I'm looking to finally ditch Onedrive with a self hosted alternative, but I'm not sure what to go with. I want something with all of the files on a central server, with an Android client with the option to sync individual files for offline access as needed. Preferably the files should also be stored in plain format on the server to make backups easier and as a fallback if the service completely fails and I don't have time to fix it. Linux and Windows clients are a bonus but I'm happy just using a web gui if that's all that's available. These are the options I've considered so far:
Seafile - This was the one that I thought fit my needs the best until earlier but apparently it has a weird disk layout which means the files are basically inaccessible by anything else?
Nextcloud - I had originally ruled this out because I don't care about any of the additional features which people claim also slow it down and make it a bit of a resource hog, and I also don't want to deal with forced https. However I think the community image may actually be what I want as it seems to be just the file server and works with just http? I am a bit confused about the different options for the database though. https://hub.docker.com/_/nextcloud/
Syncthing - Not quite what I'm looking for as you need to sync the entire thing, and I don't like whatever weirdness is going on with the Android app at the moment
SAMBA share - Also not really what I'm looking for as there's no offline syncing, but very easy to set up and basically nothing to go wrong
Are there any other options I should be looking into?
OwnCloud Infinite Scale might be the option you missed?
Nextcloud was forked from the PHP Owncloud some years back, and they added all the apps and things. But Owncloud is like Nextcloud but focused only on the files.
I am a bit concerned that you're talking about not wanting HTTPS and see it as a bad thing that something requires it. Given you can get free certificates these days, why would you not want a secure connection? Even if you're accessing via a VPN to server tunnel, I see no reason not to have it.
I hadn't considered OwnCloud because I thought it was pretty much the same as NextCloud but mainly aimed at enterprise. Does it have any advantages over Nextcloud?
I haven't got round to setting up https yet since I only access my server via my LAN or Tailscale. When I do get round to setting it up I might use a reverse proxy rather than configuring it for every service. I also need to work out how to do automatic certificate renewal and if that's even worth doing, so I don't want to be forced into half-assing it for Nextcloud before I'm ready to do it properly. With Nextcloud specifically I also don't like the fact that you can't change the domain after the initial setup, using the community edition via http seems to get round that problem as well
Use Caddy for reverse proxy. It's magic. Just put in config the subdomain/domain and localhost port to point to, it will fetch and configure and keep certificates up to date with zero effort. You'll forget certificates exist. It just works.
This is what certbot is for. For example, with nginx, you just set up the webserver to be reachable via your domain.
You then install and run certbot, and it will aquire, install and configure, and then set itself up to auto-renew, a certificate. All with just one command.
Yes you can?
I've done it thrice now.
Is this some limitation of the docker AIO stack?
How do you change the domain? That was one of the biggest things putting me off
Locate and edit the config/config.php. There is a line that starts with 'trusted_domains' Add your new domain thusly:
You'll have to update your web server configuration, your DNS records, and you may have to clear any server cache you may have.
ETA: Ooops! Forgot to add citation: https://help.nextcloud.com/t/howto-add-a-new-trusted-domain/26
That's the one.
Thanks for the backup. LOL I get nervous sharing code. Sure it worked for me, but in the back of my head I see some poor guy deploying any code I've used and smoke starts coming out of his server, the front cover falls off, and his Ethernet cable is belched out the back. LOL
Owncloud Infinite Scale was a rewrite of the codebase to get away from PHP. In theory this should be better able to run on lower end hardware. People tend to say they use it if they are only wanting the file part and not all the apps. Personally I use Nextcloud because I want the apps.
Automatic certificate renewal is built into many reverse proxies, and can be done for free, so I don't see a reason not to do it.
Nextcloud has federation of some features so I'd guess that would be a key reason you can't change the domain (you also can't change a Lemmy domain once set up). However, you're using it for file sync for yourself, right? Regardless of what you pick (even Nextcloud), you could surely just set up a new instance under the new domain then move all your files over.
Do you have any recommendations for a reverse proxy to use or resources on how to set one up? It's not something I've properly looked into yet
Check out caddy. Very straight forward syntax for a reverse proxy.
Others might have suggestions. I run everyhting in docker. I then use Traefik as the reverse proxy in docker, where you add labels to the containers you want it to handle and it works things out on it's own. I have also configured it to do certificates automatically, including automatic domain validation using a Cloudflare API.
Caddy and Nginx Proxy Manager are other popular ones that can configure HTTPS certificates for you.
You don't have to overthink it. Choose a reverse proxy you like. If it does automatic certificates, that's great. If not, Let's Encypt (which most of these services use for the free certificates) have a certbot program you install and run on a cronjob to renew certificates.
The easiest way to set up reverse proxy + auto HTTPS for a homelab is https://nginxproxymanager.com/ There is also https://pangolin.net/ which I think is too overkill for you atm :3
Exposing https requires a lot more configuration and also carries with it security risks.
I don't think it's really true these days that it needs a lot of config. Maybe reverse proxies will do it for you automatically without much setup.
I am curious what the security risks are for HTTPS for a service that will already be accessible remotely?
Reverse proxies require configuration.
Already accessible via VPN. Meaning it's only accessible to those explicitly allowed to access it.
What is the security risk of adding HTTPS to a site going via VPN?
It exposes the server to the entire internet...
No? Https is just the connection protocol? You can do it over LAN only just fine?
How so? I have HTTPS on internal sites, I just use DNS validation to get the certificate.