Table of contents

Getting Started

• Introduction
  • Target Audience
  • Core Components
  • Editions
  • Further Resources
  • Getting Started
• Maintenance and release schedule
  • Overview
  • Release types
    • Major releases
    • Maintenance releases
  • Release schedule
    • Length of support (“maintenance”)
    • End-of-life
  • Installation version
  • Release channels
  • Major version upgrades
  • Beta releases and Release candidates
  • Downgrading
  • Bug reporting
• GDPR-compliance
  • Cookies
    • Cookies stored by Nextcloud

Release notes

• Critical changes
  • Critical changes
    • Upgrade to Nextcloud 32
      • System requirements
      • Web server configuration
      • Monitoring: Counting of active users
    • Upgrade to Nextcloud 31
      • System requirements
      • Database configuration
      • PHP configuration
      • Nextcloud configuration
        • Maximum chunk size
      • Monitoring: Counting of active users
    • Upgrade to Nextcloud 30
      • System requirements
      • Web server configuration
      • Nextcloud configuration
      • Previews for PDF files with Imaginary
      • Automated clean-up of app password
      • Monitoring: Counting of active users
    • Upgrade to Nextcloud 28
      • System requirements
      • Web server configuration
      • Setup Checks
      • Monitoring
      • Previews for Office files using LibreOffice
    • Upgrade to Nextcloud 27
      • System requirements
      • Exposed system address book
      • Web server configuration
    • Upgrade to Nextcloud 26
      • System requirements
      • System email
      • Web server configuration
  • Changelog

Installation

• Installation and server configuration
  • System requirements
    • Server
      • CPU Architecture and OS
      • Memory
      • Database requirements for MySQL / MariaDB
      • Why we drop old PHP versions
        • Advantages of upgrading PHP
        • Long term support
    • Desktop client
    • Mobile apps
      • Files App
      • Talk App
    • Web browser
  • Deployment recommendations
  • Preparing PHP
    • PHP Installation
    • Required PHP Modules
    • Required PHP Database Connectors
    • Recommended General PHP Modules
    • Recommended PHP Caching Modules
    • Recommended PHP CLI Modules
    • PHP Modules for Media Management
    • PHP Modules for Specific Applications
    • PHP ini Settings
    • Notes on PHP ini Configuration
    • PHP Module Quick Reference Table
    • Further Resources
  • Installation on Linux
    • Prerequisites for manual installation
    • Apache Web server configuration
      • Additional Apache configurations
    • Pretty URLs
    • Enabling SSL
    • Installation wizard
    • Setting up background jobs
    • SELinux configuration tips
    • PHP-FPM configuration
      • Overview
      • Process manager
      • System environment variables
      • Maximum upload size
      • .htaccess
    • Other Web servers
    • Installing on Windows (virtual machine)
    • Installing via Snap packages
      • Installation
      • 1st login
      • HTTPS encryption
      • Configuration
      • External media
    • Installation via web installer on a VPS or web space
    • Installation on TrueNAS
    • Installation via install script
  • Installation wizard
    • Quick start
    • Data directory location
    • Database choice
    • Trusted domains
  • Installing from command line
  • SELinux configuration
    • Enable updates via the web interface
    • Disallow write access to the whole web directory
    • Allow access to a remote database
    • Allow access to LDAP server
    • Allow access to remote network
    • Allow access to network memcache
    • Allow access to SMTP/sendmail
    • Allow access to CIFS/SMB
    • Allow access to FuseFS
    • Allow access to GPG for Rainloop
    • Troubleshooting
  • NGINX configuration
    • Nextcloud in the webroot of NGINX
    • Nextcloud in a subdir of the NGINX webroot
    • Tips and tricks
      • PHP-Handler Configuration / Avoiding “502 Bad Gateway”
      • Suppressing log messages
      • JavaScript (.js) or CSS (.css) files not served properly
      • Upload of files greater than 10 MiB fails
      • Login loop without any clue in access.log, error.log, nor nextcloud.log
  • Hardening and security guidance
    • Passwords
      • Storage of access tokens
      • Limit on password length
    • Operating system
      • Give PHP read access to /dev/urandom
      • Enable hardening modules such as SELinux
    • Deployment
      • Place data directory outside of the web root
      • Disable preview image generation
      • Disable Debug Mode
    • Use HTTPS
      • Redirect all unencrypted traffic to HTTPS
      • Enable HTTP Strict Transport Security
      • Proper SSL configuration
    • Restrict admin actions to a specific range of IP addresses
    • Use a dedicated domain for Nextcloud
    • Ensure that your Nextcloud instance is installed in a DMZ
    • Serve security related headers by the Web server
    • Connections to remote servers
    • Setup fail2ban
      • Nextcloud prerequisites
      • Fail2ban introduction
      • Setup a filter and a jail for Nextcloud
  • Server tuning
    • Using cron to perform background jobs
    • Reducing system load
    • Log Levels
    • Debug Mode
    • Caching
    • Compression
    • Using MariaDB/MySQL instead of SQLite
    • Using Redis-based transactional file locking
    • TLS / encryption app
    • Enable HTTP/2 for faster loading
    • Tune PHP-FPM
    • Enable PHP OPcache
      • Revalidation
      • Sizing
      • Comments
      • JIT
    • Previews
      • Settings
  • Example installation on Ubuntu 22.04 LTS
    • Next steps
  • Example installation on CentOS 8
    • Apache
    • PHP
      • Setting up remirepo with PHP 8.2
      • Installing PHP and the required modules
      • Installing optional modules redis/imagick
    • Database
    • Redis
    • Installing Nextcloud
    • SELinux
  • Example installation on OpenBSD
    • HTTPD(8)
    • PHP
    • Database
    • Redis
    • Cron job
    • Chroot
    • Nextcloud final steps
    • NOTE
  • Uninstallation
• Database configuration
  • Converting database type
    • Run the conversion
      • Establishing the target database
      • Triggering the conversion
    • Inconvertible tables
  • Database configuration
    • Requirements
      • Database “READ COMMITTED” transaction isolation level
    • Parameters
      • Configuring a MySQL or MariaDB database
      • SSL for MySQL Database
      • PostgreSQL database
    • Troubleshooting
      • How to work around “general error: 2006 MySQL server has gone away”
      • How can I find out if my MySQL/PostgreSQL server is reachable?
      • How can I find out if a created user can access a database?
      • Useful SQL commands
  • Enabling MySQL 4-byte support
  • BigInt (64bit) identifiers
  • Replication
  • Splitting databases
    • Initial splitting
    • Migrations on updates

Configuration

• Nextcloud configuration
  • Warnings on admin page
    • Cache warnings
    • Transactional file locking is disabled
    • You are accessing this site via HTTP
    • The test with getenv("PATH") only returns an empty response
    • The “Strict-Transport-Security” HTTP header is not configured
    • /dev/urandom is not readable by PHP
    • Your Web server is not yet set up properly to allow file synchronization
    • Outdated NSS / OpenSSL version
    • Your Web server is not set up properly to resolve /.well-known/caldav/ or /.well-known/carddav/
    • Some files have not passed the integrity check
    • Your database does not run with “READ COMMITTED” transaction isolation level
  • Configuration Parameters
    • Introduction
    • Loading
    • Format
      • Types of Values
    • Modifying
    • Defaults
    • Multiple/Merged Configuration Files
    • Examples
    • Default Parameters
      • instanceid
      • passwordsalt
      • secret
      • trusted_domains
      • cookie_domain
      • datadirectory
      • version
      • dbtype
      • dbhost
      • dbname
      • dbuser
      • dbpassword
      • dbtableprefix
      • dbpersistent
      • dbreplica
      • db.log_request_id
      • installed
    • User Experience
      • default_language
      • force_language
      • default_locale
      • reduce_to_languages
      • default_phone_region
      • force_locale
      • default_timezone
      • knowledgebaseenabled
      • knowledgebase.embedded
      • allow_user_to_change_display_name
      • skeletondirectory
      • templatedirectory
    • User session
      • remember_login_cookie_lifetime
      • session_lifetime
      • davstorage.request_timeout
      • carddav_sync_request_timeout
      • carddav_sync_request_truncation
      • session_relaxed_expiry
      • session_keepalive
      • auto_logout
      • token_auth_enforced
      • token_auth_activity_update
      • auth.bruteforce.protection.enabled
      • auth.bruteforce.protection.force.database
      • auth.bruteforce.protection.testing
      • auth.bruteforce.max-attempts
      • ratelimit.protection.enabled
      • security.ipv6_normalized_subnet_size
      • auth.webauthn.enabled
      • auth.storeCryptedPassword
      • hide_login_form
      • lost_password_link
      • logo_url
    • Mail Parameters
      • mail_domain
      • mail_from_address
      • mail_smtpdebug
      • mail_smtpmode
      • mail_smtphost
      • mail_smtpport
      • mail_smtptimeout
      • mail_smtpsecure
      • mail_smtpauth
      • mail_smtpname
      • mail_smtppassword
      • mail_template_class
      • mail_send_plaintext_only
      • mail_smtpstreamoptions
      • mail_sendmailmode
    • Proxy Configurations
      • overwritehost
      • overwriteprotocol
      • overwritewebroot
      • overwritecondaddr
      • overwrite.cli.url
      • htaccess.RewriteBase
      • htaccess.IgnoreFrontController
      • proxy
      • proxyuserpwd
      • proxyexclude
      • allow_local_remote_servers
    • Deleted Items (trash bin)
      • trashbin_retention_obligation
    • File versions
      • versions_retention_obligation
    • Nextcloud Verifications
      • appcodechecker
      • updatechecker
      • updater.server.url
      • updater.release.channel
      • has_internet_connection
      • connectivity_check_domains
      • check_for_working_wellknown_setup
      • check_for_working_htaccess
      • check_data_directory_permissions
      • config_is_read_only
    • Logging
      • log_type
      • log_type_audit
      • logfile
      • logfile_audit
      • logfilemode
      • loglevel
      • loglevel_frontend
      • loglevel_dirty_database_queries
      • syslog_tag
      • syslog_tag_audit
      • log.condition
      • log.backtrace
      • logdateformat
      • logtimezone
      • log_query
      • log_rotate_size
      • profiler
      • profiling.request
      • profiling.request.rate
      • profiling.secret
      • profiling.sample
      • profiling.sample.rate
      • profiling.sample.rotation
      • profiling.path
    • Alternate Code Locations
      • customclient_desktop
    • Apps
      • defaultapp
      • appstoreenabled
      • appstoreurl
      • appsallowlist
      • apps_paths
    • Previews
      • enable_previews
      • preview_concurrency_all
      • preview_concurrency_new
      • preview_max_x
      • preview_max_y
      • preview_max_filesize_image
      • preview_max_memory
      • preview_libreoffice_path
      • preview_ffmpeg_path
      • preview_ffprobe_path
      • preview_imaginary_url
      • preview_imaginary_key
      • enabledPreviewProviders
      • metadata_max_filesize
      • max_file_conversion_filesize
    • LDAP
      • ldapUserCleanupInterval
      • sort_groups_by_name
    • Comments
      • comments.managerFactory
      • systemtags.managerFactory
    • Maintenance
      • maintenance
      • maintenance_window_start
      • ldap_log_file
    • SSL
      • openssl
    • Memory caching backend configuration
      • memcache.local
      • memcache.distributed
      • redis
      • redis.cluster
      • memcached_servers
      • memcached_options
      • cache_path
      • cache_chunk_gc_ttl
      • cache_app_config
    • Using Object Store with Nextcloud
      • objectstore
      • objectstore
      • objectstore.multibucket.preview-distribution
    • Sharing
      • sharing.managerFactory
      • sharing.enable_mail_link_password_expiration
      • sharing.mail_link_password_expiration_interval
      • sharing.maxAutocompleteResults
      • sharing.minSearchStringLength
      • sharing.enable_share_accept
      • sharing.force_share_accept
      • sharing.allow_custom_share_folder
      • share_folder
      • sharing.enable_share_mail
      • sharing.allow_disabled_password_enforcement_groups
      • transferIncomingShares
    • Federated Cloud Sharing
      • sharing.federation.allowSelfSignedCertificates
    • Hashing
      • hashing_default_password
      • hashingThreads
      • hashingMemoryCost
      • hashingTimeCost
      • hashingCost
    • All other configuration options
      • dbdriveroptions
      • sqlite.journal_mode
      • mysql.utf8mb4
      • mysql.collation
      • supportedDatabases
      • tempdirectory
      • updatedirectory
      • forbidden_filenames
      • forbidden_filename_basenames
      • forbidden_filename_characters
      • forbidden_filename_extensions
      • theme
      • enforce_theme
      • theming.standalone_window.enabled
      • cipher
      • encryption.use_legacy_base64_encoding
      • minimum.supported.desktop.version
      • maximum.supported.desktop.version
      • localstorage.allowsymlinks
      • localstorage.umask
      • localstorage.unlink_on_truncate
      • quota_include_external_storage
      • external_storage.auth_availability_delay
      • files_external_allow_create_new_local
      • filesystem_check_changes
      • part_file_in_storage
      • mount_file
      • filesystem_cache_readonly
      • trusted_proxies
      • forwarded_for_headers
      • allowed_admin_ranges
      • max_filesize_animated_gifs_public_sharing
      • filelocking.ttl
      • memcache.locking
      • filelocking.debug
      • upgrade.disable-web
      • upgrade.cli-upgrade-link
      • user_ini_additional_lines
      • documentation_url.server_logs
      • debug
      • data-fingerprint
      • copied_sample_config
      • lookup_server
      • gs.enabled
      • gs.federation
      • csrf.optout
      • core.login_flow_v2.allowed_user_agents
      • simpleSignUpLink.shown
      • login_form_autocomplete
      • login_form_timeout
      • no_unsupported_browser_warning
      • files_no_background_scan
      • query_log_file
      • query_log_file_requestid
      • query_log_file_parameters
      • query_log_file_backtrace
      • redis_log_file
      • diagnostics.logging
      • diagnostics.logging.threshold
      • profile.enabled
      • account_manager.default_property_scope
      • projects.enabled
      • bulkupload.enabled
      • reference_opengraph
      • unified_search.enabled
      • enable_non-accessible_features
      • binary_search_paths
      • files.chunked_upload.max_size
      • files.chunked_upload.max_parallel_count
      • files.trash.delete
      • enable_lazy_objects
    • App config options
      • Activity app
      • Settings app
  • Activity app
    • Enabling the activity app
    • Configuring your Nextcloud for the activity app
    • Activities in groupfolders or external storages
    • Better scheduling of activity emails
    • Excluding users from the activity expiration
  • Administration privileges (Delegation)
    • Introduction
    • Usage
  • Android Deep Link Handling
    • Android 11 and Below
    • Android 12 and Above
      • Creating assetlinks.json
        • Nextcloud Configuration Limitation
  • Antivirus scanner
    • Installing ClamAV
    • Enabling the antivirus app for files
    • Configuring ClamAV on Nextcloud
    • Confirm everything is working
    • Manage the background scanner
      • Get info about files in the scan queue
      • Manually trigger the background scan
      • Manually scan a single file
      • Mark a file as scanned or unscanned
    • Configuring ICAP on Nextcloud
    • Disabling background scan task
  • Automatic setup
    • Parameters
    • Automatic configurations examples
      • Data Directory
      • SQLite database
      • MySQL database
      • PostgreSQL database
      • All parameters
  • Background jobs
    • Parameters
      • maintenance_window_start
    • Cron jobs
      • AJAX
      • Webcron
      • Cron
      • systemd
  • Brute force protection
    • Introduction
    • How it works
      • Overview
      • Example: The login page
    • Usage
      • Activating
      • The brute force settings app
      • occ commands
      • Brute force protection and load balancers/reverse proxies
    • Troubleshooting
      • Overview
      • Excluding IP addresses from brute force protection
  • Memory caching
    • Recommendations based on type of deployment
      • Small/Private home server
      • Organizations with single-server
      • Organizations with clustered setups
      • Additional notes for Redis vs. APCu on memory caching
    • APCu
    • Redis
      • Redis configuration in Nextcloud (config.php)
      • Connecting to single Redis server over TCP
      • Connecting to single Redis server over TLS
      • Connecting to Redis cluster over TLS
      • Connecting to single Redis server over UNIX socket
      • Using the Redis session handler
    • Memcached
      • Memcached configuration in Nextcloud (config.php)
    • Cache Directory location
  • Dashboard app
    • Enabling the dashboard app
    • Configuring your Nextcloud for the activity app
  • Domain Change
  • Email
    • Mail Providers
    • Configuring an SMTP server
    • Configuring Sendmail/qmail
    • Using email templates
      • Modifying the look of emails beyond the theming app capabilities
    • Setting mail server parameters in config.php
      • SMTP
      • Sendmail
      • qmail
    • Send a test email
    • Troubleshooting
      • Enabling debug mode
      • Why is my web domain different from my mail domain?
      • How can I find out if an SMTP server is reachable?
      • How can I find out if the SMTP server is listening on a specific TCP port?
      • How can I determine if the SMTP server supports the SMTPS protocol?
      • How can I determine what authorization and encryption protocols the mail server supports?
      • How can I send mail using self-signed certificates or use STARTTLS with self signed certificates?
      • All emails keep getting rejected even though only one email address is invalid.
  • Linking external sites
    • Configurations preventing embedding
  • Language & Locale
    • Default language
    • Force language
    • Default locale
    • Force locale
  • Logging
    • Log level
    • Log type
      • errorlog
      • file
      • syslog
      • systemd
    • Log fields explained
      • Example log entries
      • Log field breakdown
    • Admin audit log (Optional)
      • Log level interaction
      • Integrating into the Web Interface
      • Configuring through admin_audit app settings
    • Workflow log
    • Temporary overrides
  • OAuth2
    • Add an OAuth2 Application
    • The access token
    • Security considerations
  • Reverse proxy
    • Defining trusted proxies
    • Overwrite parameters
    • Service Discovery
      • Apache2
      • Traefik 1
      • Traefik 2
      • HAProxy
      • NGINX
      • Caddy
    • Example
      • Multiple domains reverse SSL proxy
  • Text app
    • Disable rich workspaces globally
    • Default file extension
    • Disable rich text editing
    • File encodings
  • Theming
    • Modify the appearance of Nextcloud
    • Configure theming through CLI
    • Theming of icons
    • Branded clients
• Using the occ command
  • occ command Directory
  • Run occ as your HTTP user
    • Environment variables
  • Enabling autocompletion
  • Run commands in maintenance mode
  • Apps commands
  • Background jobs selector
  • Config commands
    • Getting a single configuration value
    • Setting a single configuration value
    • Setting an array configuration value
    • Setting a hierarchical configuration value
    • Deleting a single configuration value
  • Dav commands
    • Manage addressbooks
      • List all addressbooks of a user
      • Create a addressbook for a user
    • Manage calendars
      • List all calendars of a user
      • Create a calendar for a user
      • Delete a calendar for a user
      • Move a calendar of a user
      • Misc
    • Manage calendar subscriptions
      • List all calendar subscriptions of a user
      • Create a calendar subscription for a user
      • Delete a calendar subscription for a user
    • Sync system address book
    • Sync birthday calendar
  • Database conversion
  • Add missing indices
  • Encryption
  • Federation sync
  • File operations
    • Scan
    • Scan appdata
    • Cleanup previews
    • Cleanup
    • Repair-Tree
    • Sanitize filenames
    • Transfer
    • Toggle Windows compatibility
  • Files Sharing
  • Files external
  • Integrity check
  • l10n, create JavaScript translation files for apps
  • LDAP commands
    • ldap:search
    • ldap:check-user
    • ldap:check-group
    • ldap:create-empty-config
    • ldap:delete-config
    • ldap:set-config
    • ldap:test-config
    • ldap:test-user-settings
    • ldap:show-remnants
  • Logging commands
  • Maintenance commands
  • Security
  • Status
    • Status return code
  • Trashbin
  • User commands
    • user:add
    • user:resetpassword
    • user:delete
    • user:lastseen
    • user:profile
    • user:setting
    • user:report
    • user:list
    • user:info
  • Group commands
  • Versions
  • Command line installation
  • Command line upgrade
  • Two-factor authentication
  • Disable users
  • System Tags
  • Antivirus
  • Setupchecks
  • Share operations
    • List
  • Debugging
• Reference management
  • Link previews
    • Where do they appear?
    • How does it work?
    • Known link preview providers
  • The Smart Picker
    • Where can it be used?
    • Known Smart Picker providers
• Webhook Listeners
  • Installation
  • Listening to events
    • Filters
    • Speeding up webhook dispatch
      • Screen or tmux session
      • Systemd service
  • Nextcloud Webhook Events
• Windmill Workflows
  • Installation
  • Selecting the right Workspace
  • Setting up the Correct Nextcloud URL
  • Building a workflow
    • The magic listener script
  • Nextcloud Scripts
    • Authentication
    • Passing values between blocks
    • Approval/Suspend steps
  • FAQ
    • Can I create a script?

Files

• File sharing and management
  • File Sharing
    • Advanced settings
    • Distinguish between max expiration date and default expiration date
    • Get a notification before a share expires
    • Transferring files to another user
    • Creating persistent file Shares
    • Using File Drop Share links
  • Configuring Federation Sharing
    • Creating a new Federation Share
    • Configuring trusted Nextcloud servers
    • Creating Federation Shares via public Link Share
    • Configuration tips
    • Changing the display of federated shares
  • Uploading big files > 512MB
    • System configuration
    • Configuring your Web server
      • Apache
      • Apache with mod_fcgid
      • Apache with mod_proxy_fcgi
      • nginx
    • Configuring PHP
    • Configuring Nextcloud
    • Adjust chunk size on Nextcloud side
    • Large file upload on object storage
    • Federated Cloud Sharing
  • Providing default files
    • Default file templates
  • Configuring Object Storage as Primary Storage
    • Differences from External Storage
      • Performance Implications
      • Data Backup and Recovery Implications
    • Configuration
      • OpenStack Swift
      • Simple Storage Service (S3)
      • Microsoft Azure Blob Storage
    • Multibucket Object Store
    • S3 SSE-C encryption support
  • Configuring External Storage (GUI)
    • Enabling External Storage Support
    • Storage configuration
    • Usage of variables for mount paths
    • User and group permissions
    • Mount options
    • Using self-signed certificates
    • Available storage backends
      • Amazon S3
      • FTP/FTPS
      • Local
      • Nextcloud
      • OpenStack Object Storage
      • SFTP
      • SMB/CIFS
        • SMB update notifications
          • SMB authentication
          • Decrease sync delay
          • Hidden files upload failure or not shown
      • WebDAV
    • Allow users to mount external Storage
    • Adding files to external storages
  • External Storage authentication mechanisms
    • Special mechanisms
    • Password-based mechanisms
    • Public-key mechanisms
    • Considerations for shared storage
  • Server-side encryption configuration
    • Before enabling encryption
    • Enabling encryption
    • Encrypting external mountpoints
    • Encrypting team folders
    • occ encryption commands
    • Disabling encryption
    • Files not encrypted
    • Using user keys
      • Sharing encrypted files
      • Enabling users file recovery keys
      • LDAP and other external user back-ends
    • Troubleshooting
      • Invalid private key for encryption app
  • Server-side encryption details
    • Key type: master key
    • Key type: public sharing key
    • Key type: recovery key
    • Key type: user key
    • File type: public key file
      • File format
      • File locations
    • File type: private key file
      • File format
      • File locations
    • File type: share key file
      • File format
      • File locations
    • File type: file key file
      • File format
      • File locations
    • File type: file
      • File format
      • File locations
    • Key generation: generate the key pair
    • Key generation: store the public key
    • Key generation: store the private key
      • Derive the encryption key
      • Encrypt the private key
      • Sign the private key
      • Store the private key
    • Encryption: generate the file key
      • Generate the file key
      • Read the public key
      • Encrypt/seal the file key
      • Store the file key
      • Store the envelope keys
    • Encryption: encrypt the file
      • Split the file
      • Encrypt the blocks
      • Sign the blocks
      • Store the file
    • Decryption: read the private key
      • Read the private key file
      • Derive the decryption key
      • Check the signature
      • Decrypt the private key
    • Decryption: read the file key
      • Read the file key
      • Read the envelope key
      • Decrypt/unseal the file key
    • Decryption: decrypt the file
      • Split the file
      • Check the block signatures
      • Decrypt the blocks
    • Sources
  • Server-side encryption migration
    • Encryption format
      • Checking for old files
  • Transactional file locking
  • Previews configuration
    • Parameters
      • Disabling previews:
      • Maximum preview size:
      • Maximum scale factor:
      • JPEG quality setting:
      • Maximum memory for image generation:
  • Controlling file versions and aging
    • Background job
  • Deleted Items (trash bin)
    • Background job
  • File conversion
  • Windows compatible filenames
    • Enabling Windows compatible filenames
      • Using the web interface
      • Using the occ command
    • Consequences
    • Sanitizing invalid filenames
• Flow
  • Flow configuration
  • Files access control
    • Denied access
    • Examples
    • Denying access to folders
    • Prevent uploading of specific files
    • Common misconfigurations
      • Blocking user groups
      • External storage
    • Available rules
  • Automated tagging of files
    • Assigning restricted and invisible tags
    • Example
    • Available rules
    • Executing actions
  • Retention of files
    • Example
    • File age
    • Common misconfigurations
      • Public collaborative tag
• Mimetypes management
  • Mimetype aliases
  • Mimetype mapping
  • Icon retrieval

Apps

• Apps management
  • Apps
  • Managing apps
    • Update notifications
  • Enabling apps via occ command
  • Using private API
  • Using custom app directories
  • Using a self hosted apps store
• ExApps management
  • AppAPI and External Apps
    • Installing AppAPI
    • Setup deploy daemon
      • HaRP
      • Docker Socket Proxy
    • Installing ExApps
    • FAQ
    • Docker Socket Proxy vs HaRP
  • Deployment configurations
    • Docker Deploy Daemon
    • Docker Deploy Daemon (HaRP)
      • Nextcloud and Docker on the same host - with Nextcloud bare metal
      • Nextcloud and Docker on the same host - with Nextcloud in Docker
      • Docker on a remote host - with HaRP container on the local host
      • Nextcloud in AIO and Docker on the same host
    • Docker Deploy Daemon (Docker Socket Proxy)
      • NC & Docker on the Same-Host
      • Docker on a remote host
      • NC & ExApps in the same Docker
      • Nextcloud in Docker AIO (all-in-one)
        • Default AIO Deploy Daemon (Docker Socket Proxy)
        • Docker Socket Proxy security
    • NC to ExApp Communication
  • Managing Deploy Daemons
    • OCC CLI
      • Register
        • Arguments
        • Options
        • Usage Examples
        • DeployConfig
        • DeployConfig options
      • Unregister
      • List registered daemons
    • Nextcloud AIO
    • Additional options
  • Test Deploy Daemon
    • Status Checks
      • Register
      • Image Pull
      • Container Started
      • Heartbeat
      • Init
      • Enabled
    • Download Logs
  • Managing ExApps
    • Register
      • Arguments
      • Options
      • Advanced Deploy Options
    • Unregister
      • Arguments
      • Options
    • Update
      • Arguments
      • Options
    • Enable
    • Disable
    • List ExApps
  • Advanced Deploy Options
    • Environment Variables
    • Mounts
• Artificial Intelligence
  • Overview
    • Overview of AI features
    • Ethical AI Rating
    • Features used by other apps
      • Text processing
        • Frontend apps
        • Backend apps
      • Machine translation
        • Frontend apps
        • Backend apps
      • Speech-To-Text
        • Frontend apps
        • Backend apps
      • Image generation
        • Frontend apps
        • Backend apps
      • Text-To-Speech
        • Frontend apps
        • Backend apps
      • Context Chat
        • Frontend apps
        • Backend apps
        • Provider apps
      • Context Chat Search
        • Frontend apps
        • Backend apps
        • Provider apps
      • Document generation
        • Frontend apps
        • Backend apps
    • Improve AI task pickup speed
      • Screen or tmux session
      • Systemd service
    • Frequently Asked Questions
      • Why is my prompt slow?
  • Nextcloud Assistant
    • Installation
    • App store
    • Repository
    • Related apps
      • Machine translation
      • Speech-To-Text
      • Text processing
      • Text-To-Image
      • Context Chat
      • Context Agent
      • Text-To-Speech
    • Configuration
      • Assistant configuration
      • Task processing
      • Image storage
      • Chat with AI
      • Improve AI task pickup speed
  • App: Local Machine translation 2 (translate2)
    • Requirements
      • Space usage
    • Installation
    • Model Switch
    • App store
    • Repository
    • Ethical AI Rating
      • Rating: 🟢
    • Known Limitations
  • App: Local large language model (llm2)
    • Multilinguality
    • Requirements
    • Installation
      • Supplying alternate models
      • Configuring alternate models
    • Scaling
    • App store
    • Repository
    • Known Limitations
    • Addendum: Running with a fully open model
      • What makes OLMo a fully open model?
      • Limitations
  • App: Local Whisper Speech-To-Text (stt_whisper2)
    • Requirements
    • Installation
      • Supplying alternate models
    • Scaling
    • App store
    • Repository
    • Known Limitations
  • App: Local Image Generation (text2image_stablediffusion2)
    • Requirements
    • Installation
    • Scaling
    • App store
    • Repository
    • Known Limitations
  • App: Recognize
    • Front-end
    • Requirements
      • Disk space usage
    • Installation
    • Scaling
    • App store
    • Repository
    • Known Limitations
    • Ethical AI Rating
      • Rating for Photo object detection: Green
      • Rating for Photo face recognition: Green
      • Rating for Video action recognition: Green
      • Rating Music genre recognition: Yellow
  • App: Context Chat
    • Requirements
      • Space usage
    • Installation
    • Initial loading of data
      • Auto-indexing
      • Synchronous indexing
    • Scaling
    • App store
    • Repository
    • Commands (OCC)
    • Configuration Options
    • Logs
    • Troubleshooting
    • File access control rules not supported
    • Known Limitations
  • App: Context Agent (context_agent)
    • Custom Tools using MCP
    • Requirements
    • Installation
      • Model requirements
    • Using Nextcloud MCP Server
    • Scaling
    • App store
    • Repository
    • Known Limitations
  • App: Summary Bot (Talk chat summarize bot)
    • Requirements
      • Space usage
    • Installation
      • Setup (via App Store)
      • Setup (Manual)
    • Usage
    • App store
    • Repository
    • Ethical AI Rating
    • Known Limitations
  • App: Local Text-To-Speech (text2speech_kokoro)
    • Requirements
    • Installation
    • Scaling
    • App store
    • Repository
    • Known Limitations
  • App: Live Transcription in Nextcloud Talk (live_transcription)
    • Installation
    • App store
    • Repository
  • AI as a Service
    • Installation
    • OpenAI integration
    • IBM watsonx.ai integration
    • Improve performance

Users

• User management
  • User management
    • Creating a new user
    • Reset a user’s password
    • Renaming a user
    • Granting administrator privileges to a user
    • Managing groups
    • Setting Storage quotas
    • Disable and enable users
    • Deleting users
  • Resetting a lost admin password
  • Resetting a user password
  • User password policy
  • Authentication
    • App passwords
      • Automated clean-up
  • Two-factor authentication
    • Enabling two-factor authentication
    • Enforcing two-factor authentication
    • Provider removal
    • Disabling two-factor authentication
  • User authentication with LDAP
    • Configuration
      • Server tab
      • Users tab
      • Login attributes tab
      • Groups tab
    • Advanced settings
      • Connection settings
      • Directory settings
      • Special attributes
      • User Profile attributes
    • Expert settings
    • Testing the configuration
    • Additional configuration options via occ
      • Attribute update interval
      • Administrative Group mapping
    • Nextcloud avatar integration
      • Use a specific attribute or turn off loading of images
    • Troubleshooting, tips and tricks
      • Logging
      • SSL certificate verification (LDAPS, TLS)
      • Microsoft Active Directory
      • memberOf / read memberof permissions
      • User listing and login per nested groups
      • Duplicating server configurations
    • Nextcloud LDAP internals
      • User and group mapping
      • Caching
      • Handling with backup server
    • Note
  • LDAP user cleanup
    • Deleting local Nextcloud users
  • The LDAP configuration API
    • Creating a configuration
      • Example
      • XML output
    • Deleting a configuration
      • Example
      • XML output
    • Reading a configuration
      • Example
      • XML output
    • Modifying a configuration
      • Example
      • XML output
    • Configuration keys
  • User provisioning API
    • Instruction set for users
      • Add a new user
        • Example
        • XML output
      • Search/get users
        • Example
        • XML output
      • Get data of a single user
        • Example
        • XML output
      • Edit data of a single user
        • Examples
        • XML output
      • List of editable data fields
        • Examples
        • XML output
      • Disable a user
        • Example
        • XML output
      • Enable a user
        • Example
        • XML output
      • Delete a user
        • Example
        • XML output
      • Get user’s groups
        • Example
        • XML output
      • Add user to group
        • Example
        • XML output
      • Remove user from group
        • Example
        • XML output
      • Promote user to subadmin
        • Example
        • XML output
      • Demote user from subadmin
        • Example
        • XML output
      • Get user’s subadmin groups
        • Example
        • XML output
      • Resend the welcome email
        • Example
        • XML output
    • Instruction set for groups
      • Search/get groups
        • Example
        • XML output
      • Create a group
        • Example
        • XML output
      • Get members of a group
        • Example
        • XML output
      • Get subadmins of a group
        • Example
        • XML output
      • Edit data of a single group
        • Examples
        • XML output
      • Delete a group
        • Example
        • XML output
    • Instruction set for apps
      • Get list of apps
        • Example
        • XML output
      • Get app info
        • Example
        • XML output
      • Enable an app
        • Example
        • XML output
      • Disable an app
        • Example
        • XML output
  • Profile configuration
    • Configuration
    • Property scopes
  • User authentication with OpenID Connect
    • Authentication in Nextcloud
    • Using Nextcloud as an identity provider
    • Bearer token validation
• Desktop Clients
  • Options
  • Mass Deployment And Account Creation
  • Configuration File
  • Environment Variables
    • Low Disk Space
  • Command Line Client
    • Install nextcloudcmd
    • Credential Handling
    • Exclude List
    • Example
  • Command-line Account Setup
  • Troubleshooting
    • Identifying Basic Functionality Problems
    • “CSync unknown error”
    • “Connection closed” message when syncing files
    • Connection issues with the macOS client on “insecure” connections
    • Isolating other issues
    • Log Files
      • Obtaining the Client Log File
      • Create Debug Archive
      • Keyboard shortcut
      • Command line
      • Config file
      • Nextcloud server Log File
      • Webserver Log Files
    • Core Dumps

Groupware

• Groupware
  • Calendar / CalDAV
    • Calendar server settings
    • Events
      • Hide export buttons
    • Invitations
    • Birthday calendar
    • Reminder notifications
      • Background jobs
    • Event alarm types
    • FreeBusy
    • Subscriptions
      • Custom public calendars
      • Refresh rate
      • Allow subscriptions on local network
    • Trash bin
    • Resources and rooms
      • Known backends
    • Rate limits
    • Example event
  • Contacts / CardDAV
    • System Address Book
      • Command Line
      • Administration interface
      • Privacy and User Property Scopes
      • Address Book Sync
    • Shared items
    • Rate limits
    • Example contact
  • Mail
    • Account delegation
    • Snooze and scheduled sending
    • XOAUTH2 Authentication with Microsoft Azure AD
      • Step 1: Open the Azure AD Dashboard
      • Step 2: Create a new app registration
      • Step 3: Copy the client ID
      • Step 4: Create a new client secret
      • Step 5: Copy the client secret
      • Step 6: Configure Nextcloud
      • Step 7: Connect Microsoft Outlook accounts
    • Mailbox Share
    • User Interface Preference Defaults
    • LLM Processing
    • Thread Summary
    • Follow-up reminders
    • Translation
  • Out-of-office feature
  • Troubleshooting
    • Calendar
      • Missing Shared Calendars

Office

• Office
  • Installation
  • Configuration
    • Nextcloud Office App Settings
      • Collabora Online Server
      • Restrict usage to specific groups
      • Restrict edit to specific groups
      • Use OOXML by default for new files
      • Enable access for external apps
      • Canonical webroot
    • Additional configuration options
      • Previews
      • Custom fonts
      • Secure view settings
      • Wopi settings
  • Migration from Collabora Online
    • Update the reverse proxy configuration
    • Upgrade distribution packages
    • Upgrade the docker image
  • Troubleshooting
    • Frequently asked questions

Maintenance

• Maintenance
  • Backup
    • Maintenance mode
    • Backup folders
    • Backup database
      • MySQL/MariaDB
      • SQLite
      • PostgreSQL
  • Restoring backup
    • Restore folders
    • Restore database
      • MySQL
      • PostgreSQL
    • Restoring
      • MySQL
      • SQLite
      • PostgreSQL
    • Synchronising with clients after data recovery
  • How to upgrade
    • Overview
    • Approaching Upgrades
    • Update notifications
    • Prerequisites
    • Maintenance mode
    • Manual steps during upgrade
      • Long running migration steps
  • Upgrade via built-in updater
    • What does the updater do?
    • Using the web based updater
    • Using the command line based updater
    • Batch mode for command line based updater
    • Troubleshooting
  • Upgrade manually
    • Overview
    • Step-by-Step Manual Upgrade
    • Previous Nextcloud releases
    • Troubleshooting
  • Upgrade via snap packages
    • Upgrade quickstart
    • Installation
    • 1st login
    • Upgrade tips
  • Migrating to a different server
  • Migrating from ownCloud
• Issues and troubleshooting
  • General troubleshooting
    • Bugs
    • General troubleshooting
      • Disable 3rdparty / non-shipped apps
      • Internal Server Errors
      • Nextcloud log files
      • PHP version and information
      • Debugging sync issues
      • Common problems / error messages
    • Troubleshooting Web server and PHP problems
      • Logfiles
      • Web server and PHP modules
    • Troubleshooting WebDAV
    • Service discovery
    • Troubleshooting sharing
      • Users’ Federated Cloud IDs not updated after a domain name change
    • Troubleshooting file encoding on external storages
    • Troubleshooting contacts & calendar
      • Unable to update contacts or events
    • Troubleshooting data-directory
    • Troubleshooting quota or size issues
    • Troubleshooting downloading or decrypting files
      • Bad signature error
      • Encryption key cannot be found
      • Encryption key cannot be found with external storage or group folders
    • Fair Use Policy
    • Other issues
  • Patching Nextcloud
    • Applying a patch
      • Patching server
      • Patching apps
    • Reverting a patch
    • Getting a patch from a GitHub pull request
  • Code signing
    • FAQ
      • Why did Nextcloud add code signing?
      • Do we lock down Nextcloud?
      • Not open source anymore?
      • Is code signing mandatory for apps?
    • Fixing invalid code integrity messages
    • Rescans
    • Errors