Michael Cannon https://www.flickr.com/photos/comprock/18751035585/ (CC BY-SA 2.0)

More official Nextcloud Apps

As promised in the first blog post about the Nextcloud App Ecosystem, here comes the second one about all the official Nextcloud Apps that are disabled by default.

To understand the different types of apps better, I would categorize them as following so far:

  • Official Nextcloud app:
    A Nextcloud app is called official when it’s developed/maintained by Nextcloud GmbH and shipped in the Nextcloud server package. Some official apps are enabled.
  • Approved Nextcloud app
    A Nextcloud App is called approved when it comes from a third party entity and is shipped in the Nextcloud server package.
  • Apps from the Nextcloud app store.
    In Nextcloud version 11, an app store will be integrated. I don’t know yet how these apps will be called in the future.

This blog post covers official Nextcloud apps which are disabled by default:

  • Default encryption module
  • External sites
  • External storage support
  • External user support
  • File access control
  • Files automated tagging
  • Gallery
  • LDAP user and group backend
  • Retention
  • SAML authentication

If you just read the names and you are not familiar with the Nextcloud project you might struggling to understand what these apps are for, why they are not enabled and whether it is a good or a bad idea to enable them. I’ll go through these apps, provide a short description and, if possible a common use case and some screenshots.

Default encryption module

I’m not sure why this package is called a module, it should be called an app, an official app!

As you may assume this app is about security. After enabling the app and server-side encryption in the administration settings, all your new uploaded files will be encrypted based on AES 256 keys (How secure are AES-256 encrypted files?), the app won’t touch existing files.
Attention: It is not possible to disable the encryption again and switch back to an unencrypted system!
Please read the documentation to know all implications before you decide to enable server-side encryption.

Enable server-side encryption
Enable server-side encryption

External sites

This app allows an administrator to add links in the Nextcloud web interface apps menu that points to an external website. For a user, the external site appears in an iframe as if it’s part of the Nextcoud installation.

External Sites - Configuration
External Sites – Configuration
External website in an iframe
External website in an iframe

External storage support

The external storage support app enables administrators to configure connections to external storage providers (FTP , Amazon S3, SWIFT object stores, Google Drive, Dropbox, other Nextcloud servers, WebDAV servers, and more). Administrators can choose which types of storage to enable and can mount these storage locations for a user, a group, or the entire system. The screenshot shows an example with external storage via SFTP.

External Storage Configuration
External Storage Configuration

Users will see a new folder appearing in their root Nextcloud directory, which they can access and use it like any other Nextcloud folder.

External Storage in Files
External Storage in Files

External user support

This app authenticates user login against FTP, IMAP or SMB. Passwords are not stored locally and authentication always happens against the remote server. There is no graphical user interface for configuration. You have to add parameters to the configuration file config.php.
Have a look at the documentation.

File access control

This app controls the access to files. It can be used e.g. in relationship with the two factor authentication app (an approved app – TOTP TwoFactor (Google Authenticator)) because it’s necessary to protect the keys. I’ll cover this topic in a separate blog post.
Meanwhile, have a look at Joas blog post on Nextcloud.com – File Access Control – A firewall for your private files in Nextcloud.

Files automated tagging

The app automatically assigns tags to newly uploaded files based on conditions. Combined with Files Access Control App and Retention App it’s possible to create workflows like

  • converting document file types to PDF upon upload by members of a specified group
  • emailing files put in a specified folder with a given tag to a given mail address.

Have a look at https://nextcloud.com/workflow/.

Gallery

Hey, the Gallery app is the awesome photo gallery that you see, after you uploaded some images. It creates automatically mosaic pictures for folders and hopefully it’s soon possible to see EXIF Tags.

Gallery
Gallery

LDAP user and group backend

The Lightweight Directory Access Protocol (LDAP) app allows LDAP users (including Microsoft Active Directory) to appear in your Nextcloud user listings!
Have a look at User Authentication with LDAP.

Retention

This is for automatic deletion of files after a given time. Files have to have a “delete” tag. It is configured in the administration area.

Retention App
Retention App

SAML authentication

The app authenticates users against a Security Assertion Markup Language (SAML) backend, such as Shibboleth which allows people to sign in using just one identity to various systems run by federations of different organisations or institutions.

Conclusion

The official but not enabled apps are often covering special use cases like the whole authentication and workflow handling. Even if these are not “main stream use cases” it’s important and crucial to know that these solutions exist for using Nextcloud efficiently in your company!


tl;dr: The Nextcloud 10 server package comes with several official apps that are not all enabled by default but awesome!

Save

Save

Save

Comments

One response to “More official Nextcloud Apps”

  1. thilo Avatar
    thilo

    thatt is wrong:
    Attention: It is not possible to disable the encryption again and switch back to an unencrypted system!

    you can with ssh console:
    php occ encryption:disable
    and then
    php occ encryption:decrypt-all

Leave a Reply

Leave a Reply