The last discussion on this topic got closed because whoever didnât like it, so I created a new one regarding the question at hand. So itâs not a conspiracy. Its actually the exact opposite.
Surely the purpose of community forums is to hear from the community, take input and maybe add suggestions to a backlog (which can be made low priority if whoever makes those decisions sees fit) but donât just dismiss and/or close down suggestions/dialogue.
I didnât say it was a conspiracy, I said InsufficientlyGeek sounded like a QAnnon conspiracy theorist. Thereâs a big difference there.
InsufficientlyGeek claimed âthe powers that be donât like too much truthâ, and went on to assert Communist China is maintaining Nextcloud so they can overtake our data. InsufficientlyGeek is either a troll, or has serious mental stability issues.
Now, your post here wasnât very clear, Iâm not sure what you want, or what youâre asking for. When bb77 asked for clarification, you stayed relatively silent and let InsufficientlyGeek speak for you (âthe issue is fueled by an elitist and judgemental attitudeâ, and âyou donât know what my hosting plan isâ while giving vague and non-specific details so they can can keep evading).
After InsufficientlyGeek spouts bullshit a couple more times, you pop up saying you â100% agreeâ with them, then go silent again. You provide no further detail of what you want or what your issue is, other than upgrading Nextcloud is a âminor convenienceâ. Uh, ok.
Once I called InsufficientlyGeek out for being irrational, you jump in claiming the topic was closed last time because âwhoever didnât like itâ. Could it have been because there was no real issue brought up? You didnât provide any explanation of why you need to enforce HTTP/2, or why it isnât, what the benefits or trade-offs would be, or anything. I donât know what your issue is.
And you still havenât explained or addressed it. You instead wax lyrical about the âpurpose of community forumsâ. Could the problem be the lack of communication skills of people like you and InsufficientlyGeek, rather than any inherent issue with Nexcloud or the purpose of forums?
2 Likes
Iâm probably assuming people read the prior thread (with the same name minus the â2â) which I acknowledged is probably lazy of me.
In my head itâs become a general gripe than the general attitude/answer is that Nextcloud is only for people not using shared hosting. I donât want to run my own server, do my own backups, ensure my power supply is secure, my network is up etc. I want people who are professionals to do that sort of stuff and thatâs what shared hosting provides. I want to leverage IaaS/PaaS not run a server in my basement but then devs (or whoever responds to posts here) seem to want to support enterprises with enough resources to support on prem infrastructure or techies who know enough and have the time interest, knowledge and knowledge to manage the whole shebang. Iâm in tech but am not a programmer/admin and can just about do what is necessary to install and maintain a Nextcloud install but if it was a little easier Nextcloud could penetrate further (if thatâs the goal)
In any case, I sense this is a futile discussion. I do appreciate those that develop Nextcloud and provide a free alternative to Google, Dropbox et al.
In most threads about shared hosting, workarounds are suggested. But the questioners donât want to hear them and prefer to hang on to side notes. And yes, those who reply to these posts, sometimes mention that Nextcloud is not suitable for shared hosting and that shared hosting is not a priority for the Netxloud devs. I donât even know if thatâs true. But these answers also come from the fact that most of these questioners already show in their initial post that they are not really interested in a solution, but rather just want to complain.
Most limitations of shared hosting can be worked around somehow, but not always with a one-klick solution for everything. But for example whatâs the big deal, when one has to backup the .htaccess file before an update and/or re-add a few lines to it after an upgrade. This takes five minutes of that persons time and I wouldnât say that Nextcloud is unusable on a shared host because of that. Btw. maintaining a manual installation is way more time consuming.
1 Like
The clearer the question, the better the answers. Does Nextcloud really have a fundamental problem with the implementation of the HTTPS/2 protocol?
On the other hand, do you have concrete statistics by hand on the installed base of Nextcloud? I see hundreds of requests here on the forum regarding shared hosting, so it seems to be a very common variant after allâŚ
So what are you specifically talking about here in this thread? There is no fitting-all solution, each installation approach has advantages and disadvantages. You have to cope with that or look for better alternatives, either by switching to a product that meets your requirements better, or by a concrete and constructive formulation of improvement suggestions by submitting enhancement requests to the development teams. This is how it works. My 2 cents.
No it does not. Works perfectley fine on my instance. (manual installation in a VM)
The problem on a shared host is, that you often cannot configure the main apache config or VirtualHosts. Your only chance to configure things is the admin panel of your hosting company and the .htaccess file, which gets overwritten during a Nextcloud upgrade. Also if you donât have command line access you canât run PHP scripts like the Nextcloud OCC commands. At least not in a direct and easy way.
Besides, various things like HTTPS, HTTP/2 and HSTS (coming from the other thread OP refers to) have been mixed up here.
I know, this is exactly how Nextcloud behaves on shared hosting, so you have to deal with it if you are on such a solution. Therefore, Itâs not a fundamental problem of âhow to enforce HTTPS/2â on Nextcloud, this is well known, also with directives that can be applied really easily by instance owners of sharing host installations.
It is a platform restriction like others. My suggestion in this case is to place a corresponding enhancement request for Nextcloud proposing modifications to fitting better on a shared hosting environmentâŚ
Yeah I suppose they could at least to some extent. But this is better suited in a feature request on GitHub. The forums are primarly here to help with the existing solutions. But I guess if you want to discuss this constructively, without the demanding tone that some others have on it, you certainly can do that in the forums too and no one would have anything against it. However, certain things canât be solved by Nextcloud or would severely limit the functionality and feature setâŚ
-
HTTPS / HSTS / HTTP/2 are things that the web server does and not the application. So the hosting companies would have to offer appropriate solutions. And if I remember correctly, I could configure at least HTTPS and HSTS in cpanel years ago at my former hosting company.
-
if they for example would omit OCC and similar things, you would gain nothing, they would then simply optimize the product for the lowest common denominator.
-
In theory, it would certainly be possible to run at least some of these scripts from the WebUI. But I also trust the devs, that there were good reasons not to integrate such things to the WebUI, other than âlazinessâ as some here claim. Things like security considerations for example. But this has been discussed several times on GitHub. Feel free to search for those Issues there or open a new one, if you have specific and constructive suggestions.
2 Likes
pls link the source if you claim something like that.
[update: it seems to be this one How to enforce HTTPS thanks @DarkSteve pointing me into the right direction for which reason ever TS couldnât relink this themself]
you got that wrong. Since you could try and run NC wherever and however you like. Apart from the recommendations on how to run it best itâs just not âsupportedâ. So you more or less need to deal yourself with the problems that arise from trying to run it on an unrecommended environment. Thatâs all.
I mean, assuming you come from the windows world, you could try and install windows to your smart-fridge or your car or your smart-tv or wherever. Maybe you would succeed. But youâd need to deal with the problems yourself arising from that. Itâs not a problem caused by MS. Though, of course, you could try and held them responsible for it and complain about it in their forums.
Exactly that. Thank you.
@all could we get back to the initial question, please?
4 Likes
Ok, I get it now. Because you have no interest in tech, you didnât realise you were asking a completely different question that you thought you were.
You want to enforce TLS, you want to make sure the Nextcloud URL is using https:// before the domain (e.g. hives.nexcloud.net). Is that right?
Hereâs what happened. You didnât link to the previous thread, so nobody here had any context. You then added a â2â to the title, which fundamentally changed the question.
HTTP/2 is a standard that is supported by about half of the top 10 million websites, and itâs supported by all the major browsers. Everyone here thought you were asking how to enforce HTTP/2.
HTTP/2 is a 2015 update to the HTTP/1.1 protocol (1997). HTTP/2 provides compression, pipelining, and lower latencies compared to HTTP/1.1.
Neither TLS or HTTP/2 are Nextcloud questions, theyâre web server questions. Which is fine, we try to help people with that, too. But we canât help you tweak your web server when you donât have one. This is up to whatever online service you use.
HTTP/2 is a configuration option I can tick before compiling Apache (which I did on my machine). The idea of âenforcingâ HTTP/2 doesnât make sense, since itâs a protocol the server makes it available, and itâs up to the browser whether or not it takes advantage of it. This is why everyone was asking you for further information, which you refused to provide.
If only you had answered bb77 honestly, you might have resolved this days ago. Had you answered honestly the first time you posted this question, you probably wouldnât have need to post the same broken question a second time here.
This forum is for the support of Nextcloud, itâs not the tech support of some random PaaS internet service. If your chosen Platform-as-a-Service doesnât provide basic TLS/HTTPS support, then contact them about it. How the hell are we supposed to fix their service for you?!
You have virtually no understanding of how the internet works, how PaaS works, and you have absolutely no interest in understand or learning. Combined with your inherent conspiracy/persecution mindset and lack of communication skills, youâre going to continue struggling for quite a while!
Oh, and I have a spare bedroom, my âcomputer roomâ, where my Nextcloud server runs, I donât have a basement. (Nice jab, by the way.)
You are not in tech. Playing PS5 does not mean youâre âin techâ.
I mean, really, you couldnât even post a coherent question about TLS. You then let the nutter InsufficientlyGeek speak for you because you didnât understand how the internet works, and then you get your nose out of joint because we canât fix some random PaaS that you didnât even name. (Seriously, there may have been someone familiar with it who could have told you how to enable TLS in a control panel or something.)
You know, you could be honest instead. You could admit when you donât know something, you could provide additional details when asked. Iâm thinking the biggest issue impacting your communication skills is your pride.
You feel some need to pretend you already understand, and itâs Nextcloudâs fault you arenât getting what you want. You claim to be in tech, but donât understand how PaaS works, or how TLS/HTTPS works, or how web servers work.
You even use the lazy 90s stereotype of nerds running servers in a âbasementâ.
This discussion was futile for you because you donât understand what HTTPS is, resulting in your question being about a completely different protocol. You refuse to learn, meaning you refused to actually clarify your question or provide further details when people in this forum actually tried to help you.
Your pride is toxic, dude. You posted your question with an inherent bias in the framing. âWhy is Nextcloud suppressing my desire for security?!?!â You seem oblivious to the fact that Nextcloud, by default, will complain if you donât use HTTPS. If your chosen PaaS has that disabled, itâs probably because they want to charge you extra for TLS.
You know, people run Nextcloud on a Raspberry Pi? Not exactly âprem infrastructureâ or a âwhole shebangâ. But since you arenât in tech and donât understand how any of this works, I guess this is a surprise to you.
(Oh, a Raspberry Pi is a tiny ~US$50 computer, used by people in tech.)
You have this bizarre mindset, tech is about âprem infrastructureâ, the âwhole shebangâ is basically impenetrable and incomprehensible magic. And itâs Nextcloud that is hiding the truth. Nextcloud is a puppet of China, making sure youâre insecure so they can harvest your precious data.
You pride is something else. It makes you look like a fool.
1 Like
Good idea!
Actually, I just wanted to ask a simple question about best practices. It was not my intention to start such a fundamental discussion.
After this discussion, I can clarify my original question:
How to sustainably enforce the HTTPS protocol of a Nextcloud installation at a shared hosting provider?
From the discussion so far, I take the answer: you canât!
The possible suggestions so far are:
- switch to another provider,
- accept that this security setting is deleted again after each upgrade,
- or forget Nextcloud and look for another software.
All not satisfactory - but now I know where I stand.
Thanks, Friedbert
well ⌠Iâm afraid saying of course you can.
it just comes with some more work for you ⌠which might be not acceptable for you. But thatâs not a NC problem.
Itâs a problem of your platform.
1 Like
Yes! If that happens, you can just paste the lines again to .htaccess file and you should be fine. This is a little extra effort that should not take more than 2 minutes of your time after an upgrade. I would call this a small inconvinience and not a deal breaker.
This would be an option in the long run if this inconvinience really annoys you that much.
1 Like
Of course, you are right - somehow it works.
But only if at least one of the requirements from my question is ignored.
I will adjust the configuration file again after each upgrade and hopefully never forget it - but I think that violates my requirement for sustainability.
How do other solutions deal with this problem? Is there already a commonly accepted standardized procedure in place? How do you propose to solve/circumvent this inconvenience/limitation of running Nextcloud on shared hosting platforms in concrete terms?
Yeah well I use a manual installation of Nextcloud which leaves me with a few more things I have to care about. But that was of course my own choice. But ultimately, when you host things yourself, you always have to stay on top of things and in some situations you just have to do certain things manually. Especially with complex applications like Nextcloud, things can change from time to time and there is not only one way to do things. And at a certain point of complexity, there is no way around documenting configuration changes in order to remember everything. You could write a checklist for your Upgrade process, where you als include your changes. Then you can just copy and paste the lines and you are not at risk of forgetting something
1 Like
itâs not a general limitation from nextcloudâs side⌠it just depends upon your specific share hoster. there are apparently some causing no problems.
1 Like
It is clear to me personally that in principle this ISNâT a Nextcloud limitation - unless there is a generally valid procedure how to handle such cases on a share hosting platform, only then I would see Nextcloud in the obligation to apply it.
You should actually be glad that your posts have been hidden and if I were you I would delete them myself.
Statements like thisâŚ
âŚare prove that you donât seem to understand fundamental things about how open source projects work or the world in general. You are talking about freedom and censorship, but at the same time you want to tell other people how they have to manage their project and what features they have to include in their project. Open source means that the code is freely available, that you can fork the code and make adjustments to it, you can even get your self involved and contribute to the project etc⌠But it does not mean that the developers work for you or that they are obliged to customize their product according to your personal wishes.
@InsufficientlyGeek
After having received an official warning to watch your language and after having been silenced for a few days you now are silenced for a bit longer due to inappropriate language in your postings.
BTW: as I already said in another thread: of course you can get your critique out⌠but
- you donât do that by capturing another thread. If you have something to tell open a new thread.
- you do watch your words and donât insult anyone.