First one should ask though: why? My main motivation was that many of the apps I use were easily available in the nextcloud store, while with owncloud I had to manually pull them from github.
Additionally some of the app authors migrated to nextcloud and did not provide further updates for owncloud.
Another reason is this:
the graphs above show the number of commits for owncloud and nextcloud. Owncloud has taken a very noticeable hit here after the fork – even though they deny it.
From the user perspective the lack of contribution is visible for instance in the admin interface where with nextcloud you get a nice log browser and system stats while with owncloud you do not. Furthermore the nextcloud android app handles Auto-Upload much better and generally seems more polished – I think one can expect nextcloud to advance faster in general.
Until now I used a microSD card for storage of my Owncloud setup. The drawback of doing so is that microSD cards only allow for so many writes until they die and go in a read-only mode.
Therefore the Nextcloud box is an attractive upgrade allowing to use a more failure proof HDD while still keeping everything inside the same housing.
The first thing to note is that the housing is much larger than one might think from the photos. See the comparison photo with the Odroid housing. Actually this should not be a surprise as the 2.5″ HDD alone is larger than the Odroid board.
This article is about how to securely configure the machine where your Nextcloud/ Owncloud instance will be running. Even if you set-up your connection with Owncloud in a secure way, your data still can be compromised by exploiting security flaws in the underlying architecture.
In the following we specifically will cover the underlying software stack and brute-force password hacking attempts.
update 24.04.2017 – include Subject Alternative Name field
update 20.12.2017 – discuss Certbot as an alternative
While the Nextcloud Manual suggests enabling SSL, it unfortunately does not go into detail how to get a secure setup. The core problem is that the default SSL settings of Apache are not sane as in they do not enforce strong encryption. Furthermore the used default certificate will not match your server name and produce errors in the browser.
In the following a short guide how to manually set-up a secure Apache 2.4 server for Nextcloud will be presented.