this post was submitted on 24 Sep 2024
69 points (82.2% liked)

Selfhosted

39353 readers
398 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
69
I tried to selfhost Nextcloud at work (feddit.it)
submitted 4 days ago by Moonrise2473@feddit.it to c/selfhosted@lemmy.world
87 comments fedilink hide all child comments
 

And it failed spectacularly.

We only needed a simple form, but we wanted to be fancy, so we used "nextcloud forms".

The docker image automatically updated the install to nextcloud 30, but the forms app requires nextcloud 29 or lower. No warning whatsoever. It's an official app, couldn't they wait that it was ready for NC 30 before launching it? The newsletter boasts "NC hub 9 is the best thing after sliced bread" yet i don't see any difference both in visual or performance compared to NC hub 2

Conclusion: we made our business to rely on nextcloud forms as a signup form, but the only reason we were using it was disabled who knows how many weeks ago.

top 50 comments
sorted by: hot top controversial new old
[–] ilmagico@lemmy.world 6 points 4 days ago* (last edited 4 days ago) (1 children)

Never upgrade to the latest and greatest of ... anything really, especially in production. Let others test it first, or as suggested already, have a staging environment where you test the upgrade first. I guess you can still downgrade nextcloud though, especially if you have a backup.

Are you using the AIO image? I don't know how well that works, but yeah, I absolutely hate automatic updates like that. I tried it once and I decided to use the plain "official but not supported" docker image instead, where I manage things myself. Never had an issue, and I can control which version I'm running, I can backup to wherever I want, using whichever system I want, etc.

load more comments (1 replies)
[–] helenslunch@feddit.nl 0 points 3 days ago (2 children)

I pretty much use NextCloud as just a storage device and nothing else. Using anything in the actual UI is just atrocious and the apps are not updated or just outright abandoned, and can't be relied on.

[–] possiblylinux127@lemmy.zip 1 points 3 days ago (2 children)

I disagree. I use and depend on the apps including things like calendar and talk.

load more comments (2 replies)
[–] Moonrise2473@feddit.it 0 points 3 days ago

Us too, we only use it as a filelink provider for thunderbird and to host a useless survey that's going to get filled once a quarter. That's why nobody noticed the survey was disabled and that's why we're not doing multistage testing in multiple virtual machines. We are a super small company and ok with something that one day can be 3 days offline. Otherwise it would be cheaper to pay $100 to Surveymonkey and $100 to Dropbox

[–] Lucidlethargy@sh.itjust.works 1 points 4 days ago (4 children)

Docker is kind of a giant mess in my experience. The trick to it is creating backup plans to recover your data when it fails. As such, I don't really recommend it to anyone at all.

[–] ShortN0te@lemmy.ml 5 points 4 days ago

Docker is kind of a giant mess in my experience. The trick to it is creating backup plans to recover your data when it fails.

Thats the trick for any production service. Especially when you do an update.

load more comments (3 replies)
[–] meldrik@lemmy.wtf -3 points 4 days ago (2 children)

No offence, but is Docker really the best way of running NC in a professional environment? Also, if you don’t want Docker to upgrade to latest image, don’t use the “latest” tag in your configuration.

[–] possiblylinux127@lemmy.zip 1 points 3 days ago

Yes, docker is the best way. Anything else is hell. It is still painful with docker but at least it is manageable

[–] schizo@forum.uncomfortable.business 12 points 4 days ago (1 children)

Docker is probably the simplest way to get a working deployment, since there's a lot of moving pieces in a Nextcloud install.

Though, it's not going to automatically update itself unless you've made a poor choice for a production environment configuration, which sounds like what happened here.

(Even using a latest tag isn't really a problem until/unless you re-pull the image to do the upgrade. And/or have configured something to automatically update your shit, but again, don't do that in production.)

Nextcloud is also annoying in that updating the base won't pull all the apps to a current version, so you have to know what's going to break before you update the base so you can then update the apps as needed. Which, again, can't just be left up to automatic updates.

[–] timbuck2themoon@sh.itjust.works 1 points 4 days ago

Exactly. I don't know if the AIO image was used and how that all works (I stay away from that and the snap which is just an abomination) but no one should try to selfhost anything for prod unless they know exactly how it works. That and have a staging env. If you're not up to the task then just pay for some commercial hosting (even if it's just Nextcloud that is hosted elsewhere.)

I've run the nextcloud image (just docker.io/nextcloud IIRC) pinned for years with k8s and it's durable and fine. It stays put and I just take the time to update my testing instance, make sure it all works with some cheap smoke tests, then upgrade prod.

[–] JASN_DE@lemmy.world 81 points 4 days ago (7 children)

Wait, you update productions systems without running a staging environment? Or even checking the update notes and your installed apps? Also no backups? What kind of business are you running over there?

[–] Moonrise2473@feddit.it 3 points 4 days ago (1 children)

Yes no staging because it's something used at most by 2 concurrent users, we were ok with 95% reliability (we discovered it was disabled after at least two weeks lol)

Otherwise we would just have signed up to one of the many cloud forms sites at $100/year

Backups daily but it's unthinkable to revert something like nextcloud to a months old one

Subscribed to both newsletter and RSS feed to know about issues (the command to update the docker images isn't automated but manually issued). The maintainer of the forms app is nextcloud itself so any incompatibility should have been written in red bold characters in the blog posts and newsletter.

[–] possiblylinux127@lemmy.zip 3 points 3 days ago (1 children)

Why are your backups so out of date? Just setup daily snapshots and call it a day if it isn't critical. You never want to update major versions first thing. Wait 3 months and then update.

This smells like shadow IT

[–] Moonrise2473@feddit.it -1 points 3 days ago

I have daily backups and hourly zfs snapshot. The problem is that, because nobody used the useless survey plugin, I have no idea when it broke. It could have been yesterday or it could have been 4 months ago

[–] scrubbles@poptalk.scrubbles.tech 54 points 4 days ago (5 children)

Oh, Nextcloud docker is a joke. They follow no standards or best practices when it comes to docker. They keep the entire app directory mounted as a volume, which means it does upgrade you without you "needing" to upgrade the docker image. They have volumes within volumes they need to mount. Their configs can (and do) override environment variables. Most actions that need to be taken require running an occ command which can only be done by exec'ing into the container.

Nextcloud docker is honestly just such a joke. They should have rethought their application from a docker sense and they didn't. God just number one - Docker images should never update. It's a freaking pinned version for a reason. If I want to update, it should be as simple as upping the version tag, and it does any upgrades in place when I do that.

I honestly steer people away from Nextcloud now because of how mismanaged their images are.

[–] Max_P@lemmy.max-p.me 13 points 4 days ago* (last edited 4 days ago) (1 children)

Yep, and I'd guess there's probably a huge component of "it must be as easy as possible" because the primary target is selfhosters that don't really even want to learn how to set up Docker containers properly.

The AIO Docker image is an abomination. The other ones are slightly more sane but they still fundamentally mix code and data in the same folder so it's not trivial to just replace the app.

In Docker, the auto updater should be completely neutered, it's the wrong way to update the app.

The packages in the Arch repo are legit saner than the Docker version.

[–] scrubbles@poptalk.scrubbles.tech 2 points 4 days ago (5 children)

I had to learn how to mount subpaths for their terrible container, and god just the updater is mind boggling. And I have to store their code in a volume, because of course I have to, why would code and configuration ever need to be... configurable? I actually just tried to put their config.php into a ConfigMap just to try, and of course PHP doesn't allow that - not that I blame PHP for it - but ffs it's been years, it's time to allow config to also come from a yaml or something.

[–] Max_P@lemmy.max-p.me 3 points 4 days ago

Having the web server be able to overwrite its own app code is such a good feature for security. Very safe. Only need a path traversal exploit to backdoor config.php!

load more comments (4 replies)
[–] possiblylinux127@lemmy.zip 1 points 3 days ago (1 children)

The images work fine for me. The problem is that Nextcloud is a complex app that doesn't really work with the design of one container to do one job. It is pretty much a regular application that uses docker for packaging.

[–] scrubbles@poptalk.scrubbles.tech 1 points 3 days ago (1 children)

That doesn't make up for bad container decisions. I run much more complex containers both that split out responsibilities and that contain everything as one container. The size and complexity is irrelevant to the bad design decisions. You can have an image that eats up gigabytes of space that runs off of proper environment/config variables with properly mounted volumes.

[–] possiblylinux127@lemmy.zip 2 points 3 days ago (1 children)

Again there docker image is just a packaging format and a health check. I very much wish it were better but for now it works

[–] nichtburningturtle@feddit.org 2 points 4 days ago (1 children)

What's the better way of hosting it?

[–] scrubbles@poptalk.scrubbles.tech 4 points 4 days ago

I do it in docker at home, for myself, in an environment I am okay with accidentally destroying - and even then I have nightly backups of the volumes.

In a professional system, as mentioned in my other comment, I would simply just do it in a VM with the disk scheduled also for nightly backups. Nextcloud just hardcoded too many things dependent on thinking the underlying system was mutable. Unfortuantely that's just the easiest way to handle it.

However, also as mentioned, if I were in a professional environment, I'd have to really look at the cost for all of that infrastructure and my time to run it - and decide if I really thought I could run it myself with all of that overhead, and that it would still make sense compared to just doing google docs or something. Remember it'd be my ass on the line, as OP is learning

load more comments (2 replies)
load more comments (5 replies)
[–] hperrin@lemmy.world 32 points 4 days ago (2 children)

Backups and rollbacks should be your next endeavor.

[–] possiblylinux127@lemmy.zip 8 points 3 days ago

Seems easier to blame Nextcloud

load more comments (1 replies)
[–] ShortN0te@lemmy.ml 30 points 4 days ago (8 children)

The docker image automatically updated the install to nextcloud 30, but the forms app requires nextcloud 29 or lower.

Lol. Do not blame others for your incompetence. If you have automatically updates enabled then that is your fault when it breaks things. Just pin the major version with a tag like nextcloud:29 or something. Upgrading major versions automatically in production is a terrible decision.

[–] scrubbles@poptalk.scrubbles.tech 17 points 4 days ago (5 children)

Docker images should never self update - that's an anti pattern. They should be static code. The only time I would expect a docker image to "auto update" is if I was using the "latest" or "stable" tag and Compose/Kubernetes/I repull the image - but the image should never update itself.

Yes, OP bit off more than they could chew. Nextcloud, however, is breaking the entire purpose of Docker images by having an auto-updater at all.

[–] GBU_28@lemm.ee 17 points 4 days ago (5 children)

If you say

Thing:latest

and then redeploy your compose file or what not,

well, you're getting the latest!

load more comments (5 replies)
load more comments (4 replies)
load more comments (7 replies)
[–] matzler@lemmy.ml 19 points 4 days ago (3 children)

Specify a Version Tag in docker compose and update nextcloud deliberately through the webapp, that way it doesn't update automatically on a pull

load more comments (3 replies)
[–] irotsoma@lemmy.world 14 points 3 days ago (1 children)

Docker automatically upgrades if you tell it to by specifying "latest" or not specifying a version number. But it only upgrades if you issue the pull command or the compose up command. There are ways to start without a pull like using start or restart. So yes, there was warning and something you did actively told it to upgrade.

And it's really bad practice to update any software without testing, especially between breaking/major version numbers.

Finally, it's not uncommon for a platform to release its update and then the plugins or addons to follow. Especially with major updates that require lots of testing before release. This allows plugin/add-on makers to fully test their software with the release version of the platform rather than all of the plugin makers having to wait for one that may be lagging behind.

load more comments (1 replies)
[–] possiblylinux127@lemmy.zip 14 points 3 days ago (1 children)

Why did you do automatic updates without testing? That is the real issue.

Honestly your IT department sounds like it could use some help

[–] Zak@lemmy.world 9 points 4 days ago (1 children)

There was a recent related discussion on Hacker News and the top comment discusses why this sort of solution is not likely to be the best fit for smaller organizations. In short, doing it well requires time and effort from someone technically sophisticated, who must do more than the bare minimum for good results, as you just learned.

Even then, it's likely to be less reliable than solutions hosted by big corporations and when there's a problem, it's your problem. I don't want to discourage you, but understand what you're committing to and make sure you have adequate buy-in in your organization.

load more comments (1 replies)
load more comments
view more: next ›