Automatically update Nextcloud automatically (Warning)

The program has been working smoothly for me for several months now. However, anyone who is capable, please enhance it to make it even better.

Thank you sincerely,

Why on Earth would I want to do that?

If there’s an issue, if an app breaks, if the update fails in any way, I want to see it so I can fix it. I don’t want an update without my supervision.

If a transfer is in progress, or if a user is writing a note, the last thing they need is for Nextcloud to drop out to update. You’re just asking for trouble.

You’re not filling me with confidence.

Thank you for your information.

I’m sharing the method that I am currently implementing. Who knows, someone might need it.

And of course, there will be people who do not need it.

That is normal.

I also make it clear that if someone finds the code inadequate, they can improve it.

I not only automatically update Nextcloud, but also everything like WordPress, Xenforo, Discourse, renew ssl etc. I have set them up for automatic updates.

The problem here isn’t so much that you want to do it automatically, but you’re making it cumbersome and extremely insecure. No database dump is created and no other backup either and that per cron. Your instance is not set into maintenance mode during the update. Steps are performed that are not needed at all! It looks like a typical chat-gpt mess.

Nextcloud comes with its own update script that you should use:

sudo chmod +x updater/updater.phar

updater/updater.phar --help
Description:
  Updates the code of an Nextcloud instance

Usage:
  update [options]

Options:
      --no-backup       Skip backup of current Nextcloud version
      --no-upgrade      Don't automatically run occ upgrade
  -h, --help            Display this help message
  -q, --quiet           Do not output any message
  -V, --version         Display this application version
      --ansi            Force ANSI output
      --no-ansi         Disable ANSI output
  -n, --no-interaction  Do not ask any interactive question
  -v|vv|vvv, --verbose  Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug

Help:
  This command fetches the latest code that is announced via the updater server and safely replaces the existing code with the new one.

This determines whether all requirements such as php version etc. are met and makes a backup in a secure way. You can do it without interaction (for your purpose) but i would never advice to do so.

You should do your updates on the console and create aliases for your automations, one for pre-update-steps (database dump and backup) and post-update-steps (fix all integrity tests, create missing indices, check if all services like notify_push etc. are up and runing)

Then you should never start using automations when you do not have created the revert script as well. So before I perform an update, I create the backup and with an other atomation I am able to revert everything to that snapshot-state, so that if something goes wrong, I am able to revert to my old state.

I am using my cloud server, because I want to get rid of oldschool mail. Why should I look in my mailserver for the results of an update?

As you hardly could oversee, I am not impressed by this script and I want to extremely discourage its use and will not give any support for those, who thought it might be a good idea to shoot in his own foot with it.

much luck!

I’m not so sure about that either, because I think it’s generally not a good idea to upgrade a production instance to a new major version on the first day after a release, and yes, you definitely shouldn’t do it without having a full backup.

Thank you for your feedback.

I hope that one day there will be a script or a secure and comprehensive method for automatically updating this from someone.

I just showed you, didn’t you see?
It already exists!

Thank you very much. So all I need to do is to run this command daily for it to automatically update, right?

sudo -u nginx php updater/updater.phar --quiet

Thank you for your assistance.

Thank you very much. I’ve updated.

Screenshot 2023-08-21 202614744×100 2.73 KB

Screenshot 2023-08-21 202242692×200 4.02 KB

your own words:

If you want to run this by an automation like cron, than you need the --no-interaction flag and not the --quiet flag, since you need the echoes for your logfile (or the mail you want to send) to know if it succeeded or not and if not, why.

Always wanting the latest version is a very bad strategy. Proper Windows mentality. In the server area, there are sometimes very specific versions that you want or need and therefore you should avoid automatic updates if possible.

Scripts for update yes, but never by daily cronjob.

much luck!

Thank you very much. I’m just trying to follow Nextcloud’s recommendations.

Privacy does not exist without security.

Our recommendation

We strongly recommend to keep a private cloud server constantly updated. Servers not running the latest security update in a supported release series are often vulnerable. You can find new versions here for Nextcloud and here for ownCloud. Nextcloud strives to make upgrading a safe, easy and painless procedure. As a result of these efforts, for users running PHP 7.x and a current version of Nextcloud, there is no need to re-enable apps upon upgrade and users get notified of new versions of apps as well. More improvements are coming! You can learn why and how to upgrade to the latest version of Nextcloud in our earlier blog.

We further recommend to read our Security Hardening Guide and follow the instructions there.

There is not mentioned, to run upgrades by cron without interaction!

You can perform a daily cronjob with this command:

occ update:check

and send the response-message to your mail or a pager of your choice (I use signal with signal-cli to get all important server messages on my mobile phone)

As soon as there is an update available, you are informed and can decide weather you want to apply it imediately or if you prefer to whait, until all your apps are supported or until a second bugfix release.

much luck!

Thank you very much.

Is there a way to send notifications via Telegram?

The system reports like this:

Screenshot 2023-08-21 212708790×212 5.08 KB

Then the updatenotification-App might be disabled on your instance. That is strange, because it is a shipped app, and it is enabled by default. So you must have disabled it somehow or it is broken because of your insecure update-procedure (if you have run it already).

   App-Id          updatenotification
   App-Name        Update notification
   Summary         Displays update notifications for Nextcloud and provides the SSO for the updater.
   Categories      monitoring
   App-Version     1.17.0
   Repository      https://github.com/nextcloud/server
   Issue-Tracker   https://github.com/nextcloud/server/issues
   NC min/max      27 / 27
                   Shipped (included), default enabled App
   Appstore-link   This app is currently not published in the Nextcloud app store.

Run

occ app:enable updatenotification

that should fix it.

Much luck

Thank you very much. It worked like this:

@ernolf

(I use signal with signal-cli to get all important server messages on my mobile phone)

Could you please kindly guide me and everyone else on how to do this? Thank you sincerely.

I would like to refer to the link I gave here. There are all the necessary man-pages and even a WIKI with sample scripts.

Maybe I’ll do a how-to on occasion, but that’s not very Nextcloud related anymore.

Nextcloud has its own services that brings messages to your mobile phone about everything. Simply install the Nextcloud Android app and the “Nextcloud Services” app from the Droid Appstore. Then you can use the notification app (enabled by default) to send your server messages to the nextcloud notifications, which are then visible everywhere, in all clients.

Here is a thread where that is explained
and → this is a great example script ← from how it works. You can learn a lot from the latter.

Much luck!