Cloud storage allows to not only store data, but also to ensure joint work with it in the NAS.

Possible solutions

There are several options for cloud services: NextCloud, Seafile, Pydio, etc… Some of them are discussed below.

NextCloud installation

Initially, I wanted to use Seafile: the server part is implemented in C, it is efficient and stable. But it turned out that the free version didn’t have everything needed. Therefore, I tried Nextcloud and was satisfied. It provides more features and is completely free.

You can see how it works in demo mode here. Here are the common points of interface between cloud storage and the system:

• / tank0/apps/cloud / nextcloud — cloud service storage.
• / tank0/apps / onlyoffice — office data.
• https://cloud.NAS.cloudns.cc – WEB interface of cloud service.

Since the NextCloud configuration is quite large and consists of several files, I will not include them here.

Everything you need can be found in the repository on Github.

Also the configuration for SeaFile is available there.

First, install and run NextCloud.

To do this, copy the configuration to the /tank0/docker/services/nextcloud directory and run:

# docker-compose up -d

A new image based on Nextcloud 13.0.7 will be built. If you want to change the base image version, do so in app/Dockerfile. I use version 15, but it’s worth noting that many plugins like the ocDownloader loader and notes don’t work in it, and I haven’t yet restored the functionality of OnlyOffice.

I didn’t notice any fundamental differences or a strong performance improvement. Below I suggest that you are using version 13+. Next, go to NextCloud, select “Applications” at the top right in the menu and install the required plugins.

Will be required:

• LDAP user and group backend — interface with LDAP.
• External Storage Support. It will be necessary to integrate NextCloud and shared files, as well as to interface with external cloud storage. I’ll explain the external storage setting up in another article.
• ocDownloader- file loader. Extends the cloud functionality. Docker image is specially rebuilt so that it works.
• ONLYOFFICE-integration with the office. Without this app, document files can’t be opened in the cloud.
• End-to-End Encryption on the client. If multiple users are using the cloud, a plugin is required to conveniently secure their files.

Preferable applications:

• Brute-force settings – protection against credentials guessing. NextCloud looks at on the Internet, so it is better to be installed.
• Impersonate – allows the administrator to log in as other users. Useful for debugging and Troubleshooting.
• Talk-video chat.
• Calendar– says it all, allows to manage calendars in the cloud.
• File Access Control-allows files and directories access denying for users based on tags and rules.
• Checksum-allows you to calculate and view file checksums.
• External sites-creates links to arbitrary sites on the panel at the top.

Container features

• The Aria2 loader is installed.
• The Youtube-DL Downloader is installed.
• Inotify-tools are installed.
• Memory limits for PHP are increased.
• Web server is configured to best work with LDAP.

I would point out that if you install version 13+, but then decide to upgrade to version 15, you will be able to do this and much more with the utility occ.

LDAP

LDAP configuration is not trivial, so I will explain it in more detail.

Go To “settings – > LDAP/AD Integration”.
Add server 172.21.0.1 with port 389.

Login: cn=admin, dc=nas, dc=nas.
NextCloud can manage users in the LDAP database and an administrator will be required to do so.

Click the “Check DN configuration” button and, if the checking indicator is green, the “Next” button. Each user has InetOrgPerson attribute and is a member of the users_cloud group.

The filter will be like this:

(&(|(objectclass=inetOrgPerson))(|(memberof=cn=users_cloud,ou=groups,dc=nas,dc=nas)))

Click “Check settings database and recalculate users”, and if everything is correct, the number of users should be displayed. Click “Next”. On the next page, users filter will be set up and NextCloud will use it to search for users.

Filter:

(&(objectclass=inetOrgPerson)(uid=%uid))

On this page you need to enter the login of any user and click “Check settings”.
The last time “Next”.

Here click “Advanced” and check that “The group tree base” field is equal to “The user tree base” field and has the value dc=nas, dc=nas. Go back to groups and put a tick against groupOfUniqueNames in “Only these object classes” field.

The resulting filter here is:

(&(|(objectclass=groupOfUniqueNames)))

The field “Only from these groups” I didn’t install, because I want to see all users in the NextCloud interface, and those who are not included in the group users_cloud, are filtered out in the previous step.

OnlyOffice

OnlyOffice is a great cross-platform office suite that supports MS Office documents. It is free and open, just like LibreOffice and is also capable of running as a server.

But at the same time, original format supporting is implemented much better, almost like in the original office from MS, it is more stable and has better designed interface. It also integrates with NextCloud.

By the way, there is a Desktop version of OnlyOffice, including for Linux. Anyway, having trouble time with heavy and unstable Collabora (LibreOffice), I chose OnlyOffice and quite satisfied for now. The OnlyOffice configuration is available on Github and below, under the spoiler. There is also configuration for Collabora on Github.

Let me explain some points:

• You need to change <JWT_SECRET_TOKEN> to your own, as well as NAS to the name of your DNS zone.
• HTTPS does not need to be enabled here, because although the office is visible from the outside, the exchange with it goes through a reverse proxy that works with the user exclusively via HTTPS. This is how the NAS architecture is built.

Now the office need to be deployed:

docker-compose up -d

And, if everything works, at the address office.NAS.cloudns.cc will be the following page:

Then, in NextCloud settings you need to select “Administration – >ONLYOFFICE” and write the address of the documents server in the first two fields: https://office.NAS.cloudns.cc/ and your JWT token.In the third field it is necessary to write the address of the cloud. If the server is configured correctly, additional items for Office documents will appear in the Cloud Document creation menu, and.docx files will be opened in the office.

Conclusion

Cloud storage is the central link for users interaction between each other and other services. For this role NextCloud is very convenient and has a wide functionality. It has its own nuances in the process of update between versions, but in general, this storage can be recommended.