WIth these 3 one could do webserving from the same space and the same credentials system.
I expect this for high volume websites not to be a good idea, but a limiter is not too difficult, right? As file.html can not load a stylesheet, image, or JS visualising a CSV file with the current 2 options.
Off the top of my head, I can think of at least two reasons why this is not a good idea. Feel free to disagree.
-
Security: Iâm not a security expert, but I donât even want to imagine the kind of vulnerabilities you might introduce by trying to twist Nextcloud into serving public websites. Thatâs not what it was designed for.
-
Waste of development time: Why should the Nextcloud developers (or anyone, for that matter) spend time twisting Nextcloud into a CMS when there are already countless such tools out there that probably all do the job better and are better suited to this use case than Nextcloud ever will or can be.
That being said, there was a PicoCMS integration for Nextcloud some time ago. Maybe you could try reviving that or building something new based on it: Pico CMS - Apps - App Store - Nextcloud
I do agree with @bb77, concerning the deux points (security and waste of developments). And Security is a major (blocking ?) point for CSS, Scripts and HTML.
Today, when the user double-click on a file, thereâs a default behaviour according to the mimetype. And the download is always available. So letâs keep it working, and this is handled by the app managing the mimetype (like drawio, pdfviewer, mindmap, epubviewer, a.s.o. âŠ).
Concerning PicoCMS, iâve tried it, but itâs really buggy, not very updated, and i find this concept not very usable. (Except building a formatted template for all nextcloud users from the platform).
Let me rephrase, because mixing your personal files and serving an actual website is indeed not a good idea. What was actually behind my question was how/where to combine:
(A) People like having 1 place to have all their files, for which NextCloud looks super
(B) The separation of concerns by combining several web technologies over several files is only possible with HTTP-header Content-Disposition:inline, enabling a way of cooperating (with just your colleaugues you give access) beyond unconnected files.
Would a limited instead of no (B) make sense? Iâm hoping to get people experience the power of the web and right after get them to ask for a dedicated webserver. The other way around holds people in âpaper thinkingâ and theyâll never get someone in IT/management to decide theyâll get a webspace.
Iâm not trying to get NextCloud extra work (customers, yes), but I am trying to have users experience different things.
I think, web applications are already a security nightmare, even without people thinking further outside the box than web developers already do on a daily basis.
So my answer woud be: no!
That said, to be honest, Iâm not entirely sure what you mean by (B). Why not give a few concrete examples of what youâre actually trying to achieve? That way, maybe some of the developers here can offer some ideas on how it could realistically be implemeted, while still keeping the IT managers happy.
@steltenpower
Unfortunately, I did not fully understand your concerns. Basically, trying to build a website from components of Nextcloud is not expedient. You can attach a /download
to each share and thus integrate the objects more easily into websites. But thatâs not really nice.
What you can do, however, is link to public shares on websites. This makes the website look more dynamic. You can also use different links to structure the data well. By using upload, read-only, edit with or without a password, you can make the website more dynamic. The website itself does not change. But the content of the linked Nextcloud shares.
@steltenpower, iâm not sure to understand (like some others apparently ), you would like to have yours users having the freedom to create some web sites/spaces using Nextcloud facilities (eg shared files, pictures, documentsâŠ). The Nextcloud interface is really not re-usable out of Nextcloud. It is nice to use in a Nextcloud app. That could be the first solution, but considering the security point already mentionned previously, this could be envisaged in a component usage way or a quite static web pages app. The second solution could be to use Nextcloud as the repository accessible from your web application. Either you could use complex application environment as Drupal (https://www.drupal.org/project/nextcloud_dam) or the classical Wordpress framework (How to connect WordPress with NextCloud media), or the very useful and adaptative Yeswiki (GitHub - YesWiki/yeswiki-extension-nextcloudconnector).
There are a lot a Nextcloud connectors for web products. Or it could be developped (or improved easily, with the webdav protocol provided by Nextcloud).
Has anyone actually tested these connectors for security? I mean seriously, the more endpoints an application exposes, the greater the risk of a breach, and if thereâs a vulnerability in just one part, the entire system might be compromised.
I find it always amusing when someone casually claims that something is âeasyâ to develop. If itâs so easy, why doesnât it exist yet, or why not do it yourself?
But seriously, is it possible? Sure, everything is possible. Is it easy to do? Iâm not a developer, but it probably is, after all, the entire web stack is already in place, and Nextcloud already serves âwebsitesâ, so yeah, it seems doable. Can it be done securely? Probably also yes, but then itâs likely not quite as âeasyâ anymore.
But at the end of the day, it also comes down to resources. Even if something is relatively easy to develop, thatâs not where it ends. It still needs to be tested, maintained, and kept compatible over time. Nextcloud is a relatively complex and fast-evolving product, which means that the maintenance effort for an extension like this would be quite high.
So unless thereâs strong demand from paying customers, this is probably something the community would have to build and maintain, rather than something that would be integrated by the core team anytime soon.
I guess so. These products are public. And using the webdav protocol implies an authentification and a standard API with user rights and restriction. Of course, there always a possibility to have a security breach. But probably as Nextcloud itself.
In general, I do it myself. I develop on Nextcloud for more than 5 years now. Iâve wrote about 10 apps. Some are public and some are not. And I contribute on many applications.
So, when I say âeasyâ, I mean that it is easy for a Nextcloud developer. When itâs complicated, I say complicated (see in others exchanges with me). And we are in the âdevelopmentâ forum.
And so, for these developments, either you can develop it, if youâre a motivated developer (with at least PHP and JS stack), either you require a freelancer (as I) to do it on the Freelance forum, either indeed, you put a candle in a church, pray and wait for it .
Alright, then you clearly know a lot more about this stuff than I do, and you probably also have a much better understanding of how Nextcloud works, both as a company and as an open source project. So you probably have a clearer idea of whatâs realistically possible and whatâs not, both from a technical and an organizational perspective.
So if you say itâs relatively easy to do, then I guess someone just has to go ahead and do it.
If I needed to serve a website, it would depend on the purpose, but Iâd definitely use a dedicated tool for that. It doesnât have to be something complex like Joomla; if all you want to do is share a few static sites, files and/or photos, there are much simpler options.
By the way, whatâs wrong with just sharing things via Nextcloud as it is? Or maybe using Nextcloud Talk, which can already function a bit like a micro blog.
But yeah, I think weâd really need to know what exactly @steltenpower is trying to achieve hereâŠ
Just a small addition:
I get the impression that a lot of people have only just managed to get a Nextcloud instance up and running and now think, âHey, all my files are already hereâwhy isnât there a magic button that creates a public website for me?â Or they want to use it as a kind of digital asset management system for their website.
A lot of people seem to confuse Nextcloud with a hosting platform, when in reality itâs more of a self-hosted alternative to Google Workspace or Microsoft 365. And letâs be honestâyou canât do any of those things directly in Google Workspace or M365 either.
As you rightly said, those kinds of use cases are usually handled by external tools that connect to Google or Microsoft via APIs to access certain data and then use it on a website or do whatever else with it. And letâs not forget: many of those tools and services used in eneterprise environments usually costs a ton of money, in addition to what you already pay for Google Workspace or M365.
But I donât think thatâs what the OP wants. It sounds more like they expect Nextcloud itself to offer all those features, through built-in apps or tight integration. And in my (completely unqualified) opinion, thatâs definitely no longer something thatâs âeasily doable.â
Have an HTML file that loads a JS file that loads a CSV file (each accessible by URL, the last 2 with a relative URL) and creates a visualisation, where only the people that were given access (through the usual NextCloud ways) to all files, actually get to see a working visualisation. This way the person making the visualisation (a coder) receives and puts in the URL of the data once (from a more general user, for whom saving their spreadsheet as .csv is still doable), and sends back the URL of the visualisation once. The data can afterwards be updated independently, no further communication needed about a new version of the data. A âseparation of concernsâ.
When you have these files all locally on your machine it wonât run, because theyâre in a different security context then. Many years ago I actually wrote a browser extension that worked on a network drive you could access through your browser, for which it then set the HTTP-header Content-Disposition to âinlineâ, to make it work. Maybe this would be possible on NextCloud also, but from a scalability, security and maintainability perspective that doesnât look like a very attractive route to go.
That is the background of my question.
Giving capability to load any js and build any HTML is still a bad idea, considering the security aspect. If it all âout of nextcloudâ. I donât see the point to make it in Nextcloud. On the other hand, the CSV could be uploaded in Nextcloud storage, and an app could help users to build visualisations. Either the app could be so written, if itâs a recurrent purpose. Or find one that feet almost your needs. Either it could be enough for you, either the target you have in mind is not so far by improving this app. Did you have a look on Analytics ?