't consume only a little step at a time, following a kind-of Greenspun's tenth rule reimplement partially and with many bugs and limits old ideas. I do not know where we could go in 10+ years, but... Even with all the bug-ridden modern overhead, we actually rediscover classic solutions, at a certain point classic desktop computing will came back forcibly IMVHO...What I do not know it's how much time and injuries we will suffer in between...
> we actually rediscover classic solutions, at a certain point classic desktop computing will came back forcibly
You make it sound like evolution being circular is matter of fact/inevitable (and, to be fair, tech history proves you right in more than one occasions!), though I wouldn't discount the sheer power exerted of the tech monopolists of today: we don't have dumbed down pocket computers out of technical necessity, or because users "demand" that, or because new trends and implementation paradigms emerged: the dumbing down is purely a marketing strategy meant to extract more profit from users (by controlling the user experience through an "app store", where every app is not just "sold" but "installed").
This time around, I fear that we would have to break those monopolies, or have governments intervene and compel them to open-up their stores and OSes to get back to a fair and fertile ground for innovation.
Well, it's not "automagical" and sure, of course, but tend to happen regularly, of course not exactly as foresee by the pioneers, not without struggles, victims, sufferance in the meantime, but still happen in the end.
Giants now push ML stuff exactly because they foresee a certain evolution, as they push RTO for equal reasons, as anyone else they try to protect their profits and augment them. But as they do so all others who know try to do the same for themselves and "the masses" here and there even in ignorance "feel" smell rodents, and could change mindset once a new way appear in front of them.
We have had proprietary connectors for mobile recharging, now through regulation we have had microUSB and now USB-C, similarly GNU/Linux desktop popularity climb without any laws mandating it, they are small various steps who will likely led to a certain evolution. Monopolies and oligopolies will fall, others will form, in the end in all human history these things have happened and we have kept evolving even if going through long dark ages here and there. The sad part is that we have just a single life so, depending on the point in history we born we suffer more or less and potentially for the entire life...
Just want to say it's times like these I really appreciate the HN community.
The NextCloud site makes it all look great and probably easier than some parts of my current DIY strategy, but reading here I think I'll stick to said strategy.
I like very much Next loud (the idea, the project, some part of the design like storing files flat easily backup able) but my major issue is with the file synchronisation with the Android.
It totally does not work. If you try to send or synchronize just a few files it is mostly ok. But when trying to upload more than a few dozen files, things starts to not work well, like transfer being stuck, or the transfer completing ok but then only a portion of files were transferred.
That instability is the main reason preventing me to use it daily as in the end I will just use it on the computer where the main value would be on mobile.
File syncing also frustrates me, although I think it's working as intended. I would expect that if I update a synced file on my laptop, that should also automatically update it on the cloud. But it seems like there's an extra step where I have to go to the web ui and say that I want it to use the updated version.
Also sharing has been very confusing, people keep thinking they've shared files they haven't.
Maybe the problem is me / us, idk. Or maybe it's better as a "personal" cloud than a shared one. I have, overall, not enjoyed using it. I wish management would just let us store docs in a git repo, which would be much more intuitive for most of us.
When I tried Nextcloud, I found there was an option to sync all photos from Google Photos. It synced around 10% photos and reported success. Overall, Nextcloud had lots of breaking bugs/instability issues like that in almost all cases I tried, so I ended up just buying a second account at a different cloud provider, so everything is now synced to 2 providers, in case I lose access to my Google account.
I experienced the bug you mentioned about 5 years ago, I wonder if they ever fixed it.
Apples and oranges. Syncthing is a selfhosted p2p syncing network and it's miles better for this. Nextcloud is a selfhosted "cloud platform" like Google Apps. How good it is for each use case varies greatly. Most often it is used for easy web/mobile access for files and photos.
I don't know which one is better, but considering file hosting, sync and web access, Nextcloud works very well. Regarding usability, as NC doesn't works like Dropbox it is a matter of taste, I prefer NC over Dropbox.
+1 for FolderSync, it works great. I haven't had a single synchronization issue or missing files whatsoever after using it for 2-3 years already. Note that I never had the need to handle conflicts (I don't modify files from two different devices at the same time).
still love it. Been hosting a small (aprox 20 people) instance for a non-profit since more than 8+ years (even before owncloud and nextcloud split up).
I wish the Android app for this wasn't so unstable and unintuitive, currently you can't even sync multiple selected files without it getting stuck on the "wait a moment" screen forever and forcing you to restart.
Honestly, I feel that Nextcloud is full of bloat, the performance is quite disappointing and it's very unstable. I only use it for file storage, because I can't find a better alternative out there. My advice: never upload directories that may have many small files (and certainly not git repos). For photos, don't even think about it. Use Immich or PhotoPrism.
What issues did you find with the file storage? I’m using it backed by S3 and it hasn’t given me any issues at all so far, be nice to know what to watch out for.
Every now and then uploads might crash, it takes ages for files to load and the whole app freezes. I'm using it with local file storage on an SSD over a relatively fast network. PHP just isn't made for file storage.
Similar to many commenters here, I really want to love nextcloud. It was the very first thing I installed when I built my homelab and it's still running years later. However.
I just plain can't use the thing. The only thing that works well is automatically uploading new photos from my phone. That's it, that's the only thing.
My server is old, yes, but we're still talking about dual 8c/16t Xeons, 128GB RAM, and a 7-disk striped RAID storage. It's no slouch.
I can connect to it with a bleeding edge gaming computer with the latest i9 16 core whatever and a fancy GPU with any browser direct over gigabit Ethernet and it still, somehow, takes a full thirty seconds to show the login page. Clicking on anything in the browser is at minimum a 15 second delay. Trying to browse files takes a good 30 seconds just to switch views to the new folder and another 30-60 to render a plain text list of files. Browsing photos is only slightly slower. I get the exact same level of performance when my client is an ancient first generation i3. It's astonishing, really.
I've debugged this far beyond my abilities and the best I've been able to determine is that the browser is spending most of its time just waiting for the server to respond. The server shows no interesting trends in CPU usage, so I have no clue. I can only assume it's attempting to render server-side on a single thread. Given the poor single thread performance on the Xeon this seems fairly plausible.
But regardless, this is by far the single worst performing website I've ever seen anywhere, ever. We've all seen horrendous single-word-per-page scroll-scroll-scroll slideshow websites that take ages to load. Nextcloud makes those sites look like bare HTML GeoCities pages.
It's atrocious, unacceptable, and unusable. There's no excuse for this.
And yes, I'm using the AIO docker image. I've also tried bare metal installs with the same performance. I've tried a more modern i5 machine. I've eliminated any problems that could be on my part and I'm left with the conclusion that nextcloud is just inexcusably bad.
Which is a damn shame because this is everything I want from self-hosting. I'd love to get my family onto this. Have a central place to share photos and files. Keep everyone's devices backed up in a place I know is safe and secure. But I wouldn't inflict this thing on my worst enemy.
This all sounds like hyperbole, but it truly is the worst of the worst. I have never, since the invention of the internet, seen a website this bad.
Edit: oh and also all of the desktop clients are barely-working garbage. The UX feels like it was designed by aliens who heard about human interfaces in a Chinese-room scenario. Utterly absurd nonstandard unintuitive garbage. The android client isn't much better and the iPhone client is famously broken on purpose.
This is very strange, we use a quite smaller VPS server (2 virtual core, 2 Gb of Ram) to host NC with other things, our clients computers are 10 years old and we _never_ had such bad experience, while we use NC with macOS, iOS, Android, Windows and Linux (mainly Linux).
There is obviously something wrong in your NC setup.
Nope. As mentioned in the original comment, I've tried this several ways on multiple different machines. The configuration is never the same, but the performance always is.
I've tried everything from hardware to network configs, always the same abysmal performance
For my company, I needed a low-traffic Kanban board solution for cheap. Stood up on a small DO droplet and has been working well for a few days. It was my first time using Google Workspace's IdP and it mostly works without a hitch (though logout isn't supported, only way to logout is to clear site cookies and that is weird).
Total cost should be under $250/year, which is about 10X less than a SaaS for our use (free Trello is missing a lot of features that I'd like), and gives us more options besides. I plan to evaluate some of the additional apps for chat/video calls and docs, though I know this would increase the price for beefier infra, because Zoom, MS Teams either expensive for accounts or just damn buggy.
I have only just started using it (and hence wanted to check what others in HN were using it for). Seems like the personal use case for file syncing is difficult; I'm more interested in self-hosting Kanban and other things I don't want to pay yet-another-SaaS a per-user-per-month for the small business tax. Setting up NextCloud with an IdP wasn't too bad, a little weird on Googe's side that it doesn't permit SAML SLO (but that's my not-terribly-deeply-informed opinion).
First if all, it wants to do everything and does none well (or better than specialized apps)
Its internals are a shitshow - a question about getting the real IP of the calling client raised a 10 pages discussion where people said "it works" and other days "it does not". The "solution" required you to change a volatile setting within the docker container (and do it again when the container changes)
Finally the upgrade is insane. I once tried to upgrade my installation, was told that n+2 upgrades are not possible (fair enough) and ... the installer destroyed the database. What a piece of crap. Thanks god for backups.
reply