I'm done with NextCloud

notfromhere, 9 months ago

Are you exposing it to the Internet? Weirdness like that might be from someone exploiting your instance.

midas, 9 months ago

Yeah - don’t see any evidence of that in the logs + why would it work again after a restart?

notfromhere, 9 months ago

How do you have your auth working? Is it basic user/password managed on Nextcloud (external database connected?), is it external auth against something like Okta, or is it user/pass that you define from docker-compose?

If via docker-compose then a restart would clear anything an attacker would have done and it would reload from the docker-compose process I think? I’m not too familiar with the specifics on that as I’m not a security researcher, but generally some attacks are resident in memory only and a restart can clear them only for it to crop up again later either due to a running process that was set to rerun an exploit or someone monitoring your system externally and retrying the exploit remotely again.

Or it could just be some bug in Nextcloud or unique to your environment. Personally I’m only hosting things that are internally accessible via VPN anymore. Tailscale makes that super easy these days.

Reborn2966, 9 months ago

use immich for photos.

owncloud ocis works but is very young. is literally just file hosting with something to open office files online.

Reborn2966, 9 months ago

github.com/simone-viozzi/my-server

those are my configs. you have both immich and owncloud.

fraydabson, 9 months ago

I just implemented authentik SSO for Nextcloud and other apps and it’s made my life easier.

LordKitsuna, 9 months ago

I would like to recommend Seafile if immich doesn’t work out. I’ve used it for a long time and it’s always been the best self hosted cloud imo. it’s not as shiny or pretty looking as some but it’s been reliable

archy, 9 months ago

Do you have 2 redis containers by any chance? I’m asking because you mentioned Immich, and that one has redis as part of its stack

psilocybin, 9 months ago

Thats frustrating

I second the notion that your ip was banned by nc’s brute force detection

The silent reconnects of a DAVx client on a phone could easily trigger this

You can whitelist your home routers ip in the config IIRC Maybe not on the LISO container though, IIRC it is less configurable, but doesn’t “just work”, I’d ditch that not nextcloud

Quick fix could be to “DELETE FROM” (or “TRUNCATE” if you are certain nobody is blocked correctly) the table bruteforce_attempts (or smth similar). Although that “dc up && dc down” worked could indicate another issue, as you do seem to have persistence with your db in a docker volume (cred are still there) which would mean the time penalty ran out during restart or oits somethimg else

TCB13, 9 months ago

Well, I’m amazed you didn’t get downvoted to hell by saying NC is bad. Some of my experiences with NC are described in detail at lemmy.world/comment/1571886 and lemmy.world/comment/346174

h3ndrik, 9 months ago

Most likely you got blocked for some time by the brute force prevention. Have a look at your logfiles.

homegrowntechie, 9 months ago

^this. You probably had a Nextcloud client somewhere with wrong credentials that was trying to reconnect repeatedly which locked you out. It happened once to me.

Nsh, 9 months ago

I haven’t got this kind of issue with nextcloud, I’m pretty sure you can reset your password using occ via cli

midas, 9 months ago

I’m using the LSIO docker image and I could not locate the occ file to fire off the reset - but even then - I didn’t need to reset my password anyway…

u_tamtam, 9 months ago

That’s your problem, just there: you deployed a one size fits all blackbox of a container that, by definition, on top of pulling all the inefficiencies and redundancies of docker, isn’t tuned for your specific hardware and operational needs. I get the appeal of containers, but if you want to self-host responsibly, you’ve got to be in control of what’s running and how.

Sorry if this sounds harsh.

midas, 9 months ago

I honestly don’t see how my issues are related to docker. Sure the occ app was missing (or I just couldn’t find it, but the conclusion was that I didn’t even need it)

I’m running Linux so there’s not really any inefficiencies in regards to resources AFAIK - it’s just namespaces and cgroups.

u_tamtam, 9 months ago

I could give you plenty of reasons why you would be worse-off deploying from docker without deep understanding of what’s going on, but to only list a few out of the obvious pile:

• your container ships a bunch of things that you do not need and that take-up significant server resources. Not just nextcloud apps that you will never need but get loaded nonetheless, but also things like redis and a full-fledged collabora server that only make sense in a large-scale instances.
• your container isn’t tuned for your server because whoever made the container had no way to know that in advance. For instance, It might be that your php-fpm forks beyond your multithreading or IO capabilities, that your application cache isn’t adequate wrt. your system’s RAM memory, etc
• your containers duplicate functionalities from each other and from the operating system. You don’t need more than one http server, database, application process manager, interpreter, … but they add-up nonetheless and reduce the pool of available resources from the rest of the system and containers.

BCsven, 9 months ago

Maybe Immich might be a fit fit

github.com/immich-app/immich

midas, 9 months ago

I’m giving this a try now - it’s true it still saves the files on disk somewhere right? AFAIK at least so, this fits my requirements.

MangoPenguin, 9 months ago

Yes it does, you can back up the files externally and everything if needed. You can also import external directories of existing photos.

BCsven, 9 months ago

The installation instructions talk about the yaml amd env file to dowmload and edit, in one of those you specify explicit path of where your files go

Secret300, 9 months ago

If your main use case is photos

github.com/LibrePhotos/librephotos

vividspecter, 9 months ago

My problem with nextcloud is more the performance of the web interface rather than it’s reliability (and that’s even with mariadb + redis setup and a decently fast minipc). It’s fine if you avoid the web interface, but that’s part of the draw of the thing.

slippery_salmons, 9 months ago

I’ve never really needed the web interface once everything was setup. Mobile app syncs my images and then I browse files through synced desktop clients. Never had any issues this way. I guess I’m not using the extra features some may be after in the webui.

NicestDicerest, 9 months ago

There are more twerks to it than "just’ using mariadb and redis. Maybe look into Apache/nginx cacheing,tune your mariadb settings and stuff like that. Had performance-problems with my owncloud-instance, now it runs like a champ

vividspecter, 9 months ago

Fair, although I feel like performance should be better OOTB, particularly when I’m just using it as a single user. It is an old and complex application that does a lot, so it is understandable.

clegko, 9 months ago

MariaDB runs like hot garbage with Nextcloud imo. I’ve gotten to the point where I use legit MySQL or PostgreSQL and performance is night and day. I have no idea why Maria acts out with Nextcloud for me, but I’ve gotten tired of troubleshooting it.

vividspecter, 9 months ago

Interesting. MariaDB was the path of least resistance for me but I normally prefer PostgreSQL. I’ll put it on the list.

pim, 9 months ago

The performance is indeed pretty terrible. Most stuff runs fine on my NUCs except nextcloud. Maybe throwing more hardware at it solves it though.

CypherPsycho, 9 months ago

Nope lol I have a pretty godly server and nextcloud is slow as a mf

neshura, 5 months ago (edited 5 months ago)

As someone with a beef server: Nope, performance stays unsatisfactory. Redis helps a lot but only if the page is cached which tbh just makes the experience worse if the page isn’t cached

Edit: I’m using the AIO installer though, as discussed elsewhere in this post that might be the root cause of the poor performance, will check on the weekend by installing nextcloud manually in a fresh vm

MangoPenguin, 9 months ago

The poor performance carries over to the sync clients too because they’re just using webdav http requests. Nextcloud will take like 10+ hours to sync my folders, vs about 10 minutes with Syncthing or something else.

leraje, 9 months ago

Maybe give Seafile a try?

Open source, you can selfhost, has clients for Linux/Win/Mac and Android/iOS and best of all - encryption that actually works.

clegko, 9 months ago

My main usecase is saving photos but I don’t want them locked away in a database so SeaFile is out.

leraje, 9 months ago

Shit. Missed that, sorry.

midas, 9 months ago

No problem! It’s good software but I’ve honestly been burned by applications that only keep this kinda stuff in databases. If you do daily backups/exports it’s probably OK but I don’t trust myself not to fuck it up.

stephenc, 9 months ago

This is my least favorite part of Seafile. If there were a competitive alternative that used a flat file storage backend then I’d switch to that in a heartbeat. But alas, I still have not found one, so I will continue into my 6th year of using Seafile…

Worth noting in 6 years I haven’t had any actual trouble with Seafile’s storage, and the few times I’ve needed to I’ve been able to export data to a normal file system using seaf-fsck even if Seafile isn’t running. I’m just not 100% comfortable with it anyway so I understand the apprehension. I’d rather use a standard filesystem and be able to use standard tooling on it.

clegko, 9 months ago

Honestly this is why I’ve resisted going to seafile. I’ve been using owncloud for a while and it’s been solid, but it’s not my favourite thing in the world.

stephenc, 9 months ago

And the clients are actually really great, competitive with the features of the best cloud storage clients.

ippokratis, 9 months ago

Nextcloud is an overkill. Its just too much. I’d say better split down the needed services. Baikal/radicale etc for contacts/calendar. Photoprism/librephotos etc for photos. A webdav server for storage. And so on.

festus, 9 months ago

What name do you assign the DB for PostgreSQL in Docker and does it by chance happen to match the name of any other containers, possibly in other docker compose files?

I’m only mentioning it because I experienced weird inconsistent issues with a service I was running where it was sometimes having trouble connecting to its DB companion and I eventually realized that it was sometimes connecting to the other container. I was also finding that turning it off and on again was often ‘fixing’ the issue, at least for a while. Might be worth checking out. I’d also consider viewing the logs for Nextcloud (docker logs -f ) when you’re unable to login and see if there are any errors. Frankly I’ve never had these specific issues with Nextcloud, and given that it’s based on PHP (it only ‘executes’ on an HTTP request), it seems like restarting shouldn’t help unless it’s something else.

midas, 9 months ago

I run a separate instance of postgres since I also use it for a lot of other stuff.

it seems like restarting shouldn’t help unless it’s something else.

I’m honestly also baffled

festus, 9 months ago

And none the container names or link aliases conflict? Like you don’t have multiple db containers? Perhaps try renaming the Nextcloud db to something like nextcloud_db if you aren’t already.