Table of contents
Getting Started
Release notes
Installation
- Installation and server configuration
- System requirements
- Deployment recommendations
- Preparing PHP
- PHP Installation
- Required PHP Modules
- Required PHP Database Connectors
- Recommended General PHP Modules
- Recommended PHP Caching Modules
- Recommended PHP CLI Modules
- PHP Modules for Media Management
- PHP Modules for Specific Applications
- PHP ini Settings
- Notes on PHP ini Configuration
- PHP Module Quick Reference Table
- Further Resources
- Installation on Linux
- Prerequisites for manual installation
- Apache Web server configuration
- Pretty URLs
- Enabling SSL
- Installation wizard
- Setting up background jobs
- SELinux configuration tips
- PHP-FPM configuration
- Other Web servers
- Installing on Windows (virtual machine)
- Installing via Snap packages
- Installation via web installer on a VPS or web space
- Installation on TrueNAS
- Installation via install script
- Installation wizard
- Installing from command line
- SELinux configuration
- Enable updates via the web interface
- Disallow write access to the whole web directory
- Allow access to a remote database
- Allow access to LDAP server
- Allow access to remote network
- Allow access to network memcache
- Allow access to SMTP/sendmail
- Allow access to CIFS/SMB
- Allow access to FuseFS
- Allow access to GPG for Rainloop
- Troubleshooting
- NGINX configuration
- Hardening and security guidance
- Server tuning
- Example installation on Ubuntu 22.04 LTS
- Example installation on CentOS 8
- Example installation on OpenBSD
- Uninstallation
- Database configuration
Configuration
- Nextcloud configuration
- Warnings on admin page
- Cache warnings
- Transactional file locking is disabled
- You are accessing this site via HTTP
- The test with getenv("PATH") only returns an empty response
- The “Strict-Transport-Security” HTTP header is not configured
- /dev/urandom is not readable by PHP
- Your Web server is not yet set up properly to allow file synchronization
- Outdated NSS / OpenSSL version
- Your Web server is not set up properly to resolve /.well-known/caldav/ or /.well-known/carddav/
- Some files have not passed the integrity check
- Your database does not run with “READ COMMITTED” transaction isolation level
- Configuration Parameters
- Introduction
- Loading
- Format
- Modifying
- Defaults
- Multiple/Merged Configuration Files
- Examples
- Default Parameters
- User Experience
- User session
- remember_login_cookie_lifetime
- session_lifetime
- davstorage.request_timeout
- carddav_sync_request_timeout
- carddav_sync_request_truncation
- session_relaxed_expiry
- session_keepalive
- auto_logout
- token_auth_enforced
- token_auth_activity_update
- auth.bruteforce.protection.enabled
- auth.bruteforce.protection.force.database
- auth.bruteforce.protection.testing
- auth.bruteforce.max-attempts
- ratelimit.protection.enabled
- security.ipv6_normalized_subnet_size
- auth.webauthn.enabled
- auth.storeCryptedPassword
- hide_login_form
- lost_password_link
- logo_url
- Mail Parameters
- Proxy Configurations
- Deleted Items (trash bin)
- File versions
- Nextcloud Verifications
- Logging
- log_type
- log_type_audit
- logfile
- logfile_audit
- logfilemode
- loglevel
- loglevel_frontend
- loglevel_dirty_database_queries
- syslog_tag
- syslog_tag_audit
- log.condition
- log.backtrace
- logdateformat
- logtimezone
- log_query
- log_rotate_size
- profiler
- profiling.request
- profiling.request.rate
- profiling.secret
- profiling.sample
- profiling.sample.rate
- profiling.sample.rotation
- profiling.path
- Alternate Code Locations
- Apps
- Previews
- enable_previews
- preview_concurrency_all
- preview_concurrency_new
- preview_max_x
- preview_max_y
- preview_max_filesize_image
- preview_max_memory
- preview_libreoffice_path
- preview_ffmpeg_path
- preview_ffprobe_path
- preview_imaginary_url
- preview_imaginary_key
- enabledPreviewProviders
- metadata_max_filesize
- max_file_conversion_filesize
- LDAP
- Comments
- Maintenance
- SSL
- Memory caching backend configuration
- Using Object Store with Nextcloud
- Sharing
- sharing.managerFactory
- sharing.enable_mail_link_password_expiration
- sharing.mail_link_password_expiration_interval
- sharing.maxAutocompleteResults
- sharing.minSearchStringLength
- sharing.enable_share_accept
- sharing.force_share_accept
- sharing.allow_custom_share_folder
- share_folder
- sharing.enable_share_mail
- sharing.allow_disabled_password_enforcement_groups
- transferIncomingShares
- Federated Cloud Sharing
- Hashing
- All other configuration options
- dbdriveroptions
- sqlite.journal_mode
- mysql.utf8mb4
- mysql.collation
- supportedDatabases
- tempdirectory
- updatedirectory
- forbidden_filenames
- forbidden_filename_basenames
- forbidden_filename_characters
- forbidden_filename_extensions
- theme
- enforce_theme
- theming.standalone_window.enabled
- cipher
- encryption.use_legacy_base64_encoding
- minimum.supported.desktop.version
- maximum.supported.desktop.version
- localstorage.allowsymlinks
- localstorage.umask
- localstorage.unlink_on_truncate
- quota_include_external_storage
- external_storage.auth_availability_delay
- files_external_allow_create_new_local
- filesystem_check_changes
- part_file_in_storage
- mount_file
- filesystem_cache_readonly
- trusted_proxies
- forwarded_for_headers
- allowed_admin_ranges
- max_filesize_animated_gifs_public_sharing
- filelocking.ttl
- memcache.locking
- filelocking.debug
- upgrade.disable-web
- upgrade.cli-upgrade-link
- user_ini_additional_lines
- documentation_url.server_logs
- debug
- data-fingerprint
- copied_sample_config
- lookup_server
- gs.enabled
- gs.federation
- csrf.optout
- core.login_flow_v2.allowed_user_agents
- simpleSignUpLink.shown
- login_form_autocomplete
- login_form_timeout
- no_unsupported_browser_warning
- files_no_background_scan
- query_log_file
- query_log_file_requestid
- query_log_file_parameters
- query_log_file_backtrace
- redis_log_file
- diagnostics.logging
- diagnostics.logging.threshold
- profile.enabled
- account_manager.default_property_scope
- projects.enabled
- bulkupload.enabled
- reference_opengraph
- unified_search.enabled
- enable_non-accessible_features
- binary_search_paths
- files.chunked_upload.max_size
- files.chunked_upload.max_parallel_count
- files.trash.delete
- enable_lazy_objects
- App config options
- Activity app
- Administration privileges (Delegation)
- Android Deep Link Handling
- Antivirus scanner
- Automatic setup
- Background jobs
- Brute force protection
- Memory caching
- Dashboard app
- Domain Change
- Email
- Mail Providers
- Configuring an SMTP server
- Configuring Sendmail/qmail
- Using email templates
- Setting mail server parameters in config.php
- Send a test email
- Troubleshooting
- Enabling debug mode
- Why is my web domain different from my mail domain?
- How can I find out if an SMTP server is reachable?
- How can I find out if the SMTP server is listening on a specific TCP port?
- How can I determine if the SMTP server supports the SMTPS protocol?
- How can I determine what authorization and encryption protocols the mail server supports?
- How can I send mail using self-signed certificates or use STARTTLS with self signed certificates?
- All emails keep getting rejected even though only one email address is invalid.
- Linking external sites
- Language & Locale
- Logging
- OAuth2
- Reverse proxy
- Text app
- Theming
- Warnings on admin page
- Using the occ command
- occ command Directory
- Run occ as your HTTP user
- Enabling autocompletion
- Run commands in maintenance mode
- Apps commands
- Background jobs selector
- Config commands
- Dav commands
- Database conversion
- Add missing indices
- Encryption
- Federation sync
- File operations
- Files Sharing
- Files external
- Integrity check
- l10n, create JavaScript translation files for apps
- LDAP commands
- Logging commands
- Maintenance commands
- Security
- Status
- Trashbin
- User commands
- Group commands
- Versions
- Command line installation
- Command line upgrade
- Two-factor authentication
- Disable users
- System Tags
- Antivirus
- Setupchecks
- Share operations
- Debugging
- Reference management
- Webhook Listeners
- Windmill Workflows
Files
- File sharing and management
- File Sharing
- Configuring Federation Sharing
- Uploading big files > 512MB
- Providing default files
- Configuring Object Storage as Primary Storage
- Configuring External Storage (GUI)
- External Storage authentication mechanisms
- Server-side encryption configuration
- Server-side encryption details
- Key type: master key
- Key type: public sharing key
- Key type: recovery key
- Key type: user key
- File type: public key file
- File type: private key file
- File type: share key file
- File type: file key file
- File type: file
- Key generation: generate the key pair
- Key generation: store the public key
- Key generation: store the private key
- Encryption: generate the file key
- Encryption: encrypt the file
- Decryption: read the private key
- Decryption: read the file key
- Decryption: decrypt the file
- Sources
- Server-side encryption migration
- Transactional file locking
- Previews configuration
- Controlling file versions and aging
- Deleted Items (trash bin)
- File conversion
- Windows compatible filenames
- Flow
- Mimetypes management
Apps
- Apps management
- ExApps management
- Artificial Intelligence
- Overview
- Nextcloud Assistant
- App: Local Machine translation 2 (translate2)
- App: Local large language model (llm2)
- App: Local Whisper Speech-To-Text (stt_whisper2)
- App: Local Image Generation (text2image_stablediffusion2)
- App: Recognize
- App: Context Chat
- App: Context Agent (context_agent)
- App: Summary Bot (Talk chat summarize bot)
- App: Local Text-To-Speech (text2speech_kokoro)
- App: Live Transcription in Nextcloud Talk (live_transcription)
- AI as a Service
Users
- User management
- User management
- Resetting a lost admin password
- Resetting a user password
- User password policy
- Authentication
- Two-factor authentication
- User authentication with LDAP
- LDAP user cleanup
- The LDAP configuration API
- User provisioning API
- Instruction set for users
- Add a new user
- Search/get users
- Get data of a single user
- Edit data of a single user
- List of editable data fields
- Disable a user
- Enable a user
- Delete a user
- Get user’s groups
- Add user to group
- Remove user from group
- Promote user to subadmin
- Demote user from subadmin
- Get user’s subadmin groups
- Resend the welcome email
- Instruction set for groups
- Instruction set for apps
- Instruction set for users
- Profile configuration
- User authentication with OpenID Connect
- Desktop Clients
- Options
- Mass Deployment And Account Creation
- Configuration File
- Environment Variables
- Command Line Client
- Command-line Account Setup
- Troubleshooting
Groupware
- Groupware
- Calendar / CalDAV
- Contacts / CardDAV
- Out-of-office feature
- Troubleshooting
Maintenance
- Maintenance
- Issues and troubleshooting
- General troubleshooting
- Bugs
- General troubleshooting
- Troubleshooting Web server and PHP problems
- Troubleshooting WebDAV
- Service discovery
- Troubleshooting sharing
- Troubleshooting file encoding on external storages
- Troubleshooting contacts & calendar
- Troubleshooting data-directory
- Troubleshooting quota or size issues
- Troubleshooting downloading or decrypting files
- Fair Use Policy
- Other issues
- Patching Nextcloud
- Code signing
- General troubleshooting