Changes between Version 49 and Version 50 of org/operations/services/NextCloud

Aug 6, 2019, 4:03:27 PM (6 months ago)



  • org/operations/services/NextCloud

    v49 v50  
    1 [[TOC]]
    3 = Instructions for using !NextCloud for Tor Project =
    4 Tor Project is evaluating [ NextCloud] as a tool for managing and sharing resources ^[#fn1 1]^ and for collaborative editing ^[#fn2 2]^.
    6 Questions and bug reports are handled by Tor's !NextCloud service admin team. For bug reports, please [/newticket create a ticket] in the `Service - nextcloud` component in [ Trac]. For questions, find us on IRC (GeKo, ln5, pospeselr) or send email to ``.
    8 == Signing in and setting up two-factor authentication ==
    9  1. Find an email sent to your personal Tor Project email address from `` with a link to ``
    10  1. Do not click on the link in the email, clicking on links in emails is dangerous! Instead, use the safe way: copy and paste the link in the email into your web browser.
    11  1. Follow the instructions for changing your passphrase
    12  1. Enable two factor authentication:
    13    1. In your browser, select Settings -> Security. The link to your settings can be found by clicking on your "user icon" in the top right corner. Direct link: [ Settings -> Security]. 
    14    1. Click "Generate Backup codes" in the Two-Factor Authentication section of that page.
    15    1. Save your backup codes to a password manager of your choice. These will be needed to regain access to your !NextCloud account if you ever lose your TOTP token/application.
    16    1. If you have a [ TOTP] setup (Google Authenticator, pass-otp, or other similar applications on hand-held devices), locate it and then:
    17       1. Click "Enable TOTP" on the web page.
    18       1. Insert your token or start the TOTP application on your handheld device and scan the QR code displayed on the web page.
    19       1. Enter the numbers from the token/application into the text field on the web page.
    20       1. Log out and log in again, to verify that you got two factor authentication working.
    21    1. If you have a [ U2F] setup, like a Yubikey, locate it and then:
    22       1. Click the "Add U2F device" button under the "U2F device" section
    23       1. Insert the token and press the button when prompted by your web browser
    24       1. Enter a name for the device and click "Add"
    25       1. Log out and log in again, to verify that you got two factor authentication working.
    27 == A note on credentials
    29 '''''Don't let other people use your credentials.''''' Not even people you know and like. If you know someone who should have a !NextCloud account, let the service admins know in [/newticket a ticket].
    31 '''''Don't let other _other_ people use your credentials.''''' Never enter your passphrase or two-factor code on any other site than Tor Project's !NextCloud site. Lower the risk of entering your credentials to the wrong site by verifying that there's a green padlock next to the URL and that the URL is indeed correct.
    33 '''''Don't lose your credentials.''''' This is especially important since files are ''encrypted'' in a key derived from your passphrase. To help deal with when a phone or hardware token is lost, you should really (really!) generate '''Backup codes''' and store those in a safe place, together with your passphrase. Backup codes can be used to restore access to your !NextCloud and encrypted files. There is no other way of accessing encrypted files! Backup codes can be generated from the [ Settings -> Security] page.
    35 == Files ==
    36 In the top left of the header-bar, you should see a "Folder" icon; when moused over a text label should appear beneath it that says Files. When clicked, you will be taken to the '''Files''' app and placed in the root of your !NextCloud file directory. Here, you can upload local files to !NextCloud, download remote files to your local storage, and share remote files across the internet. You can also perform the various file management operations (move, rename, copy, etc) you are familiar with in Explorer on Windows or Finder on macOS.
    38 On the left side of the '''Files''' app there is a side-bar with a few helpful views of your files.
    40     * All files : takes you to your root folder
    41     * Recent : recently accessed files and folders
    42     * Favorites : bookmarked files and folders
    43     * Shares : files and folders that have been shared with you or you are sharing with others
    44     * Tags : search for files and folders by tag
    46 === Upload a file ===
    47 Local files saved on your computer can be uploaded to !NextCloud. To upload a file:
    49     1. In the !NextCloud '''Files''' app, navigate to the folder where you want to store the file
    50     1. Click on the cicular button with a '''+''' inside it (to the right of the little house icon)
    51     1. Click '''Upload file''' entry in the context menu
    52     1. Select a file to upload using your system's file browser window
    54 === Share a file or directory with another !NextCloud user ===
    55 Files stored in your !NextCloud file directory can be selectively shared with other !NextCloud users. To share a file:
    57     1. Locate the file you wish to share (either by navigating to the folder it is in, by searching, or by using one of the views in the sidebar).
    58     1. Click the file's '''Share''' icon (to the right of the file name)
    59     1. In the pane that pops out from the right, click on the search box labeled '''Name, federated cloud ID or email address…'''
    60     1. Search for the user or group you wish to share with by !NextCloud user id (pospeselr), email address (, or name (Richard Pospesel) and select them from the dropdown.
    61     1. Optional: click on the meatball menu to the right of the shared user and edit the sharing options associated with the file or directory.
    62         * For instance, you may wish to automatically un-share the file at some point in the future
    64 === Share a file with the internet ===
    65 Files can also be shared with the internet via a url. Files shared in this fashion are read-only by default, but be mindful of what you share: '''by default, anyone who knows the link url can download the file'''. To share a file:
    67  1. Locate the file you wish to share
    68  1. Click the file's '''Share''' icon (to the right of the file name)
    69  1. In the pane that pops out from the right, click the '''+''' icon beside the '''Share link''' entry
    70  1. Select appropriate sharing options in the context menu (these can be changed later without invalidating the link)
    71  1. Optional: A few measures to limit access to a shared file:
    72   * Prevent general access by selecting the '''Password protect''' option
    73   * Automatically deactivate the share link at a certain time by selecting the '''Set expiration date''' option
    74  1. Finally, copy the shared link to your clipboard by clicking on the '''Clipboard''' icon
    76 === Un-share files or edit their permissions ===
    77 If you have shared files or folders with either the internet or another !NextCloud user, you can un-share them. To un-share a file:
    79  1. Locate the file you wish to un-share in the '''Files''' app
    80    * All of your currently shared files and folders can be found from the '''Shares''' view
    81  1. Click the file's '''Shared''' icon (to the right of the file name)
    82  1. In the pane that pops out from the right, you get a listing of all of the users and share links associated with this file
    83  1. Click the meatball menu to the right of one of these listings to edit share permissions, or to delete the share entirely
    85 === File management ===
    86 === Search for a file ===
    88 In the Files application press Ctrl+F, or click the magnifying glass at the upper right of the screen, and type any part of a file name.
    90 === Desktop support ===
    92 Files can be addressed transparently through [ WebDAV]. Most file explorer support the protocol which should enable you to browse the files natively on your desktop computer. Detailed instructions on how to setup various platforms are available in the [ main Nextcloud documentation site about WebDAV].
    94 But the short version is you can find the URL in the "Settings wheel" at the bottom right of the files tab, which should look something like ``. You might have to change the `https://` part to `davs://` or `webdavs://` depending on the desktop environment you are running.
    96 If you have setup 2FA (two-factor authentication), you will also need to setup an "app password". To set that up:
    98  1. head to your personal settings by clicking on your icon on the top right and then `Settings`
    99  2. click the `Security` tab on the right
    100  3. in the `Devices & sessions` section, fill in an "app name" (for example, "Nautilus file manager on my desktop") and click `Create new app password`
    101  4. copy-paste the password and store it in your password manager
    102  5. click `done`
    104 The password can now be used in your WebDAV configuration. If you fail to perform the above configuration, WebDAV connections will fail with an `Unauthorized` error message as long as 2FA is configured.
    106 == Collaborative editing of a document ==
    108 Press the plus button at the top of the file browser, it brings you a pull-down menu where you can pick "Document", "Spreadsheet", "Presentation". When you click one of those, it will become an editable field where you should put the name of the file you wish to create and hit enter, or the arrow.
    110 === A few gotchas with collaborative editing
    112 Behind the scenes, when a user opens a document for editing, the document is being copied from the !NextCloud server to the document editing server. Once all editing sessions are closed, the document is being copied back to !NextCloud. This behavior makes the following information important.
    114 * '''''The document editing server copies documents from !NextCloud''''', so while a document is open for editing it will differ from the version stored in !NextCloud. The effect of this is that downloads from !NextCloud will show a different version than the one currently being edited.
    116 * '''''A document is stored back to !NextCloud 10 seconds after all editing sessions for that document have finished.''''' This means that as long as there's a session open, active or idle, the versions will differ.  If either the document server breaks or the connection between !NextCloud and the document server breaks it is possible that there'll be data loss.
    118 * '''''An idle editing session expires after 5 minutes.''''' This helps making sure the document will not hang indefinitely in the document editing server even if a user leaves a browser tab open.
    120 == Client software for both desktop (Window, macOS,Linux) and handheld (Android and iPhone) ==
    121 TODO
    123 == Using calendars for appointments and tasks ==
    124 TODO
    126   the prescribed way is to use the DAVx app (   )
    128 NOTE: DAVx^5^ is cost free in [ F-Droid] ([ direct link]).
    130 === Importing a calendar from storm ===
    132 To export a calendar from storm, click on the up/down arrows icon on the left side of the storm calendar. A menu will pop up which will allow you to "Export" a calendar in .ics format by clicking on the "Download the contents" link. This will download a file in .ics format.
    134 The .ics file can be imported into the Next Cloud calendar app by:
    136 1. Clicking on the calendar icon in the top navigation bar to open up the calendar.
    137 1. Clicking on "Settings and Import" on the bottom left corner
    138 1. Click "Import Calendar" on the menu which pops up
    139 1. This will allow you to select the file you just downloaded from storm, ready to be uploaded
    140 1. You can import this calendar as a "New Calendar" or an existing calendar by expanding the drop down menu.
    141 1. If you select "New Calendar" you will see a new calendar, with the same name as the file you imported, appear on the left hand menu.
    142 1. To rename this calendar, simply click on ellipsis icon next to the calendar name in order to open up a menu with the option to edit it.
    144 === Importing a calendar feed from Google ===
    146 1. In your Google calendar go to the "Settings and Sharing" menu (menu appears by hovering over the right hand side of your calendar's name - "Options for " and the calendar name)  for the calendar feed you want to import.
    147 1. Scroll down to the "Integrate Calendar" section and copy the "Secret address in iCal format" value.
    148 1. In Nextcloud, click on "New Subscription" and paste in the calendar link you copied above.
    150 == Managing contacts ==
    151 TODO
    153 == Project phases ==
    154 The !NextCloud evaluation project runs from April 1 to September 30 2019 and is divided into N phases (with start dates):
    156  1. Setting up (April 1)
    157  1. Migration of data from Sandstorm (April 15)
    158  1. Migration of data from SVN (April 22)
    159  1. Feedback collection (June 1)
    160  1. Evaluation and decision (August 1)
    161  1. Possibly migrating users and data to a permanent !NextCloud instance (September 1)
    163 == Footnotes ==
    164 * [=#fn1 (1)] Resources include files, calendars, tasks and contacts; see
    165 * [=#fn2 (2)] Collaborative editing: documents, spreadsheets and presentations; see
    167 = Evaluation notes
    169 == NextCloud evaluation for Tor Project
    171 META TODO: add trac magic here listing all open issues in component 'Service - nextcloud'
    173 User instructions are found over at the [wiki:org/operations/Infrastructure/NextCloud Instructions for using NextCloud for Tor Project] page
    175 === Evaluation time period
    177 April 1 to September 30 2019
    179 Six months is long enough for finding out if this works for us, even when taking potential disturbances into account.
    180 The evaluation period can be shortened if it shows that we know everything earlier.
    182 === Who will be part of the evaluation group
    184 NOTE: #29417 has a list of people
    186 ==== Must have
    188 - Seattle office folks
    189 - PMs
    191 ==== Maybe
    193 - Anybody interested?
    194   - Plus
    195     * might help to test scenarios/to catch issues not found with just having the groups in the "Must have" category
    196     * helps conveying the idea that this is a service for everyone at the Tor Project and not just a special group of employees
    197   - Minus
    198     * might make the evaluation process too complex and time consuming if a lot of folks are getting involved (e.g. we might not be able to help those who need it most as good as we could due to lack of resources in that case) UPDATE 2019-04-29: This concern seems less problematic than anticipated -- our users seem to figure things out by themselves pretty well. Even 2FA works for those who try it!
    199     * Migrating users and their data if we decide to move to a more permanent instance will be more time consuming and possibly more complicated the more users we have.
    201 - One person from each team
    202   - Identifying a) use cases in each area of what Tor is doing and b) potential cross-team communication issues
    204 ==== No thanks
    205 - Non Tor members
    206   - We provide services to Tor members
    208 === User functionality (ie applications)
    209 We should minimize the number of applications, for minimizing not only the risk of security issues but also user support issues.
    211 ==== Must have
    212 - File Sharing -- sharing of folders and files, including device sync (a la dropbox)
    213 - OnlyOffice -- collaborative editing of documents; text documents, spreadsheets and presentations
    214 - Deck -- KanBan board (non-official app)
    215 - Calendar -- shared calendar using CalDav
    216 - Tasks -- shared task handling (non-official app) using CalDav
    217 - Contacts -- storing of contacts using CardDav
    219 ==== Maybe?
    220 - [ nextcloud end-to-end encryption] -- do we need this to protect some data from administrators of the nextcloud instance? More details can be found in [the rfc].
    221 - Gallery -- sharing photos
    222   - Sharing kittens is an important use case, but perhaps not important enough?
    223 - Webmail
    224   - mail is nothing we really offer today and thus, Webmail would not replace any service Tor provides; not sure yet if the use-case
    225     of webmail in nextcloud is important enough to add this app up to all the others we need
    226 - an app that helps with Doodle like polls (not sure whether there is such a thing, maybe the Polls app; yes, it seems so:
    228 ==== Not at this stage
    229 - Talk
    230   - We don't want to mess with a STUN and TURN server at this point
    232 === Infrastructure requirements
    233 - FDE or [ nextcloud server-side encryption]
    234 - backups -- with what kind of "EULA"?
    235 - ? LDAP user and group backend
    237 === Replacing existing services
    238 ==== Sandstorm
    239   - [ ] calendar
    240   - [ ] KanBan
    241   - [ ] Pads
    242 ==== SVN
    243   - [ ] NC "File Sharing"
    244 ==== Google Docs
    246 === Who will help with the system
    247 - Training and education
    248 - User support
    249 - Service admin, ie nextcloud software updates, migration of data from existing platforms (SVN, Sandstorm, other)
    250 - System administration, ie providing a patched and networked operating system
    252 === Migration of data from existing services onto evaluation NextCloud
    253 Copying data from SVN, Sandstorm, Google Docs and possibly other services.
    254 We'd have to "freeze", ie write protect, the data there, so that people don't update things in two places.
    255 This is not going to fly in the cases where _all_ the users of that data are not also on Nextcloud though, so some data will probably have to stay and _not_ be copied to Nextcloud.
    257 ===== SVN
    258 There's at least three SVN repositories
    259 - public (#15948 but we dont care)
    260 - internal (#15949 gives some insight but we don't care)
    261 - corporate is the one we want to put in Nextcloud, possibly after some undefined sort and discard procedure
    263 ===== Sandstorm
    264 What do we have in Sandstorm?
    266 ===== Google Docs
    267 What do we have in Google Docs? Formally nothing but in practice probably quite a lot.
    268 Let this be self organized -- those who want to move a document off of Google into Nextcloud can do it after coordinating with their peers. We don't do that for them.
    270 === Migrating from evaluation onto a production environment
    272 ==== User credentials
    274 ==== User data
    276 === Open questions
    278 - can we use db.tpo? let's try to not be dependent on ldap queries in real time, but rather do what the rest of the infrastructure does -- extract a subset of the db and transfer it to the nextcloud system. this is what dip.tpo (gitlab) is aiming for too. might be useful.
    279 - what are the security promises of federated sharing? trusting DNS plus all the CA's? can we require DNSSEC? can we configure CA trust root? Nextcloud does not have any settings that require DNSSEC or specifically allow you to configure a CA trust root.
    280 - Should we run our own app store (see: One idea could be to only allow installing/updating apps from there and making sure apps are only in it after they have undergone some review.
    281 - How do updates work in a hosted environment, both for official apps and unofficial ones? Is there a way to make sure that updating app X does not prevent app X (or even app Y!) from functioning correctly after the update? If not, is there an easy roll-back button to fix this if needed?
    283 === Evaluation
    284 TODO: Let's have users fill in a form of some sort, after some time.
    285 - what is good/ok/bad with X, for X in login, sharing, real-time editing, calendar, tasks, contacts, kanban, more
    287 === Resolved issues
    289 Keeping them here for collective memory of decisions
    291 ==== RESOLVED regarding the riseup instance
    293   - what's our https endpoint?, may also be accessed via
    294   - when can we start using it? april 1
    295   - can we have 2FA (TOTP) enabled? TOTP is enabled (using the "official" Once can configure it by going to and look towards the bottom for TOTP (Authenticator app)
    296   - what does the "server encryption" look like? FDE
    297   - can we use "client encryption"? The "Server Side Encryption" option is enabled with the "Default Encryption Module". Users need to be very careful, because if they lose their password or recovery key, it may be impossible to recover their files!
    298   - what does the backup scheme look like? Incremental backups are done nightly of the database, and files to a different physical machine devoted to this purpose.
    299   - How do we treat apps security-wise? Do we want to review all apps before using them? Or maybe just the unofficial ones? And how about updates? Riseup reviews any 3rd-party apps before installation and updating
    301 ==== RESOLVED user management
    303   - can we configure NC to require 2FA for all users? We can configure it to require 2FA for your group, let micah know if you wish this enabled.
    304   - will our evaluation group be able to deal with 2FA? we wanted to aim high and fall back if necessary but user enrollment showed to be difficult with 2FA being enforced. let's nag users without 2FA enabled isntead.
    306 ==== RESOLVED Choosing a service provider
    308 RESOLUTION: We've picked Riseup
    310 We want to buy the service nextcloud, for the evaluation at least.
    312 Current contenders include
    314 - riseup
    315   - plus
    316     - trusted people
    317     - have onlyoffice, and experience with users of it
    318     - user (and perhaps data too) migration _off_ of the evalutation instance might be less painful
    319   - minus
    320     - not entirely sure that we can have our own instance, but might have to share with riseup people. this would limit the alternatives of site wide settings, like requiring 2FA, possibly influence user handling, definitely affect choice of applications and the process for upgrading
    321     - riseup can setup a separate instance, on a dedicated server, if this is something that is desired. Perhaps after the evaluation period has ended, we can revisit this once it is determined if Nextcloud is something that people will want to use.
    322 - hetzner
    323   - plus
    324     - known reliable service provider (at least for co-location and VM's)
    325   - minus
    326     - there is no onlyoffice available, but can be provided elsewhere (on a separate server)
    328 One possible option would be a combination of both -- NC from Hetzner and Onlyoffice from Riseup
     1See [[nextcloud]].