- In this tutorial we're going to cover how you can install an .onion only Nextcloud instance, it is a FOSS software meant to replace popular websites like google drive, which can be ideal to make sure that your files are backed up somewhere, all while preserving anonymity.
- -So for this tutorial we're going to go with a Debian server to install nextcloud via snap:
-
-su -
-apt update -y
-
-apt install snapd sudo curl mlocate nginx -y
-/sbin/usermod -aG sudo [NAME OF THE NON-PRIVILEGED USER]
-/sbin/ufw enable
-snap install core
-
-Using snap, installing nextcloud is fairly simple:
-
-snap install nextcloud
-
-ip a | grep inet
-curl ifconfig.me
-
-you can verify that the nextcloud server works by going at the ip adress of the server http://server_ip/ where you'll create the administrator account.
-
-Once that's done you should have access to your nextcloud instance, but instead of accessing it through the ip address, we'll set it up in such a way that we can access it through an .onion domain name.
-So we follow this tutorial to have our own custom .domain name:
-
-[ Wonderland ] [ /dev/pts/3 ] [~]
-→ cat /etc/tor/torrc
-
-HiddenServiceDir /var/lib/tor/onions/nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/
-HiddenServicePort 80 127.0.0.1:4443
-SocksPort 127.0.0.1:9050
-
-[ Wonderland ] [ /dev/pts/3 ] [~]
-→ systemctl restart tor@default
-
-Then we setup a reverse nginx proxy to make sure that the onion requests get redirected to the correct IP:
-
-[ Wonderland ] [ /dev/pts/3 ] [~]
-→ rm /etc/nginx/sites-*/default
-
-[ Wonderland ] [ /dev/pts/3 ] [~]
-→ cat /etc/nginx/sites-available/cloud.conf
-upstream cloudbackend {
- server 192.168.100.130:80;
-}
-
-server {
- ######## TOR WEBSITE ########
- listen 4443;
- listen [::]:4443;
- server_name cloud.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion;
-
- location / {
- proxy_pass http://cloudbackend;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "Upgrade";
- client_max_body_size 20G;
- }
-}
-
-[ Wonderland ] [ /dev/pts/3 ] [~]
-→ ln -s /etc/nginx/sites-available/cloud.conf /etc/nginx/sites-enabled/
-
-[ Wonderland ] [ /dev/pts/3 ] [~]
-→ nginx -s reload
-
-Now that we have the domain name pointing to the public ip address of the nextcloud server, we can setup the https certificate using let'sencrypt, just - ssh into your server once more and run the following commands:
-
-[ Wonderland ] [ /dev/pts/3 ] [~]
-→ /var/snap/nextcloud/common/nextcloud/data# PATH=$PATH:/snap/bin/
-
-[ Wonderland ] [ /dev/pts/3 ] [~]
-→ /var/snap/nextcloud/common/nextcloud/data# which nextcloud.occ
-
-[ Wonderland ] [ /dev/pts/3 ] [~]
-→ /snap/bin/nextcloud.occ
-
-
-[ Wonderland ] [ /dev/pts/3 ] [~]
-→ /snap/bin/nextcloud.disable-https
-
-[ Wonderland ] [ /dev/pts/3 ] [~]
-→ /snap/bin/nextcloud.occ config:system:set trusted_domains 1 --value=cloud.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion
-
-[ Wonderland ] [ /dev/pts/3 ] [~]
-→ /snap/bin/nextcloud.occ config:system:set overwritehost --value="cloud.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion"
-
-[ Wonderland ] [ /dev/pts/3 ] [~]
-→ /snap/bin/nextcloud.occ config:system:set overwriteprotocol --value="http"
-
-And once that's done, you can access your nextcloud instance from your onion domain:
-
-In order to upgrade your nextcloud, you can run the following, and also add it to cron to run automatically every day at midnight:
-
-root@cloud:~# sudo snap refresh nextcloud
-snap "nextcloud" has no updates available
-
-root@cloud:~# crontab -e
-
-[...]
-
-0 0 * * * /usr/bin/snap refresh nextcloud
-
-:wq
-
-
---2022-12-17 20:34:07-- https://github.com/cronitorio/cronitor-cli/releases/download/28.8/linux_amd64.tar.gz
-Resolving github.com (github.com)... 140.82.121.3
-Connecting to github.com (github.com)|140.82.121.3|:443... connected.
-HTTP request sent, awaiting response... 302 Found
-Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/274548350/682877d8-1d52-4029-9777-425f3da0f77c?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221217%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221217T193407Z&X-Amz-Expires=300&X-Amz-Signature=1bf21514b0120917047558bc2d6de9d2f900d34dba04cfd3d30838b59ae4701e&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=274548350&response-content-disposition=attachment%3B%20filename%3Dlinux_amd64.tar.gz&response-content-type=application%2Foctet-stream [following]
---2022-12-17 20:34:07-- https://objects.githubusercontent.com/github-production-release-asset-2e65be/274548350/682877d8-1d52-4029-9777-425f3da0f77c?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221217%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221217T193407Z&X-Amz-Expires=300&X-Amz-Signature=1bf21514b0120917047558bc2d6de9d2f900d34dba04cfd3d30838b59ae4701e&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=274548350&response-content-disposition=attachment%3B%20filename%3Dlinux_amd64.tar.gz&response-content-type=application%2Foctet-stream
-Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.110.133, 185.199.108.133, 185.199.109.133, ...
-Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.110.133|:443... connected.
-HTTP request sent, awaiting response... 200 OK
-Length: 6326130 (6.0M) [application/octet-stream]
-Saving to: ‘linux_amd64.tar.gz’
-
-linux_amd64.tar.gz 100%[===========================================================================================================================================>] 6.03M 6.47MB/s in 0.9s
-
-2022-12-17 20:34:09 (6.47 MB/s) - ‘linux_amd64.tar.gz’ saved [6326130/6326130]
-
-root@cloud:~# sudo tar xvf linux_amd64.tar.gz -C /usr/bin/
-cronitor
-root@cloud:~# sudo cronitor configure --api-key 1234567890
-
-Configuration File:
-/etc/cronitor/cronitor.json
-
-Version:
-28.8
-
-API Key:
-1234567890
-
-Ping API Key:
-Not Set
-
-Environment:
-Not Set
-
-Hostname:
-cloud
-
-Timezone Location:
-{Europe/Paris}
-
-Debug Log:
-Off
-root@cloud:~# cronitor select
-
-✔ /usr/bin/snap refresh nextcloud
-----► Running command: /usr/bin/snap refresh nextcloud
-
-snap "nextcloud" has no updates available
-
-----► ✔ Command successful Elapsed time 0.451s
-Now you can install the official nextcloud client here
-
-[ cloud ] [ /dev/pts/1 ] [/snap/bin]
-→ apt install tor nextcloud-desktop -y
-
-
-Here as you try to login you'll first see that it can't resolve the .onion domain, which is normal as you need to tell nextcloud to use the local tor socks5 proxy, available on 127.0.01:9050
-
-Afterward, you need to copy the authorization link into the tor browser to validate the request:
-
-
-
-Once you have granted access, you can start to sync your nextcloud instance files locally:
-
-
-Once logged in you can check the progress in the system tray:
-
-Then let it sync, it can take a while due to the low bandwidth of Tor.
-
-And that's it ! You now have a local folder that is synchronized with your nextcloud instance.
-
-
- RSS Feed
SimpleX Chat
-
-
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
Contact: nihilist@contact.nowhere.moe (PGP)
-
- In this tutorial we're going to cover how you can install an .onion only Nextcloud instance, it is a FOSS software meant to replace popular websites like google drive, which can be ideal to make sure that your files are backed up somewhere, all while preserving anonymity.
+ Previous Page
+ In this tutorial we're going to cover how you can install an .onion only Nextcloud instance, Nextcloud is a FOSS alternative to replace popular file hosting websites like google cloud or onedrive, which can be ideal to make sure that your files are backed up somewhere, all while preserving anonymity. I recommend self-hosting this service at home, that way you make sure that your personal data stays at your home, rather than making it readable by an adversary on a remote server.
+Nextcloud is an indispensable tool for productivity, as you're going to see:
+
+What we are trying to achieve here, is a setup where we can have a single folder synchronized on multiple devices, so that any change done from any of those devices, to that same folder, gets to be automatically shared and synchronized accross all of the other devices aswell. And of course, we're going to achieve that while maintaining our anonymity, by routing all traffic through Tor.
follow the other tutorial that talks about how to setup a .onion domain here: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/torwebsite/index.html
-Then just install nextcloud... wait a bit, and then check if it worked
-
-Boom that worked!
+So to install nextcloud we're going to use docker-compose as follows:
+
+[ Wonderland ] [ /dev/pts/9 ] [/srv/nextcloud]
+→ apt install docker.io docker-compose -y
+
+[ Wonderland ] [ /dev/pts/9 ] [/srv/nextcloud]
+→ vim docker-compose.yml
+
+[ Wonderland ] [ /dev/pts/9 ] [/srv/nextcloud]
+→ cat docker-compose.yml
+services:
+ db:
+ image: mariadb:latest
+ restart: always
+ command: --transaction-isolation=READ-COMMITTED
+ volumes:
+ - db:/var/lib/mysql
+ environment:
+ - MYSQL_ROOT_PASSWORD=P@SSW0RD
+ - MYSQL_PASSWORD=P@SSW0RD
+ - MYSQL_DATABASE=nextcloud
+ - MYSQL_USER=nextcloud
+
+ redis:
+ image: redis:alpine
+ restart: always
+
+ app:
+ image: nextcloud:latest
+ restart: always
+ ports:
+ - 127.0.0.1:9639:80
+ depends_on:
+ - redis
+ - db
+ volumes:
+ - nextcloud:/var/www/html
+ environment:
+ - MYSQL_PASSWORD=P@SSW0RD
+ - MYSQL_DATABASE=nextcloud
+ - MYSQL_USER=nextcloud
+ - MYSQL_HOST=db
+ - NEXTCLOUD_TRUSTED_DOMAINS=nxtcloud.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion
+ - OVERWRITEHOSTPROTOCOL=http
+ - OVERWRITEHOST=nxtcloud.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion
+
+volumes:
+ nextcloud:
+ db:
+
+Don't forget to replace the "P@SSW0RD" with a password of your own, and that docker-compose.yaml will expose the nextcloud service on local port 9639, so let's run docker-compose up -d to run the service:
+ +
+[ Wonderland ] [ /dev/pts/9 ] [/srv/nextcloud]
+→ docker-compose up -d
+Starting nextcloud_redis_1 ... done
+Starting nextcloud_db_1 ... done
+Starting nextcloud_app_1 ... done
+Then we also setup the torrc config to make sure that our nextcloud instance also goes through tor for every external connections it has to make:
+
+[ Wonderland ] [ /dev/pts/10 ] [/srv/nextcloud]
+→ cd tor-data
+
+[ Wonderland ] [ /dev/pts/10 ] [/srv/nextcloud/tor-data]
+→ ls
+torrc
+
+[ Wonderland ] [ /dev/pts/10 ] [/srv/nextcloud/tor-data]
+→ vim torrc/torrc
+
+[ Wonderland ] [ /dev/pts/10 ] [/srv/nextcloud/tor-data]
+→ cat torrc/torrc
+ SOCKSPort 0.0.0.0:9050
+
+Then we setup the nginx config to be able to access the nextcloud service accordingly:
+
+[ Wonderland ] [ /dev/pts/9 ] [/srv/nextcloud]
+→ vim /etc/nginx/sites-available/nxtcloud.conf
+
+[ Wonderland ] [ /dev/pts/10 ] [/srv/nextcloud/tor-data]
+→ cat /etc/nginx/sites-available/nxtcloud.conf
+upstream nxtcloudbackend {
+ server 127.0.0.1:9639;
+}
+
+server {
+ ######## TOR WEBSITE ########
+ listen 4443;
+ listen [::]:4443;
+ server_name nxtcloud.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion;
+
+ location / {
+ proxy_pass http://nxtcloudbackend;
+ proxy_headers_hash_max_size 512;
+ proxy_headers_hash_bucket_size 64;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ #proxy_http_version 1.1;
+ #proxy_set_header Upgrade $http_upgrade;
+ #proxy_set_header Connection "Upgrade";
+ client_max_body_size 20G;
+ }
+}
+
+[ Wonderland ] [ /dev/pts/9 ] [/srv/nextcloud]
+→ ln -s /etc/nginx/sites-available/nxtcloud.conf /etc/nginx/sites-enabled
+
+[ Wonderland ] [ /dev/pts/9 ] [/srv/nextcloud]
+→ nginx -t
+nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
+nginx: configuration file /etc/nginx/nginx.conf test is successful
+
+[ Wonderland ] [ /dev/pts/9 ] [/srv/nextcloud]
+→ nginx -s reload
+2025/03/26 09:46:30 [notice] 2097639#2097639: signal process started
+
+Make sure that you follow this tutorial to know how to have your own custom onion domain name:
+ +
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ cat /etc/tor/torrc
+
+HiddenServiceDir /var/lib/tor/onions/nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/
+HiddenServicePort 80 127.0.0.1:4443
+SocksPort 127.0.0.1:9050
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ systemctl restart tor@default
+
+then you can proceed with accessing your nextcloud instance:
+
+
+
+
+
+
+Then here we can edit the nextcloud appearance aswell:
+
+
+So when you want to login, it'll look like that:
+
+Once logged in, you can drag and drop files from your computer directly into the nextcloud web interface:
+
+And that's it! You now have a nextcloud instance working via .onion to easily save your files remotely.
Now that we have the domain name pointing to the public ip address of the nextcloud server,just - ssh into your server once more and run the following commands: do some stuff to make it work, idk man
-
-[ Wonderland ] [ /dev/pts/3 ] [~]
-→ /var/snap/nextcloud/common/nextcloud/data# PATH=$PATH:/snap/bin/
-
-derland ] [ /dev/pts/3 ] [~]
-r/snap/nextcloud/common/nextcloud/data# which ne
-derland ] [ /dev/pts/3 ] [~]
-ap/bin/nextcloud.occ config:system:set overwritep"
-
-In order to upgrade your nextcloud, you can run the following docker-compose commands, and also add it to cron to run automatically every day at midnight:
-root@cloud:~# sudo snap refresh nextcloud
-snap "nextcloud" has no updates available
+[ Wonderland ] [ /dev/pts/9 ] [/srv/nextcloud]
+→ docker-compose -f /srv/nextcloud/docker-compose.yml pull ; docker-compose -f /srv/nextcloud/docker-compose.yml restart
-root@cloud:~# crontab -e
+Pulling db ... done
+Pulling redis ... done
+Pulling app ... done
+Pulling tor-nxtcld ... done
+Restarting tor-nxtcld ... done
+Restarting nextcloud_app_1 ... done
+Restarting nextcloud_redis_1 ... done
+Restarting nextcloud_db_1 ... done
-[...]
+[ Wonderland ] [ /dev/pts/9 ] [/srv/nextcloud]
+→ crontab -e
-0 0 * * * /usr/bin/snap refresh nextcloud
+#nextcloud
+@daily docker-compose -f /srv/nextcloud/docker-compose.yml pull ; docker-compose -f /srv/nextcloud/docker-compose.yml restart
:wq
-
-
---2022-12-17 20:34:07-- https://github.com/cronitorio/cronitor-cli/releases/download/28.8/linux_amd64.tar.gz
-Resolving github.com (github.com)... 140.82.121.3
-Connecting to github.com (github.com)|140.82.121.3|:443... connected.
-HTTP request sent, awaiting response... 302 Found
-Location: https://objects.githu1217%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221217T193407Z&X-Amz-Expires=300&X-Amz-Signature=1bf21514b0120917047558bc2d6de9d2f900d34dba04cfd3d30838b59ae4701e&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=274548350&response-content-disposition=attachment%3B%20filename%3Dlinux_amd64.tar.gz&response-content-type=application%2Foctet-stream [following]
---2022-12-17 20:34:07-- https:CSVEH53A%2F20221217%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221217T193407Z&X-Amz-Expires=300&X-Amz-Signature=1bf21514b0120917047558bc2d6de9d2f900d34dba04cfd3d30838b59ae4701e&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=274548350&response-content-disposition=attachment%3B%20filename%3Dlinux_amd64.tar.gz&response-content-type=application%2Foctet-stream
-Resolving objects.githubusercon
-Connecting to objects.githubuse
-HTTP request sent, awaiting res
-Length: 6326130 (6.0M) [applica
-Saving to: ‘linux_amd64.tar.gz’
-
-linux_amd64.tar.gz 100%[===========================================================================================================================================>] 6.03M 6.47MB/s in 0.9s
-
-2022-12-17 20:34:09 (6.47 MB/s) - ‘linux_amd64.tar.gz’ saved [6326130/6326130]
-
-root@cloud:~# sudo tar xvf linux_amd64.tar.gz -C /usr/bin/
-cronitor
-root@cloud:~# sudo cronitor configure --api-key 1234567890
-
-Configuration File:
-/etc/cronitor/cronitor.json
-Off
-root@cloud:~# cronitor select
-
-✔ /usr/bin/snap refresh nextcloud
-extcloud
-
-
-
-51s
Now you can install the official nextcloud client here
-
-And that's it ! You now have a local folder that is synchronized with your nextcloud instance.
-cya next time
+Now to avoid having to always open the web browser to send and download files from your nextcloud instance, you can use the nextcloud desktop application, which will synchronize the nextcloud folders you want locally, as you'll see this is VERY convenient:
+
+[ cloud ] [ /dev/pts/1 ] [/snap/bin]
+→ apt install tor nextcloud-desktop -y
+
+Here as you try to login you'll first see that it can't resolve the .onion domain, which is normal as you need to tell nextcloud to use the local tor socks5 proxy, available on 127.0.01:9050
+
+Afterward, you need to copy the authorization link into the tor browser to validate the request:
+
+
+Once you have granted access, you can start to sync your nextcloud instance files locally:
+
+
+Once logged in you can check the progress in the system tray:
+
+Then let it sync, it can take a while due to the low bandwidth of Tor.
+
+And that's it ! You now have a local folder that is synchronized with your nextcloud instance, that you can browse locally to find the files we uploaded earlier:
+
+[ Mainpc-PrivateVM-Debian12 ] [ /dev/pts/32 ] [~]
+→ ls -lash ~/NXTCLOUDTEST
+total 7.3M
+4.0K drwxr-xr-x 5 nihilist nihilist 4.0K Mar 26 11:05 .
+4.0K drwx------ 51 nihilist nihilist 4.0K Mar 26 11:08 ..
+1.7M -rw-r--r-- 1 nihilist nihilist 1.7M Feb 11 2024 1636794560654-0.jpg
+324K -rw-r--r-- 1 nihilist nihilist 324K Feb 11 2024 1637121021316-0.jpg
+772K -rw-r--r-- 1 nihilist nihilist 772K Feb 11 2024 1637722778473-0.jpg
+476K -rw-r--r-- 1 nihilist nihilist 473K Feb 11 2024 1637722778473-1.jpg
+112K -rw-r--r-- 1 nihilist nihilist 111K Jul 13 2024 alice.jpg
+444K -rw-r--r-- 1 nihilist nihilist 444K Feb 6 18:22 appart.png
+836K -rw-r--r-- 1 nihilist nihilist 833K Aug 9 2024 bitcoinispartofthesystemneo.png
+100K -rw-r--r-- 1 nihilist nihilist 99K Dec 15 10:19 bunker.jpg
+ 88K -rw-r--r-- 1 nihilist nihilist 87K Jul 13 2024 catclock.gif
+ 0 -rw-r--r-- 1 nihilist nihilist 0 Mar 26 11:04 .nextcloudsync.log
+4.0K drwxr-xr-x 3 nihilist nihilist 4.0K Mar 26 10:51 nowhere-logos
+4.0K drwxr-xr-x 2 nihilist nihilist 4.0K Mar 26 10:52 PAPES
+4.0K -rw-r--r-- 1 nihilist nihilist 4.0K Mar 26 11:04 .sync_9855fab54d67.db
+2.5M -rw-r--r-- 1 nihilist nihilist 2.5M Mar 26 11:05 .sync_9855fab54d67.db-wal
+4.0K drwxr-xr-x 2 nihilist nihilist 4.0K Mar 26 10:52 xmrbazaar
+
+
+Productivity-wise this is a perfect tool to keep updating files on the same place, from multiple devices. To showcase a basic change, we're going to copy another folder in there:
+
+And here as you can see the changes are automatically getting picked up by the nextcloud desktop client, and synchronized to the nextcloud server automatically aswell.
- Until there is something more.
COPYRIGHT ALL RIGHTS RESERVED I AINT WORKING FOR FREE!
+ Until there is Nothing left.
Creative Commons Zero: No Rights Reserved
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
Contact: nihilist@contact.nowhere.moe (PGP)
First thing we need to do after installing the app is enable the socks5 proxying, so that the app is able to resolve .onion domains:
+
+
+Now that thunderbird has the socks5 proxying enabled, it is now able to sync with .onion Caldav calendars, so let's use the calendar that comes preinstalled with with Nextcloud:
-Now if you want to use a remote calendar, like the CalDAV calendar that comes preinstalled with Nextcloud, you can connect to it like so:
@@ -148,6 +151,40 @@ For yourself (2)
First, you need the Davx5 application from the Fdroid store on your grapheneOS phone, that'll help us sync with the onion calendar we have on our .onion nextcloud instance:
+
+
+
+
+
+
+
+
+
+
+
+
+Now that the Caldav nextcloud calendar is synchronized locally, we can display it using Etar Calendar:
+
+
+
+
+Now that it is installed, we can install the widget to view our calendar from our phone directly:
+
+
+
+And that's it! you now have your own .onion caldav calendar synchronized and displayed on your phone aswell.
+