linux, networking, nextcloud, raspberrypi

Different ways to access your Nextcloud files

So, you have your Nextcloud instance up and running, maybe NextCloudPi.

You are now in control of your privacy, and you can access your files through the web interface.

In this post, we will explore other options to access our files, in order to make the most of our setup.

WebDAV

WebDAV is an extension to HTTP/1.1, and it is defined in RFC 4918. It extends the HTTP primitives in order to allow for file manipulation and colaborative authoring.

Some of these primitives include ( from Wikipedia )

  • COPY copy a resource from one URI to another
  • LOCK put a lock on a resource. WebDAV supports both shared and exclusive locks.
  • MKCOL create collections (a.k.a. a directory)
  • MOVE move a resource from one URI to another
  • PROPFIND retrieve properties, stored as XML, from a web resource. It is also overloaded to allow one to retrieve the collection structure (also known as directory hierarchy) of a remote system.
  • PROPPATCH change and delete multiple properties on a resource in a single atomic act
  • UNLOCK remove a lock from a resource

You might recall that we had to specifically allow some of these primitives in NextCloudPi when we were hardening the webserver with modsecurity WAF.

This is the main way NextCloud provides to interact with your shared files, and is the way desktop and android synchronization clients work.

The beauty of open standards is that you can also access your files through any other client. For instance, you can access directly from the Nemo file manager and many others.

in Nemo, file > connect to server …
You can have your NextCloud files in your favourite file manager

We already explained that WebDAV is an extension to HTTP. What this implies is that all the operations need to go through the web server, which is really inefficient.

The implications of this are

  • It is authenticated, and secure as long as it uses HTTPS.
  • It is terribly slow and inefficient
  • It is unpractical with big files
  • All the operations go through the NextCloud stack

The most important benefit is the last one. NextCloud will know about any operation, will record it and there will be consistency between the actual contents of the data folder and what NextCloud shows.

NFS

NFS was covered in more detail in this post, so we will only highlight some features.

  • It is mostly recommended for Linux clients.
  • It is not secure. Communications are not encrypted and there is no authentication.
  • It is very lightweight and efficient.
  • Runs over UDP, although TCP operation is also possible.

SAMBA

SAMBA was covered in more detail in this post. The main features for our use case are

  • It is supported by multiple platforms (Windows, Mac, Linux, Android…)
  • Its traffic is not encrypted
  • It provides authenticated access.

SSHfs

SSHfs is a file system based in FUSE that acts as a wrapper of SFTP. It allows to mount a remote folder securely, encrypted and authenticated through SSH, and interact with it with classic system tools, as opposed to SFTP commands.

It is based on SSH, so there is not need of extra configuration: once we have SSH access, we can mount remote folders locally.

Putting it short

  • Secure: encrypted and authenticated
  • Easy
  • Linux only
  • You can mount remotely, from outside of your house

DAVfs

The davfs2 filesystem enables us to mount a folder through WebDAV.

Everything that was said above about WebDAV applies.

The Arch Wiki as usual, is a good resource on this ( link ).

Wrapping up

If you are a NextCloudPi user, my recommendation is the following

  • Use SSHfs to mount your folders from outside your house
  • Use NFS to mount your folders in your local Linux-only LAN if you have a simple setup, such as single user.
  • Use SAMBA to mount your folders in your local LAN if you need finer control over access, or you have a mixed network with Linux/Windows/Mac.
  • Avoid webDAV and synchronization clients unless your case is to work with a few small files.

Also, note that non WebDAV based options allow us to upload big files. This way, we can download bigger files through the web interface or WebDAV than if we try to upload them with WebDAV.

The upside of SSHfs, NFS, SAMBA and such is also their problem. They work better because they avoid using WebDAV and therefore the full HTTP + PHP + database stack.

This means that whenever you upload or remove files, NextCloud will not be aware of it. Some time ago, Owncloud allowed a mode in which externally modified files were detected, scanned and introduced into the system. This option has been removed for performance reasons.

Some solutions have been put forward by third parties, such as files_inotify, but again, they will greately impact performance, specially if we are going to host many files.

To deal with this situation, NextCloudPi offers two options

nc-scan

If you do not modify your files externally very often, you can re-scan your files manually

, or from the command line

This is just a wrapper to the occ  command

An example output

nc-scan-auto

In case we intend to modify our files externally more often, we can schedule a periodic scan with nc-scan-auto

Extra: pushpi

I also wanted to share this little shell function that you can include in .bashrc or .zshrc.

Modify the variables to reflect your setup, then

will use rsync  to synchronize those files and folders on your remote folder ( I use the one in NextCloudPi ), only if they have changed.

If you have passwordless login with SSH through public key, it is really easy to use and handy to quickly push files to your without leaving the terminal.

Author: nachoparker

Humbly sharing things that I find useful
[ github dockerhub ]

10 Comments on “Different ways to access your Nextcloud files

  1. U/nachoparker Would the nextcloud Mac OS X & iOS clients work w/ nextcloudPi?
    Can I setup a nextcloud account on my nextcloudpi box for a few friends to share 10mb up to 4gb files, over the internet?
    I’ve only purchased the nextcloud/wd labs Box & a raspberry Pi 3. Setting it all up today.
    Thanks!

    1. hello again
      Sure, the official clients work with NextCloudPi. Also you can consider the choices covered in this post to access your files.

      You can surely enough setup user accounts (under admin) and provide quotas and permissions for your friends.

      The only thing that will not work is uploading files greater than ~800 MB. You will have to split those in order to upload them through webdav or the web interface.

      If you upload them through any of the other options (rsync, sshfs, nfs…) then everyone will be able to download them just fine (up to ~2GB if I remember right). Again, other file transfer methods mentioned above don’t have that limitation. After all, the Raspberry Pi only has so much RAM and swap memory!

      Hope everything goes smooth. Enjoy

      1. Q. on 768 MB upload limit:
        As a test, on a RPi2 I changed the 768 MB file upload limit to 1.6 GB via the NC Admin web interface. This gave a little red Error message when I saved the setting, but it still seemed to change fine.
        I then uploaded a 1.4 GB file from the NC web interface on a PC on the same network as the RPi. Took about 8 mins but worked fine. I then downloaded it on a remote machine outside the network. Slow download at 130 kB/sec (took 3 hrs), but worked fine.
        Sure it is slow, but is there another reason for limiting the default to 768 MB?

        1. Actually I have been working on improving uploads for the past couple days. The new release that is building (will be up in a couple hours) defaults to 2GB which is the maximum limit at the moment for technical reasons.

          I am also trying to overcome that limit.

          If you do sudo ncp-update and then sudo nextcloudpi-config, you can see that now the nc-limits has changed.

          The 768MB limit is a RAM limit that makes sense, as the PI ships with only 1GB.

          I have enabled another config to set the maximum upload size, like I said up until 2GB for now.

  2. We mainly use Mac (OS X) computers here for hands-on daily use – with Linux (Debian|Ubuntu|CentOs) for our servers – so we have a lot of experience accessing *nix-based file systems via our Mac computers.

    I just wanted to add a little to your section on sshFs in the above article – namely it’s very easy to access sshFs-based file systems via a Mac (i.e. not just a Linux trick, as your article implies).
    As you are clearly an experienced *nix user I won’t bore you with full details – but do ask if you’d like any clarification etc. of what follows, OK?

    On a Mac computer you need a Fuse layer and the sshfs flavour to run on top of it – so on your Mac pop over to here:

    https://osxfuse.github.io/

    and grab both FUSE for macOS 3.5.8 (the current version as I type this) and SSHFS 2.5.0 (again the current version).

    Install Fuse then the sshfs layer – then use sshfs as you would on Linux, an example command line I use might be:

    sshfs root@10.11.12.13:/var/vhost ~/Public/MNT/SSHFS -o IdentityFile=~/.ssh/my_sshid -o workaround=all -o follow_symlinks

    as you’ll recognise, this makes it available at ~/Public/MNT/SSHFS so all users on the Mac can view/use the files, the other options just ensure the Mac knows how to use sshfs, for example ensuring the built-in Mac Finder.app [file explorer] is happy.
    This works for example on all OS X versions from Mavericks (OS X v10.9) all the way to the absolute latest MacOs Sierra (v10.12) and all between of course.

    Although I don’t use “root” often, but use it here to show it also works fine – something some web articles get wrong!

    Anyway, hope this helps, I’d just hate Mac users to feel they cannot use your wonderful NextCloud easily via the shiny Mac computers – it’s no harder and in some respects even easier than using Linux 🙂

    Kind regards.

  3. Is it just me or uploading file with SSHFS requires Nextcloud to reindex it’s file storage with proper command: sudo -u http php occ files:scan –all

Leave a Reply

Your email address will not be published. Required fields are marked *