Difference between revisions of "Nextcloud User Guide"

What is Nextcloud?

Nextcloud is a secure, private workspace that allows you to store, share, and access your files from anywhere. Instead of relying on a public company to hold your data, Nextcloud runs on our own controlled infrastructure, ensuring your research and personal files stay private and protected.

Key Features

• Access Anywhere: Use a web browser, desktop app, or mobile device to reach your files whenever you need them.

• Nibi Cluster Integration (Direct Access in /home): You can access your Nextcloud files directly within the Nibi cluster. Your storage is mapped into your home directory, allowing you to move data between the cluster and your private cloud without needing to download and re-upload files.

• Secure Sharing: Send files to colleagues or external partners using password-protected links or "drop folders" where others can upload files to you safely.

• Automatic Sync: Any changes you make to a file on your computer/mobile (nextcloud client app) are automatically updated on the server.

Accessing Sharcnet's Nextcloud

URL: https://nextcloud.sharcnet.ca

The Nextcloud landing page offers two login options:

Direct Login — For local application users only (e.g., administrators). Most researchers will not use this option.

SSO & SAML Login — For users with a Digital Research Alliance of Canada (DRAC / AllianceCAN) account. If you are a registered DRAC user, use this option to sign in.

User Policy

Storage Allocation & Quotas

• Individual Quota: Each user is allocated 1 TB of storage; if you need more storage, please use Nibi+Globus.

• Over-Quota Behavior: When 1 TB is reached, synchronization will stop and you will be unable to upload new files until you delete some files, freeing space.

Data Retention & Recovery

Self-Service Recovery (Trash Bin)

• Deleted files are moved to the Trash Bin and retained for up to 30 days.

• Deleted files are moved to the Trash Bin and will be automatically removed after 30 days. However, the Trash Bin is limited to 50% of your remaining available storage quota. If your deleted files exceed this limit, the oldest deleted files will be permanently removed before the 30-day period to free up space — without prior notice.

Example: If your total quota is 1 TB and you have used 600 GB, your remaining free space is 400 GB and your Trash Bin limit will be 200 GB (50% of 400 GB) — meaning any deleted files beyond this limit will be permanently removed automatically, even before the 30-day period.

Disaster Recovery vs. User Backups

• The infrastructure is backed up daily to a TSM Tape Library for Disaster Recovery only — not for restoring individually deleted files.

• Users are responsible for maintaining their own secondary copies of critical data. Nextcloud is a Sync & Share platform, not a long-term archive.

• Accidental Deletions & File Recovery: Nextcloud provides two ways to recover files:

• Trash Bin — Deleted files can be restored within 30 days by going to Files > Deleted Files and clicking Restore.

• Version History — Previous versions of a file can be restored by clicking the "..." menu next to the file > Details > Versions tab, then selecting the version you want to restore.

Access & Authentication

• SSO Only: Access is strictly via AllianceCAN Single Sign-On.

• Credentials are confidential — do not share your account or password with anyone. Each person requiring access must have their own account.

• Session Management: Sessions remain active until the user explicitly logs out. Closing the browser or shutting down your computer does not end your session. Users are responsible for logging out after each use, especially on shared or public computers.

• App Passwords: For third-party clients (Rclone, WebDAV, mobile apps), generate an App Password under Settings > Security. Do not reuse your DRAC account password.

Acceptable Use

All use of this platform is subject to the Alliance Federation - Terms of Service. The following additional rules apply specifically to this Nextcloud instance:

• Sensitive Data: This platform is intended for non-sensitive research data by default. If your research involves Personal Information (PI) or Personal Health Information (PHI), contact the administrators before storing it here.

• External Sharing: Public links must have a password and expiration date when shared with collaborators who do not have DRAC accounts.

Security & Incident Reporting

• Report any suspected unauthorized access or security incident to help@sharcnet.ca immediately.

• If your account is compromised, work with administrators and your institution to resolve it.

• When collaborating, follow the principle of least privilege — grant only the minimum permissions needed.

User Documentation

Web Version

https://docs.nextcloud.com/server/33/user_manual/en/

PDF Version

https://docs.nextcloud.com/server/33/Nextcloud_User_Manual.pdf

Integration: Connecting Nextcloud to the Nibi Cluster

To move data between the Nextcloud storage environment and the Nibi cluster, we utilize two primary methods: WebDAV and rclone.

WebDAV (Web Distributed Authoring and Versioning) is the "bridge" that allows Nextcloud to communicate with external systems. It treats your Nextcloud storage like a local network drive. While WebDAV is the bridge, rclone (deployed in the nibi login nodes) is the vehicle that moves the data and configured to talk to the Nextcloud WebDAV endpoint.

Setup & Configuration

Step 1:

Generate a unique App Password inside the Nextcloud.

1. Log in (SSO/SAML - using your cc account) to your Nextcloud web portal (https://nextcloud.sharcnet.ca).

2. Click your profile icon in the top-right corner, go to Settings, and select Security from the left-hand menu.

3. Generate App Password: * Scroll down to Devices & sessions.

4. Enter a name (e.g., "Nibi-Cluster") in the text box and click Create new app password.

5. Save Your Credentials: * Copy the Password & Paste it to a text editor immediately; it will not be displayed again after closing.

6. Get the WebDAV URL: Go to the Files app, click File Settings (bottom-left corner), and copy the URL under the WebDAV heading.

7. Example format: https://nextcloud.sharcnet.ca/remote.php/dav/files/USERNAME/

Step 2:

Configuring rclone once you have your credentials from Step 1, log-in to the Nibi cluster (Nibi login nodes via Shell/Desktop) and follow these steps to link your account:

*Note: If you're using the Desktop login node, just open a terminal (Desktop screen: username's Home > File > Open in Terminal or Applications > System Tools > Mate Terminal).

1. Run the command: rclone config

2. Type n for "New remote" and name it (custom name: e.g nextcloud-fg).

3. Choose the option number 46 for webdav (usually found in the list of storage types).

4. Enter Connection Details:

5. URL: Paste the WebDAV URL you copied in Step 1.

6. Vendor: Type nextcloud.

7. User: Enter your Nextcloud username.

8. Password: Select y to enter your own password, then paste your App Password.

9. Leave all other settings as default (press Enter for each)

10. From the config options, choose q to quit the configuration.

Step 3:

Mounting Nextcloud

1. Create the mount point directory

mkdir -p ~/my_nextcloud_storage

2. Clear any stale "ghost" mounts from previous sessions

fusermount -uz ~/my_nextcloud_storage 2>/dev/null

3. Execute the mount in the background

rclone mount nextcloud-fg: ~/my_nextcloud_storage --vfs-cache-mode full --log-file ~/rclone_log.txt --log-level INFO --daemon

Command Breakdown:

rclone mount nextcloud-fg: ~/my_nextcloud_storage:

Connects your "nextcloud-fg" configuration to the folder named "my_nextcloud_storage" in your home directory.

--vfs-cache-mode full:

Makes the cloud folder act like a real hard drive by saving temporary copies of files locally so you can open and edit them easily.

--log-file ~/rclone_log.txt:

Saves all status messages and errors into a file called rclone_log.txt.

--log-level INFO:

Records general status updates (not just errors) in that log file.

--daemon:

Runs the whole process in the background so you can keep using your terminal window.

Step 4:

Monitoring and Managing Your Sync

Since the mount runs in the background (via the --daemon flag), use these commands to monitor, unmount, & edit/delete/view configuration.

1. Check the log file to see upload status and activity.

tail -f ~/rclone_log.txt

2. Check the active processes

ps -ef | grep rclone

3. Stop/Unmount the Storage

fusermount -uz ~/my_nextcloud_storage

4. Some rclone commands