As promised in the first blog post about the Nextcloud App Ecosystem, here comes the second one about all the official Nextcloud Apps that are disabled by default.
To understand the different types of apps better, I would categorize them as following so far:
- Official Nextcloud app:
A Nextcloud app is called official when it’s developed/maintained by Nextcloud GmbH and shipped in the Nextcloud server package. Some official apps are enabled.
- Approved Nextcloud app
A Nextcloud App is called approved when it comes from a third party entity and is shipped in the Nextcloud server package.
- Apps from the Nextcloud app store.
In Nextcloud version 11, an app store will be integrated. I don’t know yet how these apps will be called in the future.
This blog post covers official Nextcloud apps which are disabled by default:
- Default encryption module
- External sites
- External storage support
- External user support
- File access control
- Files automated tagging
- LDAP user and group backend
- SAML authentication
If you just read the names and you are not familiar with the Nextcloud project you might struggling to understand what these apps are for, why they are not enabled and whether it is a good or a bad idea to enable them. I’ll go through these apps, provide a short description and, if possible a common use case and some screenshots.
Default encryption module
I’m not sure why this package is called a module, it should be called an app, an official app!
As you may assume this app is about security. After enabling the app and server-side encryption in the administration settings, all your new uploaded files will be encrypted based on AES 256 keys (How secure are AES-256 encrypted files?), the app won’t touch existing files.
Attention: It is not possible to disable the encryption again and switch back to an unencrypted system!
Please read the documentation to know all implications before you decide to enable server-side encryption.
This app allows an administrator to add links in the Nextcloud web interface apps menu that points to an external website. For a user, the external site appears in an iframe as if it’s part of the Nextcoud installation.
External storage support
The external storage support app enables administrators to configure connections to external storage providers (FTP , Amazon S3, SWIFT object stores, Google Drive, Dropbox, other Nextcloud servers, WebDAV servers, and more). Administrators can choose which types of storage to enable and can mount these storage locations for a user, a group, or the entire system. The screenshot shows an example with external storage via SFTP.
Users will see a new folder appearing in their root Nextcloud directory, which they can access and use it like any other Nextcloud folder.
External user support
This app authenticates user login against FTP, IMAP or SMB. Passwords are not stored locally and authentication always happens against the remote server. There is no graphical user interface for configuration. You have to add parameters to the configuration file config.php.
Have a look at the documentation.
File access control
This app controls the access to files. It can be used e.g. in relationship with the two factor authentication app (an approved app – TOTP TwoFactor (Google Authenticator)) because it’s necessary to protect the keys. I’ll cover this topic in a separate blog post.
Meanwhile, have a look at Joas blog post on Nextcloud.com – File Access Control – A firewall for your private files in Nextcloud.
Files automated tagging
The app automatically assigns tags to newly uploaded files based on conditions. Combined with Files Access Control App and Retention App it’s possible to create workflows like
- converting document file types to PDF upon upload by members of a specified group
- emailing files put in a specified folder with a given tag to a given mail address.
Have a look at https://nextcloud.com/workflow/.
Hey, the Gallery app is the awesome photo gallery that you see, after you uploaded some images. It creates automatically mosaic pictures for folders and hopefully it’s soon possible to see EXIF Tags.
LDAP user and group backend
The Lightweight Directory Access Protocol (LDAP) app allows LDAP users (including Microsoft Active Directory) to appear in your Nextcloud user listings!
Have a look at User Authentication with LDAP.
This is for automatic deletion of files after a given time. Files have to have a “delete” tag. It is configured in the administration area.
The app authenticates users against a Security Assertion Markup Language (SAML) backend, such as Shibboleth which allows people to sign in using just one identity to various systems run by federations of different organisations or institutions.
The official but not enabled apps are often covering special use cases like the whole authentication and workflow handling. Even if these are not “main stream use cases” it’s important and crucial to know that these solutions exist for using Nextcloud efficiently in your company!
tl;dr: The Nextcloud 10 server package comes with several official apps that are not all enabled by default but awesome!
Leave a Reply