linux, nextcloud, raspberrypi

Different ways to access your Nextcloud files

So, you have your Nextcloud instance up and running, maybe NextCloudPi.

You are now in control of your privacy, and you can access your files through the web interface.

In this post, we will explore other options to access our files, in order to make the most of our setup.

WebDAV

WebDAV is an extension to HTTP/1.1, and it is defined in RFC 4918. It extends the HTTP primitives in order to allow for file manipulation and colaborative authoring.

Some of these primitives include ( from Wikipedia )

  • COPY copy a resource from one URI to another
  • LOCK put a lock on a resource. WebDAV supports both shared and exclusive locks.
  • MKCOL create collections (a.k.a. a directory)
  • MOVE move a resource from one URI to another
  • PROPFIND retrieve properties, stored as XML, from a web resource. It is also overloaded to allow one to retrieve the collection structure (also known as directory hierarchy) of a remote system.
  • PROPPATCH change and delete multiple properties on a resource in a single atomic act
  • UNLOCK remove a lock from a resource

You might recall that we had to specifically allow some of these primitives in NextCloudPi when we were hardening the webserver with modsecurity WAF.

This is the main way NextCloud provides to interact with your shared files, and is the way desktop and android synchronization clients work.

The beauty of open standards is that you can also access your files through any other client. For instance, you can access directly from the Nemo file manager and many others.

in Nemo, file > connect to server …
You can have your NextCloud files in your favourite file manager

We already explained that WebDAV is an extension to HTTP. What this implies is that all the operations need to go through the web server, which is really inefficient.

The implications of this are

  • It is authenticated, and secure as long as it uses HTTPS.
  • It is terribly slow and inefficient
  • It is unpractical with big files
  • All the operations go through the NextCloud stack

The most important benefit is the last one. NextCloud will know about any operation, will record it and there will be consistency between the actual contents of the data folder and what NextCloud shows.

NFS

NFS was covered in more detail in this post, so we will only highlight some features.

  • It is mostly recommended for Linux clients.
  • It is not secure. Communications are not encrypted and there is no authentication.
  • It is very lightweight and efficient.
  • Runs over UDP, although TCP operation is also possible.

SAMBA

SAMBA was covered in more detail in this post. The main features for our use case are

  • It is supported by multiple platforms (Windows, Mac, Linux, Android…)
  • Its traffic is not encrypted
  • It provides authenticated access.

SSHfs

SSHfs is a file system based in FUSE that acts as a wrapper of SFTP. It allows to mount a remote folder securely, encrypted and authenticated through SSH, and interact with it with classic system tools, as opposed to SFTP commands.

It is based on SSH, so there is not need of extra configuration: once we have SSH access, we can mount remote folders locally.

Putting it short

  • Secure: encrypted and authenticated
  • Easy
  • Linux only

DAVfs

The davfs2 filesystem enables us to mount a folder through WebDAV.

Everything that was said above about WebDAV applies.

The Arch Wiki as usual, is a good resource on this ( link ).

Wrapping up

If you are a NextCloudPi user, my recommendation is the following

  • Use SSHfs to mount your folders from outside your house
  • Use NFS to mount your folders in your local Linux-only LAN if you have a simple setup, such as single user.
  • Use SAMBA to mount your folders in your local LAN if you need finer control over access, or you have a mixed network with Linux/Windows/Mac.
  • Avoid webDAV and synchronization clients unless your case is to work with a few small files.

Also, note that non WebDAV based options allow us to upload big files. This way, we can download bigger files through the web interface or WebDAV than if we try to upload them with WebDAV.

The upside of SSHfs, NFS, SAMBA and such is also their problem. They work better because they avoid using WebDAV and therefore the full HTTP + PHP + database stack.

This means that whenever you upload or remove files, NextCloud will not be aware of it. Some time ago, Owncloud allowed a mode in which externally modified files were detected, scanned and introduced into the system. This option has been removed for performance reasons.

Some solutions have been put forward by third parties, such as files_inotify, but again, they will greately impact performance, specially if we are going to host many files.

To deal with this situation, NextCloudPi offers two options

nc-scan

If you do not modify your files externally very often, you can re-scan your files manually

, or from the command line

This is just a wrapper to the occ  command

An example output

nc-scan-auto

In case we intend to modify our files externally more often, we can schedule a periodic scan with nc-scan-auto

Extra: pushpi

I also wanted to share this little shell function that you can include in .bashrc or .zshrc.

Modify the variables to reflect your setup, then

will use rsync  to synchronize those files and folders on your remote folder ( I use the one in NextCloudPi ), only if they have changed.

If you have passwordless login with SSH through public key, it is really easy to use and handy to quickly push files to your without leaving the terminal.

Author: nachoparker

Humbly sharing things that I find useful [ github ]

Leave a Reply

Your email address will not be published. Required fields are marked *