Hi, I installed Nextcloud using Cloudron and I noticed they have this warning on their Nextcloud page.
We do not recommend installing apps in Nextcloud unless absolutely required. Maintaining such systems is a security hassle since you need to keep them up-to-date. Apps often break when Nextcloud is updated and you have to know how to fix them. Finally, Nextcloud apps are not run sandboxed. This means that a faulty plugin might compromise the whole app and also not make the app work at all. Nextcloud apps also write into the same database as the main application which might result in unintended data corruption.
For the above reason, extensive use of Nextcloud plugins is highly discouraged since it will eventually break your install.
I have a lot of Nextcloud apps installed and I want to use them heavily. I don’t see anything in the Nextcloud docs about having trouble upgrading when apps are installed. Is this something I should be concerned about?
Hi @ryanb, this warning is right.
If you upgrade your instance and activate apps which have no compatibilities with the version of nextcloud, there may be issues that cause nextcloud malfunction or go down. When you upgrade your nextcloud to a new version and applications doesn’t have versions that are compatible with the new version of nextcloud, the nextcloud will normally disable them in order to limit such issues.
That seems reasonable. I would expect to have to make sure apps are compatible with new versions of Nextcloud. I don’t think I should avoid installing Nextcloud apps because if that. I’ll just turn off automatic updates and check versions before upgrading. Thanks!
Hum, i think we should relativate that warning a bit. That sounds to me more like a very fat:
We don’t want to give you any support for apps, so better don’t do it!
I think that Apps, their different functionalities and therefore the feature to customize your Cloud are one of the key-features of the nextcloud-ecosystem. Some of the apps are even developed by the core developer-team of Nextcloud GmbH, therefore beeing more or less ‘core-’ features of Nextcloud, that can be dis-/enabled. So i would even say a ‘Nextcloud’ but without apps is only half a Nextcloud. Therefore that warning is definitely a bit too hot.
- Of course. Sometimes it happens, that an app breaks the cloud and one has to care for. But that is not the usual case. Typically releases are tested to a reasonable amount and work in (at least!) their basic functionality. And in case one really finds a larger issue, typically disabling the app makes the cloud usable until there is a fix for the single component. Cloudron does even provide the occ command for this. (With the occ-command one could destroy much more, than by just installing apps!)
- Checking compatibility is definitely a good start. Sometimes waiting one or two weeks until updating might additionally help to avoid larger issues.
- Concerning the database - Yes, Apps write into the same database as the core system. But typically they write into separate tables and the risk for an app to destroy the whole database is really not that big thing.
So - all in all. Yes, apps need some extra care and therefore usage without thinking might create troubles. But it’s in my opinion by far not that hot, as the warning tries to suggest.