OpenCloud is the new Nextcloud, and it is MUCH faster

Key Concepts

• OpenCloud: A self-hosted, simple cloud storage solution forked from OwnCloud Infinite Scale (OCIS).
• OCIS (OwnCloud Infinite Scale): The predecessor to OpenCloud, also a cloud storage solution.
• NextCloud: A popular self-hosted cloud storage solution.
• Collabora Office: An office suite integrated into OpenCloud for real-time document editing.
• Docker Compose: A tool for defining and running multi-container Docker applications.
• Reverse Proxy (EngineX Proxy Manager): Manages incoming network traffic and routes it to the appropriate service.
• Local DNS Server (AdGuard Home): Resolves domain names to IP addresses within a local network, improving performance.
• Calabra: The web-based office suite used by OpenCloud.
• WPI Server: A component related to Calabra for collaboration.
• Bind Mounts: A Docker feature that maps a directory on the host machine to a directory within a container.
• SSL Certificates: Used to secure web traffic with HTTPS.
• Tunnels (Cloudflare Tunnel, Penglin Tunnel): Provide secure external access to local services without direct port forwarding.
• MTLS (Mutual TLS): A security protocol that requires both the client and server to authenticate each other.
• SSO (Single Sign-On): Allows users to log in to multiple applications with a single set of credentials.

OpenCloud: A Fast and Simple Self-Hosted Cloud Storage Solution

This tutorial details the setup and configuration of OpenCloud, a self-hosted cloud storage solution emphasizing speed and simplicity, with integrated real-time document editing via Collabora Office. The presenter highlights OpenCloud's advantages over NextCloud, particularly its performance and streamlined focus on file storage.

Introduction to OpenCloud and its Origins

OpenCloud is presented as a faster alternative to NextCloud, focusing solely on file storage and modification with Collabora Office. It is a fork of OwnCloud Infinite Scale (OCIS), which itself originated from a split within the OwnCloud development team. The OCIS team reportedly forked the project due to concerns about OwnCloud's prioritization of open-source development. OpenCloud aims to provide a simpler, faster experience by omitting integrated tools like mail, calendar, and chat found in NextCloud, though these can be added through other supported tools.

Technical Setup and Configuration

The setup process involves several key components and steps:

1. Prerequisites:

   • Local DNS Server (AdGuard Home): Recommended for faster internal communication between services and for resolving local domain rewrites. A tutorial for AdGuard Home setup is mentioned.
   • Reverse Proxy (EngineX Proxy Manager): Used for managing external access and SSL termination. A tutorial for EngineX Proxy Manager is also referenced.
   • Docker and Docker Compose: Essential for deploying and managing the OpenCloud containers.

2. Obtaining OpenCloud Docker Compose Files:

   • The tutorial directs users to the OpenCloud GitHub repository to clone the project.
   • The docker-compose.yaml file and associated configuration files are crucial.
   • The presenter uses VS Code with an SSH remote connection for managing files and commands.

3. Environment Configuration (.env file):

   • The .env.example file is copied to .env to configure the OpenCloud instance.
   • Admin Password: The initial admin password is set to "admin" for consistency with OwnCloud OCIS, with the intention of creating a personal user and deleting the admin account later.
   • OpenCloud Domain: A custom domain (e.g., cloud.thomaswildtech.com) is highly recommended for easier SSL certificate management and overall usability.
   • Compose File Variables: Specific compose files are enabled or disabled based on the desired stack. For this setup, docker-compose.yaml (base OpenCloud) and external-proxy.yaml (for integration with a reverse proxy) are enabled. The calabra.yaml is deferred until later.
   • Insecure Setting: Set to false when using HTTPS with a domain.
   • Bind Mounts:
     • OC_CONFIG_DIR: Maps a local directory for persistent configuration files (e.g., /app/config).
     • OC_DATA_DIR: Maps a local directory for storing user files (e.g., /app/data).
     • OC_APPS_DIR: Maps a local directory for potential app installations (e.g., /app/apps).
   • The presenter creates these directories (app/config, app/data, app/apps) on the host to avoid permission issues.

4. Reverse Proxy Configuration (EngineX Proxy Manager):

   • A new proxy host is created for cloud.thomaswildtech.com.
   • Forward Hostname/IP: Set to localhost (or the server's local IP if EngineX is not in host mode).
   • Forward Port: Set to 9200, the port OpenCloud listens on.
   • Websocket Support: Enabled for real-time features.
   • SSL: Wildcard SSL certificate is used, with "Force SSL" enabled. HSTS and HTTP2 are also enabled.

5. DNS Rewrites (AdGuard Home):

   • A DNS rewrite is added for cloud.thomaswildtech.com to point to the local IP address of the server (e.g., 192.168.4.248).
   • The OpenCloud container is configured to use the local DNS server (e.g., 192.168.4.142) for internal communication.

6. Starting OpenCloud:

   • The command docker compose up -d is used to start the containers.
   • Upon accessing cloud.thomaswildtech.com, the OpenCloud login page appears.

User Management and Initial Usage

• Login: The default credentials are admin/admin.
• Creating a New User: A new user, thomas@thomaswildtech.com, is created with the role of "admin."
• Deleting Admin User: The default admin user is deleted to enhance security.
• File Operations: The presenter demonstrates creating text files and spreadsheets directly in the web interface. The speed of file operations is emphasized.

Desktop Application Integration

• Installation: The OpenCloud desktop client is installed from the Microsoft Store (or via downloads from GitHub for other OS).
• Account Setup: The server address (https://cloud.thomaswildtech.com) is entered, and the desktop client is authorized through a browser.
• Syncing: A new folder (OpenCloud 2) is created on the desktop, containing Personal and Shares subfolders. Files created on the desktop (e.g., "hello from desktop") are synced to the server, and vice-versa.

Collabora Office Integration (Calabra)

• Enabling Calabra:
  • The calabra.yaml and calabra-external-proxy.yaml compose files are enabled in the .env file.
  • New DNS entries are created for calabra-oc.thomaswildtech.com and wpy.thomaswildtech.com, pointing to the server's IP.
  • The presenter renames the Calabra domain to calabra-oc to avoid conflicts with previous NextCloud tutorials.
  • The calabra.yaml file adds the Calabra and WPI server containers.
  • The calabra-external-proxy.yaml exposes the necessary ports (e.g., 9982 for Calabra, 9300 for WPI server).
  • The .env file is updated with the Calabra and WPI server domains.
  • SSL verification for Calabra is set to true, but SSL enabling for Calabra itself is disabled as EngineX handles certificates.
• Reverse Proxy Configuration for Calabra:
  • Proxy hosts are created for calabra-oc.thomaswildtech.com (forwarding to port 9982) and wpy.thomaswildtech.com (forwarding to port 9300).
  • Websocket support and wildcard SSL are configured for both.
• Restarting Docker: docker compose down followed by docker compose up -d is executed to apply the Calabra changes.
• Testing Calabra:
  • New documents (ODT, DOCX, XLSX) can be created within OpenCloud.
  • The presenter demonstrates editing an ODT file, showing real-time syncing with the desktop client.
  • Editing an XLSX spreadsheet is also shown, highlighting the speed and functionality.

Mobile Application (Android)

• Installation: The OpenCloud app is installed from the Google Play Store.
• Local DNS on Android: Users may need to disable "Private DNS" in Android settings to use their local DNS server.
• Connecting to Server: The server address (https://cloud.thomaswildtech.com) is entered, and the app is authorized.
• Mobile Editing Limitations:
  • Unlike NextCloud, OpenCloud requires separate installation of Calabra or OnlyOffice for mobile editing.
  • Direct editing within the OpenCloud Android app can have issues with real-time updates and file uploads.
  • Using the "Open in Calabra online web" option or the embedded web tool provides better real-time collaboration.
  • When using external apps like Calabra, real-time updates might not be as seamless. The presenter notes an "Upload failed" error when trying to save from a mobile app.
  • The embedded web viewer is recommended for real-time collaboration on mobile.

External Access and Tunneling

The tutorial explores two methods for secure external access:

1. Penglin Tunnel:

   • Setup: A new resource is added in Penglin for cloud.thomaswildtech.com (HTTPS). Authentication is set to false.
   • Routing: The Penglin tunnel is routed to the EngineX proxy manager (port 443).
   • DNS: A DNS record for cloud.thomaswildtech.com is created, pointing to the Penglin server's IP address.
   • Host Header: The cloud.thomaswildtech.com domain is also set as the custom host header in Penglin.
   • Testing: Accessing cloud.thomaswildtech.com via the Penglin tunnel works, allowing web and mobile access.

2. Cloudflare Tunnel:

   • Setup: The Penglin DNS record is removed.
   • Cloudflare Zero Trust: The "Networks" tool and "Tunnels" section are used.
   • Published Application Routes: A new route is added for cloud.thomaswildtech.com, with the service type as HTTPS and the local IP of the EngineX proxy manager.
   • TLS Server Name/Host Header: cloud.thomaswildtech.com is specified for both.
   • Testing: Refreshing the URL shows that the connection is now routed through Cloudflare Tunnel.

Advanced Security Considerations

• MTLS: Mentioned as a potential security layer, but the OpenCloud app does not natively support client certificates for iOS. An Android-specific MTLS setup is possible with further configuration.
• SSO Integration: The possibility of integrating SSO providers is noted, with a request for comments if users have questions.

Conclusion and Recommendation

The presenter expresses strong satisfaction with OpenCloud, highlighting its speed and simplicity. It is recommended as a direct replacement for OwnCloud OCIS, especially given the uncertainty surrounding OCIS's future support. For new self-hosted cloud storage setups, OpenCloud is presented as a compelling option over NextCloud if advanced integrated features are not a priority. The tutorial concludes with an invitation for viewer questions and a promise of future tutorials.