Menu Configuration-Reference for Backups, Config, Networking, Security, System, Tools, Updates

BACKUPS

nc-backup-auto

Perform automatic backups.
How to enable:

  1. Navigate to nc-backup-auto in the TUI or the WebUI.
  2. Change ACTIVE to yes.
  3. Change DESTDIR to a desired location for the backups.
  4. Change INCLUDEDATA to yes (optional), to backup your data as well.
  5. Change BACKUPDAYS to the number of days to perform the backup.
  6. Change BACKUPLIMIT to the number of backups to be kept. If limit is reached, then the new backup will replace the older one.
  7. Click Run or Start.

nc-backup

Perform a manual backup.

How to configure

  1. Navigate to nc-backup in the TUI or the WebUI.
  2. Change DESTDIR to the desired location you want your backup to be.
  3. Change INCLUDEDATA to yes if you want the NextCloudPi data included in the backup.
  4. BACKUPLIMIT sets the maximum number of backups.
    If the limit is reached the new backup will replace the previous one.
  5. Click Run or Start.

nc-export-ncp

Export NextCloudPi configuration

Note : This exports the settings only from NCP.
No NextCloudPi data, database or custom system configurations are included!

How to configure

  1. Create the directory where you want the NCP settings to be saved.
  2. Set export directory path.
  3. Click Apply

nc-import-ncp

Import NextCloudPi configurations

Note : This imports only the settings to NCP.
No NextCloudPi data, database or custom system configurations are included!

How to configure

  1. Set import file name and path.
  2. Click Apply

nc-restore

Restore a previously backuped Nextcloud instance.

  • If the data folder of Nextcloud was not included in the backup:
    After restoring, edit /var/www/nextcloud/config/config.php and tell your NextCloudPi instance the path where the data is in the 'datadirectory' => /path/to/nc-data section.
    After that run nc-scan to make your NextCloudPi instance scan for any externally added files and add them to the database, making them visible again. ```

  • File :: config.php

    ‘datadirectory’ => ‘/path/to/nc-data’,

    ‘logfile’ => ‘/path/to/nc-data/nextcloud.log’,

nc-rsync

To get the rsync connection between NextCloudPi and a backup-server working you need to complete two main tasks :

  1. The backup-server needs to have a user.
    This user needs diskspace, permission for ssh-autologin and the permissions to use rsync.
  2. On NextCloudPi, root needs to be allowed to ssh-autologin to the user of the backup-server.

Step 1: Please check what you need to do on your server side.
In case you use a Synology NAS (DiskStation, RackStation), you need to enable ssh (Control Panel, Terminal & SNMP), give the user - which you use to backup the data - administrative access (Control Panel, User), and enable Rsync (Control Panel, File Sharing, File Services).

Step 2: - Login to your ncp on the terminal

  • Change to the root user
    sudo su

  • Go to the root of your device’s filesysstem. ( root == " / " )
    cd ~

  • Follow the steps in the following article to set the auto-login of the root user: SSH login without password
    (a: root user, A: the IP of the ncp, b: user at the backup-server, B: IP of the backup server)

  • Make sure that ssh-access works for the root user to the backup-server

After these steps you should be able to backup your data with rsync between the ncp and the backup-server.
Test this with the following command:
rsync -e 'ssh -p 22' -av /home/pi/ b@B:/path/to/your/backup/

If this works check the following next command:
rsync -e 'ssh -p 22' -aAv /home/pi/ b@B:/path/to/your/backup/

If this also works (A means ACL-support) then you are fine.

If this gives and error message (ACL not supported on server) then you need to either enable ACL-support on the backup-server-side or you need to tweak the ncp-script in:

/usr/local/etc/ncp-config.d/nc-rsync.sh
and
/usr/local/etc/ncp-config.d/nc-rsync-auto.sh

and remove the A-option in the rsync-command of the script (this counts for ncp version 0.64.2, the ACL option might be dropped in later versions, please check).

nc-rsync-auto

See comments on nc-rsync.
This lets you automatically schedule the rsync process every SYNCDAY.

nc-snapshot-auto

Automatic btrfs snapshots.
See How to backup and restore using nc snapshot

nc-snapshot-sync

Automatic btrfs snapshots sync to external drive or location

nc-snapshot

Manual btrfs snapshots

nc-snapshot-restore

Manual restore a btrfs snapshot (coming shortly with upcoming update from current 1.6.3) - - - - - -

CONFIG

nc-admin

View or (re)set password for the ncp user, default adminstrator of the NextCloudPi web interface.

nc-database

Enable if you want to change the Nextcloud database location (e.x. to a usb drive).

Note : Non-Unix filesystems such as NTFS are not supported because they do not provide a compatible user/permissions system.

You need to use a USB drive that is permanently on and is responsive or the database will fail.
If it ever fails with a white page, move the database back to the SD

How to configure

  1. Navigate to nc-database in the TUI (CLI) or the WebUI.
  2. Change DBDIR to your new database location.
  3. Click Run or Start.

nc-datadir

Change the data folder location of Nextcloud.

Note : Non-Unix filesystems such as NTFS are not supported because they do not provide a compatible user/permissions system

How to configure

  1. Navigate to nc-datadir in the TUI or the WebUI.
  2. Change DATADIR to your data location.
  3. Click Run or Start.

nc-httpsonly

Force secure connection using HTTPS.

How to enable

  1. Navigate to nc-httpsonly in the TUI (CLI) or the WebUI.
  2. Change ACTIVE to yes.
  3. Click Run or Start.

nc-init

Re-initiate Nextcloud to a clean configuration.
Your configuration, users and data will be lost.
Make a backup before proceeding.

nc-limits

Configure system limits for NextCloudPi.

Note : that MAXFILESIZE can be at maximum 2G, if your NCP-installation is still on 32Bit OS. Since 2021/2002 NextcloudPi images are setup for 64Bit OS).

How to configure

  1. Navigate to nc-limits in the TUI (CLI) or the WebUI.
  2. Change MAXFILESIZE to the desired maximum file size (
  3. Change MEMORYLIMIT to the memory limit you want (default=768M).
  4. Click Run or Start.

nc-nextcloud

Download and install a specific Nextcloud version, beware that this destroys any existing instance. You need to run nc-init after completing nc-nextcloud, to take care of setting up the database and all the cron jobs.

nc-notify-updates

Get notified for updates (Pending or Installed) through the Nextcloud notification system.

How to enable

  1. Navigate to nc-notify-updates in the TUI (CLI) or the WebUI.
  2. Change ACTIVE to yes.
  3. Change USER to the user you want to be notified (default=admin).
  4. Click Run or Start.

nc-passwd

View or (re)set password for the default admin user ncp for NCP-web at localhost:4443

nc-prettyURL

Set pretty URLs (no index.php extension in the URL)

nc-scan-auto

Periodically scan NC for externally modified files
Set the time in minutes in Scan Interval.
If there are too many files this can greatly affect performance.

How to enable

  1. Navigate to nc-scan-auto in the TUI (CLI) or the WebUI.
  2. Change ACTIVE to yes.
  3. Set RECURSIVE to yes ( to scan all subfolders recursively ).
  4. Set NONEXTERNAL to no ( to not ignore any external files ).
  5. Set SCANINTERVAL to the interval ( in minutes ) you want to scan.
  6. Set PATH to folders to scan
  7. Click Run or Start.

nc-trusted-domains

Manually add trusted domains

Note : that this is normally not needed, as NCP will do this automatically for you in most cases

nc-webui

Enable or disable the WebUI.

How to enable

  1. Navigate to nc-webui in the TUI (CLI) or the WebUI.
  2. Change ACTIVE to yes.

NETWORKING

NFS

Configure a NFS network file system server.
This is a lightweight way to mount your cloud files through LAN in a Linux computer.

SSH

Activate/deactivate

In order to enable SSH, the password for user pi can not remain set to the default raspberry.
You must create a new password for pi user if you want this program to enable SSH, it will fail if you dont!

Note : Use normal AlphaNumeric, the only special characters allowed are .,@-_/

  1. Navigate to SSH in the TUI (CLI) or the WebUI.
  2. Change ACTIVE to yes.
  3. Change the password.
  4. Confirm new password.
  5. Click Run or Start.

dnsmasq

This is a DNS server that you might need in case you cannot access you cloud from inside your house by an external URL, such as mycloud.freeDNS.org.
This depends on your router to have NAT loopback support.

duckDNS

Free Dynamic DNS provider ( need to create an account at https://duckdns.org and receive an access token )

freeDNS

FreeDNS client.
Most home users using a commercially available broadband connection do not have a Static IP assigned to them but rather a Dynamic IP that changes from time to time, often times once every 24h.

In order for you to be able to access your Nextcloud instance, from outside of your house and over the internet, without typing in a recently changed Public IP address for your router everytime you want to connect, you’ll need to register with a DDNS ( Dynamic Domain Name Server ) service provider.

These services tracks any Public IP changes your ISP makes to your router and updates your registered domain DNS records for you, most commonly done via a cron job script that communicates with the DDNS provider or perhaps even your router has built-in support for your DDNS provider, many actually do without people realising it.

Check your router’s settings if it has a section named DDNS or DynDNS.

For FreeDNS you need to register an account on FreeDNS and setup a domain name.

How to activate

Run the TUI (CLI) via ncp-config or use the WebUI.
Log in to freedns.afraid.com and click Dynamic DNS.
Right click on Direct URL next to your record.
Paste it in a text editor and select only the hash ( which is the letters after the ? ).

  1. Navigate to DDNS_freeDNS in the TUI (CLI) or the WebUI.
  2. Change ACTIVE to yes
  3. Change the UPDATEHASH with your own. ( Delete the example and paste in your own with Ctrl + Shift + V )
  4. Change DOMAIN to your registered domain name.
  5. ( Optional ) Change the UPDATEINTERVAL to the interval you want the client to update the Public IP. ( Dynamic IP’s rarely change more often than once per 24h so you can leave the default value of 5 minutes )
  6. Click Run or Start.

letsencrypt

In order to trust a connection to a website and send your user name and password, you need a SSL certificate. The SSL certificate ensures that the communication is encrypted, so everything you send can only be viewed by the server and not someone who impersonates him.

By default NextCloudPi provides a self signed SSL certificate in order to encrypt your communication but it is strongly recomended that you use a certificate provided from a Certificate Authority ( or CA for short ).

The NextCloudPi instance ships with the Let’s Encrypt certbot client which gets you a certificate from Letsencrypt for your domain name. NextCloudPi also configures the web server to use it and can be configured to renew the certificate once a month.

Note : For the Letsencrypt certbot client to work both port 80 and 443 needs to be open!
Specifically these ports.

Configure

  1. Navigate to letsencrypt in the TUI or the WebUI.

  2. Change the DOMAIN with your domain name.

  3. Change the EMAIL to your own email address. ( It is recomended, required actually, by the issuing Certificate Authority that you provide a valid email adress should there be any need to contact the administrator for the domain.

Usually this bit is all for legal reasons, for example:
Should you put up a domain pointing to a website containing content that violates copyright law (or any other law for that matter) you as the administrator of your site & domain, needs to be reachable and the DDNS service-provider to have a way of contacting you, should any such circumstances arise that require they do so. ( It all sounds very serious but you’ll realise it’s nothing strange if you stop and think logically about it for a minute… )

  1. Click Run or Start.

nc-forward-ports

NextCloudPi has implemented a UPnP client to be able to configure the Router to port forward to your Raspberry Pi.

Requirements

You need to enable UPnP on your Router. Also disable it after you configure port forwarding.

How to configure

  1. Navigate to nc-forward-ports in the TUI (CLI) or the WebUI.
  2. Set the ports your Nextcloud runs on. Default ports are recommended
  3. Click Run or Start.

nc-static-IP

Used to set up a static IP address in the Nextcloud instance
Static IP (ACTIVE=yes)
or
DHCP (ACTIVE=no)

no-ip

Use the DDNS ( Dynamic Domain Name Server ) service by NoIP.
Run the TUI using ncp-config or use the WebUI.

  1. Navigate to no-ip in the TUI or the WebUI.
  2. Change ACTIVE to yes.
  3. Change USER to your username.
  4. Change PASS to your password.
  5. Change DOMAIN to your registered domain name.
  6. Change TIME to the time interval you want for the cron job/script to run that updates the DNS record of your domain with your router’s Public IP.
    Default is 30 minutes which should be perfectly fine.
  7. Click Run or Start.

samba

Configure SMB/CIFS file server (for Mac/Linux/Windows)

If we intend to modify the data folder through SAMBA, then we have to synchronize NextCloudPi afterwards to make it aware of the changes.
This can be done manually or automatically using [ nc-scan ] and [ nc-scan-auto ] options in ncp-config.

How to configure

  1. Navigate to samba in the TUI or the WebUI.
  2. Change ACTIVE to yes.
  3. Change NCUSER to your NextCloudPi user (( Default == admin )).
  4. Change USER to the NextCloudPi user (( Default == pi )).
  5. Change the PWD for the NextCloudPi user.
  6. Click Run or Start.

spDYN

Free Dynamic DNS provider (need account from spdyn.de) - - - - - -

SECURITY

UFW

Uncomplicated Firewall, program for managing a netfilter firewall Beware of blocking the SSH port you are using! SSH uses port 22 by default, ports 80 and 443 are for the webserver

fail2ban

As soon as your NextClouPi is connected to the internet it might get attacked. Most attacks are probably automated attacks by botnets or scripts trying to break into your System by simply using standard username/password combinations like admin/admin.

Fail2Ban scans your webserver logs ( at /var/log/apache2/error.log ) for failed login attempts. If there are too many failed attempts (Default is 6 failed attempts within 10 minutes) fail2ban will ban the attacker’s IP address for a pre-determined amount of time (Default is 10 minutes).

If you activate mail alerts you will receive emails when fail2ban blocks an IP address.
NextCloudPi uses fail2ban to secure Nextcloud logins as well as the SSH logins.
If the Suspicious Login app has been downloaded and enabled, it will perform a check for this too on these entrypoints using an A.I model that trains and learns to spot suspicious login activity from the actual live data your instance is getting.

How to activate

Run the TUI (ncp-config) or use the WebUI.

  1. Change ACTIVE to yes
  2. Change (optional) BANTIME (in seconds, default: 600 = 10 minutes) to change the duration of a ban for a certain IP address after too many failed login attempts.
  3. Change (optional) FINDTIME (in seconds, default: 600 = 10 minutes) to change the time slot in which failed login attempts are counted and the IP address gets banned.
  4. Change (optional) MAXRETRY (default: 6 attempts) to change the number of failed login attempts that trigger an IP address ban.
  5. Change (optional) EMAIL with your personal email to receive ban notifications.
  6. Change (optional) MAILALERTS to activate/deactivate email notifications.
  7. Click Run (WebUI) or Start (TUI)

modsecurity

Web Application Firewall for extra security (experimental) This is a really strong layer of security that makes sure that even if there is a vulnerability in Nextcloud code, it will be blocked by modsecurity in most cases.

The downside is that it can break some apps, so disable it if something doesn’t work for you, it has been tested with the most common apps.
Learn more here

nc-audit

Perform a security audit with lynis and debsecan - - - - - -

SYSTEM

nc-automount

Enable this feature to have your device auto-mount a connected USB drive at boot.

How to enable

  1. Navigate to nc-automount in the TUI or the WebUI.
  2. Change ACTIVE to yes.
  3. Click Run or Start.

nc-hdd-monitor

Monitor HDD health automatically

nc-hdd-test

Check HDD health
Running no test will display test results

nc-ramlogs

Enable mounting logs in RAM to prevent SD degradation ( faster but consumes more RAM ) Recommended instead to use an external drive if the device is of a Raspberry Pi model or class and move the root filesystem there, allowing it to write to a disk (HDD/SSD) instead of the SD card

How to restore

  1. Navigate to nc-ramlogs in the TUI or the WebUI.
  2. Change ACTIVE to yes.
  3. Click Run or Start.

nc-swapfile

Change the location and the size of the swap file.

How to configure

  1. Navigate to nc-swapfile in the TUI or the WebUI.
  2. Change SWAPFILE to the location you want the new swap file to be.
  3. Change SWAPSIZE to the desired size of the swap file. ( Default == 1024 )
  4. Click Run or Start.

TOOLS

nc-fix-permissions

Fix permissions for NC data files, in case they were copied externally

nc-format-USB

Do this if you want to format your USB Drive and make it compatible with linux user/permissions system

Make sure only the USB drive that you want to format is plugged in to the device.
Be careful as you perform these actions, as this will destroy ALL data in the USB drive.
All data on the selected drive will be deleted and the drive wiped clean

How to run

  1. Navigate to nc-format-USB in the TUI or the WebUI.
  2. Change LABEL to a label you like.
  3. Click Run or Start.

nc-maintenance

Turn on or off maintenance mode.
Open maintenance mode
(ACTIVE=yes)
or close maintenance mode
(ACTIVE=no)

nc-previews

Generate previews for the gallery, this makes browsing the gallery much more smooth by pre-generating the .thumbnails used to preview images.
For big collections this can take quite a long time with the duration depending heavily on the hardware used.

nc-scan

Perform a Nextcloud scan for user files.

How to run

  1. Navigate to nc-scan in the TUI or the WebUI.

  2. Navigate to nc-update in the TUI or the WebUI.

UPDATES

nc-autoupdate-nc

Automatically update Nextcloud.

nc-autoupdate-ncp

Automatically update NextCloudPi.

How to enable

  1. Navigate to nc-autoupdate-ncp in the TUI or the WebUI.
  2. Change ACTIVE to yes.
  3. Change the user to be notified when new updates are installed. ( Default == admin )
  4. Click Run or Start.

nc-notify-updates

Enable or disable update notifications.

nc-update-nc-apps-auto

Periodically update all installed Nextcloud Apps

nc-update-nc-apps

Update all installed Nextcloud Apps

nc-update-nextcloud

Update current instance to a new Nextcloud version.
Set to 0 to update to the latest available version.

Important!
Note : Upgrading between major release versions are not supported!
Meaning; to upgrade from NextCloudPi v.19 to v.21 you would first need to upgrade from v.19 to v.20, and then upgrade from v.20 to v.21 for it to be successful.

nc-update

Perform a manual update of NextCloudPi

unattended-upgrades

Enable Automatic installation of security updates to keep your cloud safe.

How to enable

  1. Navigate to unattended-upgrades in the TUI or the WebUI.
  2. Change ACTIVE to yes.
  3. Change AUTOREBOOT to yes if you want your Raspberry Pi to reboot automatically in order to apply updates (optional).
  4. Click Run or Start.

We hope this doc was helpful, if you encounter any issues please reach out to the community.
These docs are written by volunteers, please consider becoming one of them.
Contact the wiki team at Matrix or Telegram

10 posts were merged into an existing topic: About moving the articles