Building a NextCloud server at home

I’ve been upset to think about Google holding so many of my files but the service Google provides in keeping things in sync between my several comupters has been just too convenient.  The NextCloud project has been on my horizon for soem time because it offers me things I care about: self sufficiency, privacy and security.  It’s an amazing project and my goals for using it are right at the simplest end of the spectrum of users.  Surprisingly, I found it a little hard to get super basic advice – the admin guide is hundreds of pages long.  I knew it coudn’t be hard but I struggled to find an ‘Idiot’s guide’….so here it is.

Step 1: Build a host

My intent was to host my own files locally, in my home.  A cloud in my house.  I maintain a couple of servers and use virtual machines under vmWare but I could just as easily have used any old PC or laptop with a bit of storage space.  I installed Ubuntu server I still use the 18.04 LTS relaese because of its generous maintenance period.  It’s here.

Update and patch it:

sudo apt-get update

sudo apt-get upgrade

Step 2: Install

The next steps were too easy for any one to have documented them — except u/Lognei on reddit who put together a basic post on basic installations.  Thanks!  We will use the snap tool to install in one command.  Lovely.

sudo apt-get install snapd

snap install nextcloud

So, now we have an application which is automatically running and all our further work can be most easily accomplished on the web interface using any browser.  The only stumpling point is, ‘What do I type into the address bar?’ First try:

hostname

and type hostname.local into your browser (substitute the name of your host for ‘hostname’ obviously!) The didn’t help me in my environment so I used an ip address directly.  192.168.4.99 did the trick for me and your’s will be different (try ifconfig if you need help finding your ip address.)

Step 3: Remote access

I want my NextCloud to be accessible locally and from my laptop, office machine, phones and tablets.  Basically from where ever. That is always going to bring about security concerns but the NextCloud project itself is super secure.  Just take care!

I had a domain already registered – we’ll call it myname.net.  So I logged into the company that manages the DNS for myname.com.  That’s the directory that links the readable URL (myname.net) to the machine readable ip address.  For the record I use Zoneedit for that and have for years.   I added a subdomain called ‘cloud’ so now cloud.myname.net points to my Home ip address.  That a constant address for my, but your may change each time your modem drops out – check out dynamic DNS if that proplem applies to you.

Next I needed to look at my router and its firewall to allow incoming requests for the NextCloud services to reach the server we set up in the steps above.  These incoming requests are on ports 443 (and possibly port 80). In my router I was able to add a port forwarding rule so that all incoming requests on port 443 are directed to the ip address of the server running NextCloud. Good

So now if I type cloud.myname.net into any browser, I get the log in page of my NextCloud server.

Step 4: Add users

The first user on a NextCloud server is called ‘admin’.  Not a very personalised choice.  Once through the login screen it was trivial to add a new user with my proper name.

Step 5: SSL

This got me for a bit and took a bit of googling to get right.  To keep your data safe when it is transmitted from your NextCloud server, across the internet to your laptop or phone it needs to be encrypted in transit.  This is part of the https protocol and is required by most browsers in 2020.  If its not there you will get big warnings that your connections are insecure.  To allow encryption your server needs a certificate and we will use a certificate from Let’s Encrypt (its free!).

When I initially set out to do this the process failed but another kind blogger helped me out with and important first step:

apt install resolvconf

nextcloud.enable-https lets-encrypt

When asked enter the domain name that you plan to use to access NextCloud (remember cloud.myname.net).  Now your data will traverse the internet in a form that no one can read (unless they break into your server and steal your certificate).

Step 6: Download clients

Nextcloud runs a little client on each of your machines to keep you files synced.  They’re here. I installed clients under Ubuntu linux, Windows 10, Window 7, and Android and connected my new user.  I could now save a file on one machine and see it arrive on any of the others around a minute later.  Cool.

Step 7: Encryption

Being able to manage the security of my stuff is a big deal to me.  Not that I have anything to hide but rather that I like to assert my right to keep my stuff to myself.  Human rights stuff.  NextCloud has a bunch of stuff to extend security beyond HTTPS.  All you files can be encrypted on the hard drive of the server but this may be easier to achieve by allowing the operating system to encrypt the entire hard drive.  That’s my preferred pathway.  I have enabled end-to-end encryption after reading this TechRepublic post.  There’s a bit of fiddling here including adding two apps in the NextCloud web interface – you need ‘Default encryption module’ and ‘End-to-End Encryption’. Once they are running you can set up folders to be encrypted before any files are transmitted over the internet.  I’m still trying to think how much that helps me.  It does ensure that the files are encrypted at rest on the server as well as in transit.  That’s a good thing.

 

Step 8: TODO External storage

My Nextcloud runs as a virtual machine inside another host. It’s nice to keep VMs small so they can be moved and backed up and so on. I’ll need to add more storage to my cloud before it can store all of my documents. More research is my next step.

Leave a Reply

Your email address will not be published.