I've been running Nextcloud for family collaboration purposes since before the fork from Owncloud. I've been pretty happy with it overall.
My biggest gripe with it is the increasing schizophrenia of the UX devs. One thing I _loved_ about Nextcloud was that they paid a lot of attention to making it easy to navigate and use. The newer UX "enhancements" seem to be all about maximizing (useless) whitespace and making every widget as spherical as possible. The calendar UI used to be a joy to use, now it's the most frustrating calendar I have ever seen.
On the plus side, if you're using the docker image, upgrades are a breeze. Just bump the tag on the image, redeploy, and you're done. (It did take a _lot_ of effort to migrating my existing data to the docker container, though.)
I also use Roundcube as my main email client. I've looked at bunches of them, but Roundcube is the closest thing to a web-based Thunderbird that I have seen. Unfortunately, this had a UI "update" too and now practically nothing can be customized the way I prefer. If someone forks Roundcube and brings back the old theme, I will switch to it tomorrow.
I run around 15 Nextcloud instances. One is for 1500 odd people for whom safety is quite important - it delivers lots of docs to a lot of devices. Those users are moving pretty fast and rove in and out of some form of ethernet service with a lot of irregularity.
My home service has to deal with some huge users (wife, phone, camera) (dad, constant saving, vast numbers of docs).
Work instance - all of the above!
I very rarely deal with the web UI but when I do it simply works or when I look into /pictures etc: locks up but that is generally the browser giving up and not the app.
I migrated a post office with several domains from RC to Snappy Mail. RC seemed to have stalled a few years back. SM is rather nifty so I'll stick.
Roundcube has been languishing a bit since the failed Roundcube-next fiasco. You can criticize the Nextcloud group for many things but at least they have proven to be consistent with pushing forward their open source projects.
> tangled and ugly mess of a UI
Maybe I'm an odd one but I have no issues with the UI. It's clean yet more info dense than many other commercial offerings.
> It is slow
I have mine working better than any google property. Nextcloud relies heavily on a performant database setup, so moving that to a separate NVME drive was one of the greatest improvements I ever made. That and properly handling image preview generation.
> Problem with free and open source software is that you have to follow the passion of the devs
Nextcloud is produced by a commercial entity, they are not a passion project. They target large installations and so tend to focus on that use-case. This makes tuning the stack to a small deployment a little bit of work.
Maybe this has been improved, but I remember thinking that and then it biting me because updating to the latest image (linuxserver/nextcloud) wasn't actually updating nextcloud itself, just the environment (php, etc.)
When I realized this, I had to go through several major nextcloud upgrades, incrementally going from one major version to the next.
Then it bit me again a few months later where nextcloud updated their maximum supported php version, and the docker image I was on quickly bumped the bundled php version to the new maximum, so the older version of nextcloud suddenly refused to start - even to run the updater. I ended up finding the max version check in nextcloud's php code and commenting it out, after that I was able to run the nextcloud update manually.
After being bit twice, I finally automated the full process so that the nextcloud software is updated in addition to the environment.
Don't use linuxserver images. My feeling is they were done by someone who doesn't understand docker very well. Frequent use of supervisor, lack of logs on stdout, weird automagic config approach.
It may feel convenient if someone did homelab without docker, but will bite you in the long run.
They work great for stateless services that you don't modify for your use case. I've had a wireguard server and client container, both based on linuxserver/wireguard, in a fairly weird setup within Nomad, running in production for over a year with no issues.
The trick was to isolate the weirdness in the wgconf files, the permissions of the containers, and their shared netns (a nomad group, in this case, with its netns configs tweaked by a startup script). The Dockerfile is simply FROM linuxserver/wireguard:latest.
(It's wrapped in a Dockerfile so its rebuilds are limited to when we rebuild our images (every commit), but AFAIU the linuxservers setup, it can also pull in wireguard updates at runtime.)
hmm, are you sure about that? the whole reason I use the linuxserver offerings is that they all follow the same pattern of not using root privileges in the container and also factoring the uid and group id out as compose variables so you can match them to other containers if needed.
Yes their images are standardized, which helps if you want "linuxserver experience" and don't care about actual image.
Try to understand what actually happens on container startup and you're stuck in three layers of base images that they use as framework, with hooks on each layer.
Wanna inherit some image and eg. copy something into config dir? Nope. Config dir is overwritten by symlink, by script on some layer. Actual config dir is moved somewhere to fit their internal convention.
Their framework allows them to quickly add new applications and keep them updated. But it's pain to work with.
I guess if you're willing to learn it and you're 100% sure, you're not going to modify image or configure application beyond of what they exposed - you might be okay using it. Otherwise just get official image.
I think both are true - LinuxServer images are usually well maintained, and they all use a common format, so once you know how to configure one, it's easy to configure the rest.
But they make a lot of decisions that are not "best practices" in Docker - such as running multiple processes per container, under a supervisor.
IMO, they are great for single-machine home deployments.
I just use the regular "official" docker hub image, not the linuxserver one. Not sure what the differences may be.
The "major versions incremental upgrades" is a fundamental nextcloud thing, to do with their database migrations I expect. I was way behind and had to do three of them in a row when I containerized my Nextcloud instance, but they all worked fine, thankfully.
And, I thought I had it in my crontab, but now I don't see the job there. I haven't touched it in months, and I'm on the latest version of nextcloud, so presumably it's still working. But I honestly can't remember how I set it up.
It's even easier with the all-in-one (aio) solution. Upgrades via a simple UI, automatic Borg Backups, etc.
I run this on hetzner cloud with one storagebox for the files and one storagebox for the backups. Runs nicely, gets updates, and as the storageboxes do automatic snapshots, I have double backups.
Can you use a UI to upgrade the underlying container? It's not with docker-compose?
If so that feels a bit like an anti-pattern, just like the WordPress container which updates the WP files inside the container itself, the container just contains the webserver, php and database.
The AIO solution creates several docker containers that all get updated through their assisted update process. In general, I've been quite happy with it, myself. I have it running on my Unraid machine. The only problem I have intermittently is when Unraid seems to rename container names in special circumstances. I have to go and recreate the aio container. Otherwise, it's been very smooth sailing for me; and, the AIO solution definitely runs faster than my original single Docker container solution.
> Unfortunately, this had a UI "update" too and now practically nothing can be customized the way I prefer. If someone forks Roundcube and brings back the old theme, I will switch to it tomorrow.
?? The old skins (Classic and Larry) are still available as plugins via PHP composer, aren't they?
I'm running on "bare metal" Digital Ocean VPS (like god intended), and I just use the web-based updater and it works well. APT on Debian handles everything else.
>self updating function of nextcloud works very well
Then that's a new development. I've been using it since about v9 and it was a complete trainwreck that might have had a 25% success rate until I gave it up and moved to the docker around v17.
> I’ve had it bork my install so many times that in the end I spent more time recovering nextcloud than actually using it.
I had issues with upgrading a few times on a modest VPS, when trying to upgrade via the web interface. I've since switched to upgrading via ssh by running the `updater.phar` script[0] and haven't experienced an issue upgrading since.
I of course don't know if this would've avoided the issues you experienced, @josteink, but I wanted to mention it in case others have a similar problem to what I had.
That sucks. I'd be frustrated too. For me it just hosts calendar and contacts for a few users and my files are in seafile so perhaps the small footprint helps. In what way did it break, I want to keep an eye out for this.
> The newer UX "enhancements" seem to be all about maximizing (useless) whitespace and making every widget as spherical as possible.
I have used Firefox my entire life and sometime back they added really stupid whitespace between the address bar on both ends. Every single time I reinstall the browser on a new OS I see it and remove the whitespace. It drives me up a wall. It looks so gimmicky and like a complete waste of a UI that didnt need to be changed.
Sometimes the best UI decision is to leave things as-is, especially if your UI has been plenty standard.
I also have Nextcloud running on docker using linuxserver.io image and the upgrade process is a breeze. I usually upgrade by running watchtower once a month to update my docker images.
Why do you have to wait for someone to fork it? Can’t you just not update to the bad version? I thought that was a major appeal of hosting your own email client like this.
And given the email protocols won’t ever change, I would assume it’ll continue working the same for a decade or more.
(My only guess is a security worry, but this seems like a rather niche thing that something this niche would be unlikely to be attacked unless I were targeted by some state-level actor)
A self-hosted personal server very much needs to be kept up to date. This isn't a "state-level actor" issue; any vulnerabilities in software like this, especially in software that someone might not update in a timely fashion, will get scanned for automatically and exploited when found.
In theory, the portions that are only accessible with authentication are less security sensitive if you have only a small set of trusted users, but that's still reducing the security of your server to the security of your least security-aware user.
Hmm. I was imagining a personal server. If I were hosting a webmail client personally, I wouldn't expose it to inbound connections from the Internet at all, preferring to keep such a thing inside my LAN and via VPN only.
Clearly I overassumed though, because you're right, when it could be that one would have such a thing accessible to a small team of people who don't use a VPN.
You could also just stick it behind a reverse proxy with basic HTTP Authentication; that means you have to keep Apache/nginx/caddy/whatever up to date but that part is easy and then nothing else can get to the actual application if you've done it right.
>On the plus side, if you're using the docker image, upgrades are a breeze. Just bump the tag on the image, redeploy, and you're done. (It did take a _lot_ of effort to migrating my existing data to the docker container, though.)
As much as people rag on Snap, Nextcloud being available on it is also super convenient if one doesn't feel like using Docker.
I really wish someone would make an alternate frontend for nextcloud. The backend is pretty solid from what I can tell, but the web UI is basically unusable.
I kept upgrading the server because I thought the abysmal performance was a backend bottleneck. But no, if I turn on profiling in my browser, I can see it taking geologic ages to do... Whatever it's doing. The server is mostly idle just waiting for the browser to respond.
> if you're using the docker image, upgrades are a breeze. Just bump the tag on the image, redeploy, and you're done.
Or you could just run Watchtower beside it and it will automatically update your docker containers. https://github.com/containrrr/watchtower If you are OK with automated updates.
This is software that I rely on for my day-to-day tasks. I've had upgrades break things SO MANY times, that I never do an upgrade of "production" without specifically setting aside at least 30 to 60 minutes of time to deal with any potential fallout.
If we were talking about a video game, or some kind of testing/QA environment, then sure, automatic unattended upgrades would be fine.
What happened to modern UX design? In the 90s it was driven by hard science and serving users. Now it feels like a competition to prevent anyone from accomplishing even the simplest task. Why do modern UX designers have such contempt for their users?
>On the plus side, if you're using the docker image, upgrades are a breeze.
I've had problems that required fiddly manual interventions twice after updating to a new major version.
And what keeps me from using it for anything other than File synching is the lack of a functioning integrated backup mechanism. There is a plugin, but it's unusable shite (tries to keep the entire data in memory, big has been open for years), and I really don't want to depend on a self-made combination of Filesystem and DB backup.
One of the things I like about the docker image is just that it absolutely rigidly guarantees that all the state is located only in exactly the directories I specify, and I can be sure of that by construction.
So my Nextcloud backup solution is a cron job that shuts the entire container down and runs a restic job on it, then brings it back up when the backup is complete.
I'm not completely sure that's quite "self-made"; restic is standard enough. The only special sauce is just that I don't even bother with how to handle files that are open, especially with the database. I just shut it all down.
The nice thing is this works with all my docker stuff; the cron job just iterates them one at a time, shutting them down and doing the same standard backup on them all, then bringing them up. I don't need or want a Nextcloud-specific backup mechanism.
No. Docker compose, if you want to get technical not just "docker", with MariaDB. When the cron job runs docker-compose down it backs all the subdirs up, including the full DB directory. (Probably not a cheap plan for a heavy-use site, but for my family it's a normal thing for day-to-day to have no changes.)
Interesting that you comment about SQLite being a problem. I am not a heavy user of Nextcloud, but I haven't had the operational problems many people report here; I wonder if that's correlated to using SQLite.
> It did take a _lot_ of effort to migrating my existing data to the docker container
Or you could just use some external storage. Like SMB or something. And then you would learn what updates aren't 'a breeze'. And there is no built-in SMB support in the default container.
Since I'm running it since OwnCloud days too, I have an opinion on it and it's Not. Good.
Desktop client for Windows is miserable and sucks:
a) you have something with a name longer than 30 symbols? You know need to guess what the full path of that file in the error log
b) this is like 4th year when you have an option to see the errors in a separate window, except it's... empty. Not an empty error log, it' empty window
c) Oh, best part: if the client decided to update it would kill your Explorer first (like -9), install the it's shit and then... force reboot your machine without any questions
d) when you click on the client icon in the notification area it shows multiple icons what you would thing would do something. Except it's just opens the web-interface of the instance
For years mobile client couldn't work properly with a self-signed certs, which is quite ludicrous for a solution boasted as the pinnacle of self-hosting.
UI overall is shit, it's a legacy of early 2010 concepts with Googlisation on every not needed aspect. And just outright stupid ideas, which 2.5 developers at NextCloud couldn't test, like littering EVERY (sorry for caps) folder you navigate through the web interface with README.md. And shitting bricks on non case sensitive mounts, because yes, it's hard.
Server side is always running to pump out new versions, while abandoning and deprecating addons. Oh, addon you are using is now deprecated, besides being made a mere year ago? Tough luck. Stay on the supported NC version. Except it's not supported anymore because it's a year old now version.
Oh, since 2016 it's no longer a file syncing solution, it's collaboration software or even groupware. That means there are now office suite, chat, contact lists and whatever else, including an email client. This also explains why did NC 'bought' RC. Except all those parts are not integrated good.
And finally it's a PHP app with a tons of legacy code. As soon as something breaks you are drowning in multiple screen heights of errors of PHP code. And consequently all performance troubles are solved by throwing RAM and CPU at the instance.
5 years if things are not updated will have vulnerabilities. It might be that framework updates will fix them, or code changes needed, or code changes because newer versions of libraries are not backward compatible. Getting old NPM projects updates is hellish. Breaking changes are very common.
This is definitely true, but PHP is a special nightmare of a beast. I think overall PHP is underrated, and is a much better language and platform than people give credit, but damn two weeks without updating dependencies in PHP is rolling the dice. Keeping up with all of the cve's is a significant chunk of a full-time job.
no company in the world is going to maintain 2 separate software products that compete with each other. They will be merged, my prediction is 12 to 18 mos
I guess you still think about PHP when it was version 3 or 4... we're at version 8.3 now and it's definitely not the same thing. Both for language and performance.
I remember looking at some new features and was so hopeful the language would get better but they had some super cargo culty take on something borrowed from another language that completely missed the point. It's a horribly done me too language where the developers don't fully understand what they are "me too"ing.
7.0 had some issues so bad it's almost impossible to find anymore. Seems like they tried to erase it from the internet. The language itself is an attack vector.
You saying I'm flamebaiting? I doubt anyone is going to be offended by PHP being trash, especially anyone that has spent any serious time working with it.
Heavyweight? I run it (with all the collab suite features, photo galleries, and ai integrations) on a single RPi4 along with several other applications. But then I only have a handful of users...
"Neither will Roundcube replace Nextcloud Mail or the other way around. ... Nextcloud Mail will evolve as it is, focused on being used naturally within Nextcloud."
Atom was my first proper Editor. I miss it, even though there were a lot of bugs. It was so much fun finding all the cool community-made packages and trying them out.
We just swapped out our old webmail system (made from twigs, mud and spit) for a nice and elegant Roundcube install with custom plugins and I was already dreading having to change it.
I really tried to make Nextcloud work for me but it was too much. I‘ll pay the enshittified Dropbox premium soon.
Some bugs I encountered in a few hours of testing and trying to make it work.
The Mac auto-update installs an incompatible version to my OS; the website offers only the new incompatible and an old version that also doesn’t work (OS can not scan the app). The solution is to find a suitable version from a hidden FTP, user-unfriendly.
Some files had modification timestamps on 1.1.1970 that causes obscure sync issues on Mac. Either run some arbitrary database scripts to fix this or a simpler solution is to ‘touch’ all affected files.
The Windows Client consistently shows random minus bytes, hangs, and freezes.
The Windows Client is stuck in a loop of calculations and transmissions. Also a reinstallation is impossible as AppData folder isn’t deleted during uninstallation.
A successful complete reinstall downloads all the existing files individually, creating conflicts with identical(!?) local and server files. Why is the file hash not checked before the download? It’s frustrating and seems poorly designed.
All bugs have open GitHub issues I didn’t bother to include. Some have open PRs for years. The last bug is open for 5 years now.
If Dropbox is all you need you might be satisfied with Syncthing. I have used it for a week now, it works well and I have the warm fuzzy feeling that nobody is using my data to make a few bucks (I'm self hosting it on a home server).
Syncthing is great, and I use it at home. For a robust multi-user alternative to Dropbox (or *cloud), I can also recommend Seafile. I replaced Dropbox with a self-hosted version of Seafile and have never looked back. Also, for a fantastic mail server solution with a great webmail client, look at Axigen. Their free version is more than enough for a personal server, and you can use Amazon SES for outbound mail to avoid reputation issues. I host mine at Linode and love it. If you have a business need or are larger than the limits of the free version, their license costs are quite reasonable.
Not only that, you don't even need to "host" Syncthing. Being P2P in nature, it can just run on whatever computers you want to sync to, directly.
That's pretty cool.
The only thing I'd really want for Syncthing is some kind of simple interface for my desktops (all running SwayWM.) There's a GTK app that I use on my Pinephone, but it's a little janky. I mainly just want to be able to know that I'll get notifications when there's a conflict or error. (Dropbox style file emblems in file explorers, showing the state, would be nice, too...)
You still need a node somewhere that is always available, otherwise your device cannot sync when your other devices are offline.
My wife and I had such a setup for years with Resilio Sync. But life is busy enough to maintain yet another thing, so we are happy to fork over the monthly fee for Dropbox Family.
Ideally I'd switch over to some other sync solution, because Dropbox is somewhat overpriced. But we've had bad experiences with Google Drive and OneDrive for local sync in the past.
Well, you need an always-online node only if you actually need it to be syncing all of the time. Not everyone needs this; often times it's enough to just sync opportunistically. This is mainly necessary for things that are mutable and active; for me, I store my Keepass XC on a Syncthing shared folder, so this is relevant to me. And for that, I use my NAS, although obviously, not everyone has a NAS.
But that's the thing. Especially notable compared to NextCloud, Syncthing is not like most "self-hosted" software. Because a node is a node is a node, and because it's relatively lightweight, it literally doesn't matter what you use. You can use a Raspberry Pi, an old phone or laptop, anything you can connect sufficient disk and a network to can be a Syncthing node. And if it catches on fire, it doesn't really matter since every node is equal. You can just add another node at any time.
So a lot of people think Syncthing is another thing you'll have to worry about and maintain, but it's not. It's one of the few pieces of software that I expected to have to deal with a lot of extra work to use, but then it wound up being dramatically easier and more flexible than I expected. I worry about robustness when it comes to something as complex as cross filesystem syncing, but Syncthing has never lost my data. I have backups turned on on most nodes for the important folders, but I've never consulted them before, because I've never needed to.
Surely it is possible to lose data with Syncthing, or otherwise create a headache. However, from my point of view, it certainly seems to be among the most reliable and lowest effort ways to sync stuff across devices. I haven't had to spend almost any time maintaining Syncthing, and I don't have to worry about limits. I just need one device with a big enough disk, then I can create however many shared folders are needed to get the granularity I want.
Syncthing also has a pretty cool encryption feature. It is considered "beta" still, so I only use it in "trusted" scenarios, but it works great.
When I started using Syncthing, I only intended to share some document files between my desktop and my laptop. Now I use it to sync my Keepass database, files between some servers (think seedbox etc.,) multiple different documents folders including some for collaborative projects, and even a couple of other things. So it really wound up over-delivering for me.
I'd strongly recommend people, even people who already feel like Resilio Sync wasn't a good fit, to just try to set up Syncthing before resigning to Dropbox. Comparatively, I think Syncthing is simpler to use and more robust than basically any other solution that isn't Dropbox.
I might have been too stupid to figure it out, but I found Syncthing unusable because I couldn't set up a basic "backup" style sync. That is, anything I added to my phone folder would get synced one-way to my computer... and anything I deleted from that folder would also get synced one-way to my computer. This forced me to maintain my entire photo library on my phone, which of course is exactly what I was trying to avoid.
No, the issue is that send-only sends all modifications, including file deletion. I wanted it to only send new files, but couldn't find a way to do that.
Nice, I guess it does work. Annoying that what feels to me a basic option is hidden for power users. I don't understand what your comment is saying though?
Well that option is hidden because of the very real problems it causes in "normal" syncthing use, as explained on the page.
I'm saying that you can disregard the warning in the case of a backup system (as opposed to the normal use which is full sync between two devices that both modify files).
I was thinking of trying out using something low level... Maybe that? Does it support lazy selective syncing? Updating only ranges of files? Does it handle broken connections gracefully and recovers without data loss?
I always wondered why photographers held on to negatives/raw files for so long. How often does the need to return years later come up, and can that justify the cost of storing all that in a way that’s somewhat reliable? I’m not saying there aren’t valid reasons to do so, and throwing the pictures on a few externals drives isn’t terrible, but to do it “right” seems like it would be super expensive!
Oh, I'd throw them away in a blink, If I were not lazy:
Almost after every shoot, people come back "remember that one photo, where I smiled at sth? I'm very sentimental about that, cause it's [some important thing to them]", which necessitates the need to hold on to every photo taken on the session. So no real deletes here, even if it came out technically wrong (blurry, blown out, etc.).
Those requests lessen, but don't die down completely. Especially with cyclic events, organizers have this habit of a asking for things done exactly year ago.
Some just say: "hey, I remember you taking a photo of me then and then" for their dancing portfolio in my case.
Especially for videos, which can be a constant flow of editing requests, for supercuts and etc.
Now, if I were really smart, I'd just have some good way to archive after two years, and delete after - let's say three years. In practice though, there are so many unforseen circumstances that a habit of "never delete anything" forms really easily.
It's just a lot easier and cheaper to buy another drive instead of culling 10k of photos every once in a while, especially if external confirmation is involved.
Totally understandable! As a service provider, you want to be able to fulfill those requests because it will make you their go-to person for life. Pretty cheap compared to the benefits you can get.
Despite constantly crowing at researchers in my past life that they will lose all their data ... it only happened once or twice, and both times was related to theft and not drive failure.
I wonder if you could sell a type of "archive protection plan" as an add-on to your work. It's like $70 a year to store 500GB on Glacier. I am sort of assuming each shoot is 500GB? You could guarantee access for those customers who want it.
If we're being honest with each other, I would do the exact thing you're doing and focus more on my business. :)
You could also back up to something like AWS Glacier. The cheapest tier (access less than once a year) is $1/TB/month. Maybe if you kept thumbnails locally, you could push all the data up and only pull it as and when you needed it.
Aaaah I see : - ) still, if it's only very occasional "do you remember that photo?" queries, that shouldn't add up to any significant cost. But a full retrieval - yeah. Interesting how the price ramps up!
Because better hardware gets cheaper, and one's technique and software improves over time.
I was able to recover a 13 year old photo I took with a D70s which was extremely noisy. By using what I learnt and state of the art software (which is Darktable), I was able to extract a very nice photo out of it.
Also, as your style improves and experience piles up, you look to your "bad" photos and say "Aha, there's a nice angle here. Let's process this".
You can see some of my "Remastered" photos at [0].
That looks pretty nice. I'll try to find some noisy files to send to you. What's nice about Darktable is it has a feature called "profiled denoise".
Contributors send in calibrated RAW files per camera, taken at every ISO setting possible, so Darktable denoises your file according to your camera's profile at particular ISO. The result is pretty impressive.
I have uploaded that particular image to [0]. Taken in 2006 and processed in 2020, after 14 years!
I second immich - used it for some group sharing (non-registered users) and worked really smooth.
had some random upload fails though on the app from iOS.
I run it on TrueNAS Scale. Yes it is all quite fragile, but I managed to get it in a state where it works if I don't touch it. It's all backed on a ZFS volume. Barring significant hardware failures I will be able to access my data locally. I use Storj for mirror remote. Rebuilding would be a bit of a pain, but I have reached the E2EE personal cloud ideal. If [better than storj] cloud storage services offered BYOPK E2EE then I wouldn't need to jump through such hurdles.
I have been using Maestral for Dropbox sync on Mac for years now and it works great. The primary downside is that it doesn't have block-level sync because it's not supported by the API. The flip side is that you don't get the memory-hungry Dropbox app that embeds a web engine for some unfathomable reason.
I wish that Dropbox would bring back their old client that just did sync and not all the crap that I don't need.
By this logic, you should recommend that people don't use computers.
All software has vulnerabilities. The trick is to install it in a way which mitigates most of the typical ones: use VMs, SELINUX/APPARMOR, containers, chroots, user separations, etc.
None of what you mentioned protects against XSS which the parent mentioned. Things like having a proper CSP might but only if the application is built so it does not depend on insecure eval/inline and/or you can properly disallow fetch/connections to outside sources.
Everything you mentioned is about protecting things the app should not have access to. Many vulnerabilities are about intent (did the admin user really mean to truncate the db they have permission to truncate) or target (did the user really mean to export all my emails in an archive to h4x0r@yahoo.com).
If you at all store any sensitive data within the application either serverside or clientside you need to consider the security of the application itself, not just the sandboxing/isolation.
Agreed, this is a nasty bug in the software, which makes it open to manipulation by anybody on the internet who can send you an email. It's a big failure of the RoundCube project, developers probably do not care about security of user data very much. The response to the bug report is "did something to fix this, closed", no comment on what is going to be done to prevent this stuff in the future. Which is disappointing for a flaw of such severity. I wouldn't be surprised if similar attacks on RoundCube are still possible.
I thought the problem with Roundcube-next was it wasn't run by the roundcube org but separate devs from Kolab? They just made the mistake of endorsing the project
I hate nextcloud with a passion and I just hope they can govern a project like roundcube... used it for 20 years even through the whole roundcube next debacle. That said roundcube itself is not an oss project with a clean track record.
Nextcloud is the OSS equivalent of IBM and ticking boxes so it's easy for management to pull the trigger but every feature is just a half-assed buggy implementation. Gobbling up OSS funds and fucking up government projects that try to rely on it. It's a disgrace.
Hmm, I am using it for years and can’t quite relate to your passionate hate.
With regards to box ticking, that is probably something you need to do if you want to compete with Gsuite and O365. Both have sales teams which are influencing some decision makers in organisations wherever they can.
If you give these people the opportunity to say ‘Ha, we can’t use Nextcloud because it does not support XYZ’ then they will. You never get fired because you bought IBM.
It is very difficult to get through this barrier. Sometimes you need to put a bit of lipstick on your pig, because others did it as well.
Plus, XYZ might be implemented half-aresed in Gsuite or O365 as well.
You wrote it yourself "might be implemented half-arsed in Gsuite or O365". You can be sure it's half-arsed with nextcloud. For smaller deployments it might be fine but it starts to get bogged down with more than 1000 users.
NextCloud is just your typical PHP & MySQL webapp. The scaling limit is how many connections your database server can handles and how much iops your disk provides.
I beg to differ and so would our over 1000 customers, none of them with less than 100 seats (we don't sell below that). Most have 1000 users or more.
The largest has several tens of millions of users and they are using Global Scale. One customer runs nearly 4 million users on a single cluster.
Nextcloud is a complicated beast, and scaling to tens of thousands of users isn't trivial, but then that is what Nextcloud Enterprise is for. So if you need a large scale installation, no problem - contact our team and we get you up and running.
"tens of millions"? you must specify what. hosting mail with 20GiB average mailboxes? Or a publicly accessible file share with a million monthly hits? Big difference. I would not productionise Nextcloud for a large organisation.
Finally there are very few orgs worldwide even with a few hundred k employees and any firm would get huge Microsoft discounts at that scale for products like SharePoint (on prem), Exchange (on prem) and Office Server (on prem also)... and oodles of support over a very mature product which Nextcloud is simply not.
I would love to have a look in your customer feedback questionnaire responses :)
..but ofc I would say the same in your position.
Edit: Just so you know we are still a customer of yours with over 3k users but not for long anymore. We tried to work with you for over 4 years now and got absolutely nothing. Neither performance nor features.
True but it does have the features that look attractive.
Too bad "beta quality everywhere" attitude never gets fixed. Basic stuff like weird upload indicator on the web, desktop app freezing when synching some 10GB or so and I don't even want to touch most of the third party plugins which are at alpha quality.
It's like a selfish girl that you need to treat carefully or it starts crying real fast.
I've been a very happy Roundcube user for a decade without a single problem. Also worth mentioning, their CLI update script just works without a hitch.
I'd like to see Nextcloud adopt Roundcube's commitment to reliable software. I've tried migrating my calendars, reminders and contacts several times, but it's never worked reliably. There were often subtle problems such as missing calendar entries that simply disappeared without a trace.
The GitHub issue talking about this [1] is such a mess too. Maintainers closing the question with a vague non-answer, deleting comments left and right, etc. Sounds like someone stole the money and everyone is either complicit or too embarrassed to admit that it happened.
This is wonderful news! Nextcloud gets an additional product offering for an important aspect (email!), and RoundCube gets resources in the way of dev. staff (and possibly other benefits from NextCloud funding)...and ALL of it is open source, self-hostable, and good tech.! Kudos to RoundCube and NextCloud folks!
Speaking of Roundcube: If you're hosting it without apache (as in: without htaccess support), make sure the logs directory and files aren't exposed publicly. They can contain access tokens and even encrypted passwords (encrypted with a default password unless manually changed during installation), and follow a known file structure, so it's quite common for people to get owned this way.
Sure, that’s always sound advice. However, most projects are usually designed in a way that their logs are either not exposed at all (due to not being in the webroot for example), or have measurements in place to avoid exposing them (like WordPress for example). Roundcube just puts them there and you have to actively think about excluding them from your webserver configuration. Plus, they dump really sensitive information in there by default. That’s why I wanted to explicitly point it out in this case.
Given Nextcloud's track record that doesn't bode well for Roundcube's future. We tried to make Nextcloud work for us for years, but it's just too terribly clunky, unstable, bug-ridden, and customer hostile. I hope none of that rubs off on roundcube.
Do you have recommendations for a self hosted webDAV server that could act as a Dropbox / GDrive replacement? I‘m using Nextcloud only for that use case because I haven’t found anything that seemed as stable.
I am not much into self hosting other than a barebone setup that takes care of my linux ISOs on a VPS, but you might want to check Syncthing. Put it on a server and then connect it from other places. This software is a marvel at simplicity (except a bit of settings/config - I mean for heaven's sake that can definitely be improved :P; but once done it's rock solid - it just works and not like Apple where we pretend it just works, it really just works) and robustness. Also I never face speed problem or any hiccups pretty much. It puts Dropbox and GDrive etc to shame combined.
If I could find time to be better at self hosting and will be able to take care of a server's upkeep, security/OS/package patches/updates et cetera then if I have to setup two first tools on this it would be Syncthing and RClone.
On the other hand for my current needs I use filen.io (it's on BF sale right now). It's not the best but works fine for my use - like a remote hard disk acting like backup (its "local backup" sync mode).
There's solid SFTP clients for every OS (even Android!) and all it requires on the server is the already installed OpenSSH, so I never really saw the need to look into webDAV.
For user-facing oses yes, but webdav is available on lot "embedded" devices like Smart Whiteboard, and for many oses is built in (even Windows 98), so it's easier to deploy
all sorts of network security appliances in foreign networks make reliance on ssh a futile endeavor. webdav works over standard ports with standard tooling (web browser)
I echo GPs thoughts. I use a VPS with syncthing. While that is also clunky, it works for my usecase while keeping multiple redundant copies across devices.
Depends on what you mean by redundant though, right? Syncthing is generally not gonna protect you from an accidental `rm -r *`, unless perhaps you set yourself up with a permanent head server where everything is versioned but on which files are never edited. (I'll be happy to be wrong)
- the core feature, file sync, has extremely unreliable clients that can't resolve even the simplest of conflicts reliably while sucking up 8 CPU cores to do... nothing, really
- all the ~ecosystem~ of plugins they decided to staple onto it because file sync doesn't make them money, are all low quality compared to dedicated solutions, and synergy between them isn't great enough to make up for all the problems
- the plugin API is utter garbage and deliberately underdocumented, to force you to hire the devs as consultants to undo their own mess (which probably is a major driver for #2, you spend too much time fighting the APIs to get useful work done)
- "core" plugins get randomly deprecated with no useful replacement
So whatever you use nextcloud for, something else does it better
Nice to hear. After several (abandoned) attempts and installing NC from scratch it seems to me that Nextcloud matures well. I like the focus on hub/groupware. Still some details from time to time which annoy me (and probably could be improved). But in general, Nextcloud is great! And using AIO (all-in-one docker image) it's really simple to install and maintain the server. -- So happy to have a good alternative to the Microsoft365 offerings!!! I do think Roundcube found a good place.
Not sure which "focus on hub/groupware" you're talking about. Some groupware features are still horribly buggy and understaffed (e.g. the whole mess of co-existing methods of sharing files/folders with groups – Share vs. Group Folder vs. Collectives/Circles – or the crazy amount of WebDav and CalDav bugs that have been existing for many years), while "AI" (or some other buzzwordy technology) gets all the focus.
As much as I hat to say it, but feature wise it's not very close to being a Microsoft 365 alternative.
Unfortunately, I can only second this. The absolute basic functionality, meaning file storage and access through a browser, works fine. However, as soon as it comes to integration with the various existing clients, things fall apart, and it's not even terribly complicated stuff. For instance, I used Nextcloud to automatically upload photos from my Android mobile, and this has been completely broken for over 2 months now, and nothing is happening (see https://github.com/nextcloud/android/issues/11974). It's pretty clear they simply do not have enough staff to maintain all of the clients, and I'm just rsyncing my stuff now...
Don't get me wrong, I'm thankful for Nextcloud and hope they can survive, but one needs to manage expectations when using it...
If I only would need file sync I'd use Syncthing. But with calendars, adresses, chat, mail, decks, etc. I don't know another solution. Some compromises are necessary: I didn't find e.g. a good note taking app with sharing among members. Chat posts cannot be edited.
So far our AIO based installation worked well enough (with PC, Mac and Android clients). But we do not have a lot of files (yet).
After bad experience with incompetent MS support stuff regarding our (not cheap!) Office retail licenses I also had to manage expectations there: a lot of time wasted, they only wanted to move us to the 365 subscription model, could not help. Somehow I'm not convinced that with MS365 we would have a simple well-arranged flexible system (but just be bound forever).
May I suggest Immich for your photos? I don't have enough experience with it to guarantee it's bug free, but my first impressions are very positive (and I'm not afraid to say that most open source software I try is severely lacking).
Agree. The "reality distortion field" around Nextcloud fans is second to none. I hear it being touted as a replacement for Dropbox, Google Drive, Google Docs, OneDrive, Office 365, etc. Unfortunately it's none of those.
I had the requirement for the same basic functionality and switched to Syncthing several years ago. Haven't looked back: works all the time, every time, and it is much easier to maintain.
I use syncthing and nextcloud. Syncthing just as an easy way to drop things between phone and computer. The ~$5/mo Hetzner nextcloud instance for my Zotero backup, occasionally sharing/soliciting files from friends, and a few not so important backups (that I've been meaning to mirror to b2).
It's basically fine but I can imagine the more advanced features not working so well. It has been on my list for years to add recurring task support to nextcloud tasks but it's a pretty big effort since I'm quite unfamiliar with the stack and there is a decent refactoring needed before the feature can be added.
Hosting files, calendar, and contacts is the primary reason I installed Nextcloud. The other features are just gravy.
It's not the best written, due partly to being written in PHP, but I've not seen anything better out there that you can get for free and you don't have to trust a for-profit entity that's dabbling in AI and violates privacy on the regular.
It was frankly shocking to see such negativity about one of the only projects in that space that is achieving goals.
I really want to like Nextcloud. I had it all set up perfectly earlier this year with their "AIO" setup. Then some upgrade came along and completely destroyed my install, couldn't get the containers to start after that, couldn't figure out how to debug it; seemed like the only way to get it back on its feet was to wipe and start over. I wiped; I haven't started over yet.
Ah, that happened to me, too. Back in June or July. I couldn't be bothered to fix it for months, and it eventually took me a full weekend to get it working again.
Turns out there's some extremely specific weirdness with docker on ZFS. I had to install a userspace FS overlay or something.
But even after all that, I pretty much never use the damn thing. The web interface is the slowest, most bloated and broken thing I've ever had the misfortune to interact with. The desktop and mobile apps have the absolute bare minimum features, and still somehow manage to be broken and unusable.
It sure sounds like a cool idea to glom together your files and email and jira and calendar and everything else into one unified dashboard for your life. But it takes nearly a minute for the web ui to respond to anything. Browsing files takes minutes. And absolutely forget about music or photos, that barely works at all.
At this point, I just use it as a place to blindly dump all my files. I get a notification every. Single. Day. that my backup succeeded, so my files are probably safe I guess. Can't turn off the notification, or filter notifications in general. So I have an unending torrent of useless garbage notifications that perfectly hide any truly important notices.
I had this happen to me as well, though I remember that it was either a docker or snap/flatpak/etc version of it. Got things working but lost a few months of data, likely something I foolishly did while trying to make things work. Stopped using it and went with Seafile for a while - grew frustrated with that and stopped syncing files between computers altogether.
Later on, when I set up an old dell xeon workstation as a home server (using proxmox), I used the turnkey image of nextcloud, and have (knock on wood) not had any issues at all.
Anyway - I wanted to ensure it was fully virtualized this next time if/when this happens again. I have it backing up the base vm once a week (I have the file storage separate/outside of the vm). So... hopefully this doesn't happen again to the degree that it did.
I have been upgrading my then owncloud setup now nextcloud setup for the last 10 years or so almost without issue - most issues I had where back when it was still owncloud. I think I did a wipe back then once. Nowadays even if something goes wrong I know what i can do. For instance i upgraded PHP too soon once and had to manually patch it.
Anecdotal evidence tho. Results vary. I like nextcloud because worst case all a wipe would cost me is a re-upload of my local folders over a couple of hours.
Same here, but it's a big and complicated beast. I never lost data but then with hundreds of thousands of servers out there, somebody is bound to. Even if it's just due to bloody cosmic rays ;-)
No it's due to nextclouds crazy AIO container that creates other containers automatically, and hides the entire process from the user so there's no easy way to diagnose issues.
We can't turn on web server logging? PHP logging? We don't take DB backups? We can't revert to the previous image version? The crazy AIO NextCloud Docker image doesn't store your documents as plain files in a data/{$USER}/ directory that one can always rescue?
"Use the Docker image. It just works!"
Until it doesn't.
I know this will sound very greybeard, but as sysadmins, we can slog through understanding the systems we are running when we set them up, or we can wait until they break to figure them out. You can tell which path a sysadmin chose when they things like, "I upgraded and my containers wouldn't start, so I gave up." Why wouldn't they start? What's in the error logs?
No, it‘s their insane composition of „not-what-docker-was-made-for“ architecture. Their all in one solution is a bastardized version of compose, just give me a compose file with all services you run.
Comments here seem to suggest that Nextcloud isn't worth it. Later today I'm supposed to talk with some folks at IT looking for an in-house file-sharing/collaboration tool that Dropbox/GoogleDrive is (or was, because after GoogleDrive price hikes our institution ditched them). I was going to suggest Nextcloud as a possible option to investigate...
Nah, nextcloud is a reasonable enterprise file-sharing/collaboration tool.
What you are seeing here is a lot of people trying to use it as a file synchronization tool, and discovering that it's bloated beyond reason (because well, it's a file-sharing/collaboration tool) and the file sync functionality isn't even as good as you'll get from specialized tools.
The root problem is that nextcloud started as a file sync tool, and moved into other niche, and never bothered to communicate it.
NC is trying to do a lot, but it's not doing anything particularly well. It feels like their development resources are spread too thin to really polish any of the features. If you just need file sharing, there are some projects that focus on that that tend to work pretty well. I have also tried running NC with OnlyOffice, but that seems to break every two weeks. And even if it works, Google's tools are just so much better. I would even choose O365 over this.
Yeah, you need to run away from Nextcloud as far and as fast as possible.
I made the mistake of recommending it and setting it up for my 10 person team earlier this year and it has only been constant headaches.
Reporting bugs to GitHub is especially frustrating because the devs will just discard them, regardless of how well documented and reproducible they are. There was a mess with its Postgres connection pool where it would quickly run out of available slots if you used Collabora, the Google Docs clone, the devs rejected the bug reports without a second thought although there were many users who reported the problem.
This last hour I've been fighting it trying to reset a user's password, it says that it "cannot decrypt the recovery key".
I check whether the recovery key is enabled for that user, it says "Recovery key is not enabled".
I check whether encryption is enabled, it reports it as "false".
It's by far the flakiest piece of software I've used in 2023.
If you're going to do this, look for a proven stable Nextcloud solution. I followed one of the many guides on the web a couple of years ago to install Nextcloud on Debian, which worked, but the first major update broke it. I couldn't fix it because I didn't know why it broke. You wouldn't want to be in that situation with employees waiting for service to be restored.
Since then, I've been running an always-on Syncthing instance as a "cloud hub" and that's been great, though I doubt it would scale well.
I don’t know… the overall tone seems to be a bit too negative for me here.
I have used Nextcloud at home for years now without issues and we also used it at a large university where it worked just fine (from a user perspective; I don’t know if it gave the administrators nightmares). I do agree that they should invest more time in polish and stability and less in swanky new features that many won’t need, but that would not lead me to discourage anyone from using (or at least trying) Nextcloud.
It'll depend on your requirements. Keep in mind that Nextcloud is the largest on-prem collab platform out there, so more users means more complaints... It is used in huge enterprise and government installations so it can definitely work, but it needs a decent setup. For a small company, use the Nextcloud AIO container I would say. For a big one, get Nextcloud Enterprise (starts at 100 seats) to make sure you get any issues addressed quickly.
I have only been using NextCloud personally with a single user but every instance I set up, there are basic problems like apps freezing, (and GH issue seems to have stalled some 6 months or so ago) and non polished interface really puts me off but since there aren't a better alternative, I use it.
Seafile is a close call if it gets more attention to remove rough edges and a bit more feature but interface looks more polished.
I guess it's fine if you want a widely integrated solution that can do a lot of different things.
I'm using it only for myself, so definitely not representative of using it in a company but maybe my experience helps.
The just working part, at least for me, are the calendar and contact plugins. Never had any issues with those.
File sync with the desktop client works mostly fine on Linux where I use it most of the time. However, I've run into issues with it on Windows. Using the automatic bandwidth limit for example might cause Explorer to freeze. [1]
Also forget about the automatic upload feature in the Android client, I switched to FolderSync for a reliable experience.
I've managed to get OnlyOffice working, Collabora Office previously broke for some reason. However latest upgrade also broke OnlyOffice. The solution for this is to put the secret and authorization headers into config.php in addition to the OnlyOffice plugin settings. [2] No idea why, but that is a thing.
My Nextcloud runs as a normal PHP application and I haven't had any issues with upgrading yet. Going from, I think, version 23 on Debian 11 to 27.1 now on a different machine running Debian 12 since I started using it.
Maybe I should find something more focused on file syncing, but the all-in-one approach of Nextcloud and its various plugins makes trying some new services very easy.
Realize that many people who work for competitor products will bash it here. It is a best of class rather than best of breed solution tailored to organizations who want a secure on prem suite like O365. Some apps are best of breed, but you can find many better alternatives to specific apps. File sharing and collaboration is one of its strongest offerings. I think you will be amazed at all the sharing options available. When you need the tight integration between several apps and central administration, it is a great suite. It changed my life in a good way.
I'm using Nexcloud currently, but an alternative for you to check out for you might be Pydio.
It has a lot of the same features, and generally seemed a little more stable. However, it was a little more painful to configure, and has a few unique terminologies you'll have to get used to. Also it's UI does load faster than Nextcloud, but once loaded, it is a little less snappy.
For the user downloaded client, I found that it works, but is a little less convenient than Nextcloud (no Automatic pinning of the folder, no partial downloads to save space)
You should still investigate it. I've used it since the fork from Owncloud and used to curse how slow and buggy it was, turns out I just needed to admin properly. Its a DB heavy PHP application stack, you need to adjust and tune things appropriately. As to complaints about updates breaking things, you need to have a way to test updates prior to deploying to production, just like any other server based application.
If you are willing to spend some money, rather look at OwnCloud hosting or maybe self-hosting with professional support. While NextCloud just added feature after feature and IMHO bit off more than they could chew, OwnCloud started to rewrite things in Go and improved speed and stability. Also, I hear their support is better.
If I remember well Outlook (or was it Outlook express?) used to do something very similar (speaking of 15 years ago or so), except it was infecting your local PC instead of the web server.
Oh no... Roundube was the top selfhosted email client. Nextcloud is great, but having everything and the kitchen sink maintained within and by it is worrying.
Roundcube is still to be it's own separate project. Besides Nextcloud already has it's own webmail client. I imagine they might make it easier to install Roundcube as an APP though. The the existing implementation (that doesn't work for the latest Nextcloud anyway) requires an existing separate Roundcube installation.
It would be nice if Nextcloud would come in small modules, and one could effectively run only webmail, and add more features in the future on demand. Having everything in one just increases attack surface and makes more work managing it all.
What I would like to have is a small Nextcloud installation (max. 200MB, preferably even smaller) that I can host on a ultra-cheap tiny server. I just need file sync, calendar and contacts. The total size of the synced files isn't much either.
Nextcloud used to be small enough for this, but they kept adding things, bundling word processors and other stuff I don't need, meanwhile making the contacts and calendar optional. I have had to move to a larger server only for this reason, to keep Nextcloud at a supported version.
Does Syncthing have contacts and calendar syncing? Any others? I like having a central server.
For some of the reasons you give, I prefer Owncloud over Nextcloud. Owncloud is less bloated.
I recently set up Joplin notes to sync with Owncloud using WebDAV following instructions on Owncloud's blog [0], it was easy and works well.
I haven't set up contacts and calendars yet, but would like to, eventually. It looks like it can be done with CardDAV and CalDAV [1].
[0]: https://owncloud.com/news/how-to-sync-notes-with-owncloud-an...
[1]: https://blog.evomailserver.com/how-to-sync-owncloud-10-conta...
What is an ultra-cheap tiny server? Maybe a CX21 (6.37 €/mth) at https://www.hetzner.com/de/cloud would fit. There are Docker images and you only need to install the NextCloud AIO. Super simple. Upgrade is also simple (we only did it once and it went through perfectly).
https://nextcloudpi.com might do it for you. I've been running it on raspberry pi 4 with a Samsung 1tb usb3 ssd for a year or two with no problems that weren't solved by turning it off and on again...yet.
I'm fairly certain that you can disable the word processor, as well as a lot of the other "core" features. Or at least I'm seeing a whole lot of "disable" buttons when I look at the list of active apps for my Nextcloud install.
Yes, but they are still part of the package. If you have only 500MB you easily run out of disk space for both the installer and the actual installation. And I think they remain on your disk, ready to enable. There is no easy way to remove them completely.
In the AIO you have to explicitly choose to install them, in the bare metal setup they are not installed unless you choose so when you install for the first time. You're right that Nextcloud has gotten bigger, but Collabora is in no way a default part that you can't uninstall...
Will Roundcube still be a seperated project or will it be included in Nextcloud? If they integrate it to heavily in the Nextcloud stuff I won't be using it anymore. :-)
> Nextcloud Mail will evolve as it is, focused on being used naturally within Nextcloud. Roundcube will continue to serve its active and new users as a stand-alone secure mail client.
I don't think so, as then Web Hosting Panels would loose out. But, you never know.
Note that we're not backed by a a venture capital firm that needs a 10X exit, we're self-funded and have been sustainably growing ~50%/year since we got started. We're over 100 people so paying for 2 developers on Roundcube (tripling the resources being put into Roundcube today) would be trivial for us.
We'll look what users want, what's best for the ecosystem etc, but we're not looking to kill it and if we ever would, it won't be for the money.
Since we're talking about email, contacts, calendars and files, thought it might be useful to summarize what I tried and landed on. Note that I'm only using it for my own personal setup, not shared with a company:
- SyncThing - current solution for some of the filesync I'm doing (mainly personal projects). I have a small server at home that works well as an "always on" client that I can access.
- OwnCloud - used to use it for files, cal and contacts. It's much lighter than NextCloud, pretty easy to setup. I've had corruption issues with the files, which arguably might have been my configuration - and made me leave it behind
- Radicale + infCloud - Used it for a while for contacts and calendar. It's working well, and the API being carddav+caldav, you can use anything you want to sync. The main issue I had was that you can't sent and invite, which is a hassle.
- NextCloud - current solution for calendar and contacts. I'm using it mainly because my shared hosting is providing an instance with my contract, and they handle backups. I don't like the UI much, it's slow and a bit clunky, I mainly use it when I want to invite someone. I don't use files. I tried using their mail solution but never made it work. I'm using Davx5 to sync on my phone, and the carddav/caldav sync on mac. I may be moving at some point.
- Rainloop - very good alternative to roundcube. My only grief with it is that I never figured how to search across folders.
- Roundcube - pretty good, and lots of plugins you can use to make it do what you want.
- Also used a simple SSH + SCP client to do file sync'ing. I'm just hesitant with that, since someone getting access would mean full access to the server.
For a while, Zimbra was the most viable webmail alternative to Outlook. Zimbra was passed around like a hot potato, and I'm not even sure who owns it now.
Sandstorm is an app platform that lets you install various apps within it, but doesn't have a lot of built-in functionality. Nextcloud is more of an all-in-one-kit solution, though it does also have an app store.
It would not really make sense to put Nextcloud inside a Sandstorm app because it is too bulky, but you would need a suite of other Sandstorm apps to do what Nextcloud does.
Very different approaches to a similar thing. Upsides and downsides to each approach.
With regards to security, nothing is perfect but I'm absolutely positive that Nextcloud is ahead of the vast majority of open source projects. And if you know of a security hole, go and collect your USD 10K at HackerOne.
True. I don't know of any other "holistic" project that we could have choosen instead of Nextcloud. One very very important point is the AIO installation method. So easy and no fear to have forgotten something important. -- You saved us from Google (no way) and Microsoft365 (a possibility), thank you!
My biggest gripe with it is the increasing schizophrenia of the UX devs. One thing I _loved_ about Nextcloud was that they paid a lot of attention to making it easy to navigate and use. The newer UX "enhancements" seem to be all about maximizing (useless) whitespace and making every widget as spherical as possible. The calendar UI used to be a joy to use, now it's the most frustrating calendar I have ever seen.
On the plus side, if you're using the docker image, upgrades are a breeze. Just bump the tag on the image, redeploy, and you're done. (It did take a _lot_ of effort to migrating my existing data to the docker container, though.)
I also use Roundcube as my main email client. I've looked at bunches of them, but Roundcube is the closest thing to a web-based Thunderbird that I have seen. Unfortunately, this had a UI "update" too and now practically nothing can be customized the way I prefer. If someone forks Roundcube and brings back the old theme, I will switch to it tomorrow.