Selfhosted @lemmy.world Moonrise2473 @feddit.it 1 mo. ago

I tried to selfhost Nextcloud at work

And it failed spectacularly.

We only needed a simple form, but we wanted to be fancy, so we used "nextcloud forms".

The docker image automatically updated the install to nextcloud 30, but the forms app requires nextcloud 29 or lower. No warning whatsoever. It's an official app, couldn't they wait that it was ready for NC 30 before launching it? The newsletter boasts "NC hub 9 is the best thing after sliced bread" yet i don't see any difference both in visual or performance compared to NC hub 2

Conclusion: we made our business to rely on nextcloud forms as a signup form, but the only reason we were using it was disabled who knows how many weeks ago.

92 comments

Wait, you update productions systems without running a staging environment? Or even checking the update notes and your installed apps? Also no backups? What kind of business are you running over there?
- Oh, Nextcloud docker is a joke. They follow no standards or best practices when it comes to docker. They keep the entire app directory mounted as a volume, which means it does upgrade you without you "needing" to upgrade the docker image. They have volumes within volumes they need to mount. Their configs can (and do) override environment variables. Most actions that need to be taken require running an occ command which can only be done by exec'ing into the container.
  
  Nextcloud docker is honestly just such a joke. They should have rethought their application from a docker sense and they didn't. God just number one - Docker images should never update. It's a freaking pinned version for a reason. If I want to update, it should be as simple as upping the version tag, and it does any upgrades in place when I do that.
  
  I honestly steer people away from Nextcloud now because of how mismanaged their images are.
  
  Yep, and I'd guess there's probably a huge component of "it must be as easy as possible" because the primary target is selfhosters that don't really even want to learn how to set up Docker containers properly.
  
  The AIO Docker image is an abomination. The other ones are slightly more sane but they still fundamentally mix code and data in the same folder so it's not trivial to just replace the app.
  
  In Docker, the auto updater should be completely neutered, it's the wrong way to update the app.
  
  The packages in the Arch repo are legit saner than the Docker version.
  
  I wiped a whole drive (luckily it was filled with a redundant backup) with the docker image, as the behavior was (or still is, don't know if it was fixed) to rm -rf . and replace with fresh stuff if occ isn't found. So in the docker compose I accidentally mistyped the wrong volume as /mnt/disk2 instead of /mnt/disk3 and it erased it
  
  What's the better way of hosting it?
  
  The images work fine for me. The problem is that Nextcloud is a complex app that doesn't really work with the design of one container to do one job. It is pretty much a regular application that uses docker for packaging.
- One that lacks a good IT department apparently
- To be fair a certain security company was in global news for exactly that same send it behavior. Why waste precious resources on multiple instances? Investors hate waste. 😅
  
  The world is your ~~oyster~~ test env
- If I understand correctly, nextcloud automatically updated ... which I didn't think it would, normally. Maybe it's a "feature" of the AIO docker image?
- Yes no staging because it's something used at most by 2 concurrent users, we were ok with 95% reliability (we discovered it was disabled after at least two weeks lol)
  
  Otherwise we would just have signed up to one of the many cloud forms sites at $100/year
  
  Backups daily but it's unthinkable to revert something like nextcloud to a months old one
  
  Subscribed to both newsletter and RSS feed to know about issues (the command to update the docker images isn't automated but manually issued). The maintainer of the forms app is nextcloud itself so any incompatibility should have been written in red bold characters in the blog posts and newsletter.
  
  Why are your backups so out of date? Just setup daily snapshots and call it a day if it isn't critical. You never want to update major versions first thing. Wait 3 months and then update.
  
  This smells like shadow IT
Backups and rollbacks should be your next endeavor.
- Seems easier to blame Nextcloud
- I have daily Borg backups held for at least one year but the problem is that the issue came out at least two weeks ago and nobody noticed. It's better to have nothing (customer gets error page when viewing useless survey that nobody is watching) rather to restore such a old backup (everyone loses 2-4 weeks of data)
The docker image automatically updated the install to nextcloud 30, but the forms app requires nextcloud 29 or lower.

Lol. Do not blame others for your incompetence. If you have automatically updates enabled then that is your fault when it breaks things. Just pin the major version with a tag like nextcloud:29 or something. Upgrading major versions automatically in production is a terrible decision.
- Docker images should never self update - that's an anti pattern. They should be static code. The only time I would expect a docker image to "auto update" is if I was using the "latest" or "stable" tag and Compose/Kubernetes/I repull the image - but the image should never update itself.
  
  Yes, OP bit off more than they could chew. Nextcloud, however, is breaking the entire purpose of Docker images by having an auto-updater at all.
  
  If you say
  
  Thing:latest
  
  and then redeploy your compose file or what not,
  
  well, you're getting the latest!
  
  What are you talking about? If you are not manual (or by something like watchtower) pull the newest image it will not update by itself.
  
  I have never seen an auto-update feature by nextcloud itself, can you pls link to it?
- They're releasing a new version every two month or so and dropping them rapidly from support, pinning it with a tag means that in 12 months the install would be exploitable.
  
  Now, I did directly to production because this is low priority stuff, but it would have happened even with a testing stage. I would have never noticed that the forms apps was disabled, the system disabled it without any notification.
  
  You would expect that an official app supports the latest release, no?
  
  This wasn't an app released by a nobody in their free time, this is a main feature heavily advertised in their blog. Look by yourself:
  
  https://nextcloud.com/blog/nextcloud-forms-to-keep-your-surveys-private/
  
  It's not unreasonable to get pissed when 6 months after that blog post it doesn't support the latest release anymore.
  
  They're releasing a new version every two month or so and dropping them rapidly from support, pinning it with a tag means that in 12 months the install would be exploitable.
  
  The lifecycle can be found with a single online search. Here https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule
  
  Releases are maintained for roughly a year.
  
  Set yourself a notification if you forget it otherwise.
Specify a Version Tag in docker compose and update nextcloud deliberately through the webapp, that way it doesn't update automatically on a pull
- You can't update it in the web app. You need to do a docker-compose pull followed by docker-compose up -d
  
  No, I think if you're using the nextcloud all in one image, then the management image connects to the docker socket and deploys nextcloud using that. The you could be able to update nextcloud via the web ui.
  
  https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-update-the-containers
Docker automatically upgrades if you tell it to by specifying "latest" or not specifying a version number. But it only upgrades if you issue the pull command or the compose up command. There are ways to start without a pull like using start or restart. So yes, there was warning and something you did actively told it to upgrade.

And it's really bad practice to update any software without testing, especially between breaking/major version numbers.

Finally, it's not uncommon for a platform to release its update and then the plugins or addons to follow. Especially with major updates that require lots of testing before release. This allows plugin/add-on makers to fully test their software with the release version of the platform rather than all of the plugin makers having to wait for one that may be lagging behind.
- You again commented on the docker upgrade comment that I said it's irrelevant. It's really like saying "if you wore pants that day, they wouldn't have done that, it's your fault". It doesn't make sense to spend $1000 in operating costs to host a useless survey that gets 3 responses a year. If it breaks for a week nobody dies.
  
  Focus on how they're moving fast and breaking things, ok? It's not normal that official plugins don't support the latest stable release. It's not an alpha, it's not a beta, it's stable. Stable means everything needs to work. Official plugins need to support the latest stable release. It's acceptable only if this was a third party plugin made by a hobbyist in their free time
  
  WordPress updates also break many plugins but it never happened that a stable release blocked official ones like woocommerce.
  
  By the way, now I have learned that the latest version of nextcloud is a public beta and it's better to always stay one version behind. So why don't they call it public beta?
Why did you do automatic updates without testing? That is the real issue.

Honestly your IT department sounds like it could use some help
- Manual docker upgrade issued my me after reading the official blog and newsletter. The upgrade notes described the new version as the best thing ever and didn't mention that one of their selling points would be disabled without any notice.
  
  I'm starting to see a pattern in those comments like "why did you wear a skirt that night? It looks like you asked for it..."
  
  Whoah, dude.
  
  Not only are you being told what could have and will ward off unplanned breakage, but you have somehow characterised yourself as an unsuspecting victim here? Inaccurate and really inappropriate comparison.
  
  You knew enough to take on deploying a service, now comes the grown-up part where you hedge against broken updates.
  
  I'm starting to see a pattern in those comments like "why did you wear a skirt that night? It looks like you asked for it..."
  
  Cute victim mentality, but gross and insanely wrong comparison
  
  Learn from your mistake and don't update without testing next time, it's 100% on whoever updates the production environment to make sure that shit isn't broken for whatever reason before pushing it customer-side
  
  It's more like you bought a random white powder from your dealer without asking what it was and are now upset you almost died
There was a recent related discussion on Hacker News and the top comment discusses why this sort of solution is not likely to be the best fit for smaller organizations. In short, doing it well requires time and effort from someone technically sophisticated, who must do more than the bare minimum for good results, as you just learned.

Even then, it's likely to be less reliable than solutions hosted by big corporations and when there's a problem, it's your problem. I don't want to discourage you, but understand what you're committing to and make sure you have adequate buy-in in your organization.
- That reminds me of work. I'm old, young me has been through the mistakes and the pain of wanting to control and self-host everything.
  
  Now I manage a team of young idealists who have not yet been burned sufficiently hard by reality and I feel like I spend half of my time denying them permission to add new self-hosted services to our stack.
  
  Just last month a young padawan was pissed at the spent on an external auth service and had been pushing hard for a self hosted OSS solution which he was convinced he could handle by himself (which was most likely true, from a purely technical standpoint).
  
  Since he wouldn't let it go, I "punished" him by having him spend one day in excel and powerpoint to prepare a cost benefit analysis to present to the architecture review board, including server cost, backups, redundancy, security, monitoring, pen-testing, auditing, his time and all the bells and whistles we needed to be compliant with all the ISO-x we have to be. (we're in a banking related field).
  
  Our estimated internal cost ended up about 6x the one of the SASS solutions and still wasn't as reliable.
  
  Most people don't understand the amount of effort it requires to run a secure & reliable system and if I had a dollar for everytime I heard it's as simple as "docker run", I could retire early.
Never upgrade to the latest and greatest of ... anything really, especially in production. Let others test it first, or as suggested already, have a staging environment where you test the upgrade first. I guess you can still downgrade nextcloud though, especially if you have a backup.

Are you using the AIO image? I don't know how well that works, but yeah, I absolutely hate automatic updates like that. I tried it once and I decided to use the plain "official but not supported" docker image instead, where I manage things myself. Never had an issue, and I can control which version I'm running, I can backup to wherever I want, using whichever system I want, etc.
- AIO has a updater but it is manual by default You need to enable automatic updates yourself, which.... Is done through a bash script you need to add yourself into the system crontab
  
  And not only that, the instructions do say things could break and even suggests setting up backups for such
You can still choose to installt he old version in NC30 and it will do so. and I upgraded to NC30 and my forms app continues to be functional. you can still give it a try.
Docker is kind of a giant mess in my experience. The trick to it is creating backup plans to recover your data when it fails. As such, I don't really recommend it to anyone at all.
- Docker is kind of a giant mess in my experience. The trick to it is creating backup plans to recover your data when it fails.
  
  Thats the trick for any production service. Especially when you do an update.
- I wouldn't recommend Docker for a production environment either, but there are plenty of container-based solutions that use OCI compatible images just fine and they are very widely used in production. Having said that, plenty of people run docker images in a homelab setting and they work fine. I don't like running rootful containers under a system daemon, but calling it a giant mess doesn't seem fair in my experience.
  
  Honestly it is fine assuming you don't need 24/7 uptime. Just make a compose file and verify you have a working health check
- This is why you have a staging environment and backups for the very rare case where something goes wrong. I've only had to roll back a container maybe 3 times in 5 years at this point and can just roll back to a previous snapshot in a few minutes.
- Sounds like you are not using docker correctly.
The forms app is useless. It's basically for surveys. I can't see how you'd use it for signups.
- I wrote signups but I meant survey (in another comment I wrote "I would have never checked the useless survey")
Not to flame you, but really just an HTML form was all you needed? It's a super simple feature...
- sure, but why solve problems in 10 minutes when i can do it way more sophisticated using 10x more time and resources?
  
  (at the moment reverted to the easy html form + php send mail)
take a VM snapshot, upgrade the app, validate it still works as intended, if not, revert from snapshot
Permanently Deleted
- I disagree. I use and depend on the apps including things like calendar and talk.
  
  Permanently Deleted
- Us too, we only use it as a filelink provider for thunderbird and to host a useless survey that's going to get filled once a quarter. That's why nobody noticed the survey was disabled and that's why we're not doing multistage testing in multiple virtual machines. We are a super small company and ok with something that one day can be 3 days offline. Otherwise it would be cheaper to pay $100 to Surveymonkey and $100 to Dropbox
No offence, but is Docker really the best way of running NC in a professional environment? Also, if you don’t want Docker to upgrade to latest image, don’t use the “latest” tag in your configuration.
- Docker is probably the simplest way to get a working deployment, since there's a lot of moving pieces in a Nextcloud install.
  
  Though, it's not going to automatically update itself unless you've made a poor choice for a production environment configuration, which sounds like what happened here.
  
  (Even using a latest tag isn't really a problem until/unless you re-pull the image to do the upgrade. And/or have configured something to automatically update your shit, but again, don't do that in production.)
  
  Nextcloud is also annoying in that updating the base won't pull all the apps to a current version, so you have to know what's going to break before you update the base so you can then update the apps as needed. Which, again, can't just be left up to automatic updates.
  
  Exactly. I don't know if the AIO image was used and how that all works (I stay away from that and the snap which is just an abomination) but no one should try to selfhost anything for prod unless they know exactly how it works. That and have a staging env. If you're not up to the task then just pay for some commercial hosting (even if it's just Nextcloud that is hosted elsewhere.)
  
  I've run the nextcloud image (just docker.io/nextcloud IIRC) pinned for years with k8s and it's durable and fine. It stays put and I just take the time to update my testing instance, make sure it all works with some cheap smoke tests, then upgrade prod.
- Yes, docker is the best way. Anything else is hell. It is still painful with docker but at least it is manageable

You've viewed 92 comments.