And it failed spectacularly.
We only needed a simple form, but we wanted to be fancy, so we used “nextcloud forms”.
The docker image automatically updated the install to nextcloud 30, but the forms app requires nextcloud 29 or lower. No warning whatsoever. It’s an official app, couldn’t they wait that it was ready for NC 30 before launching it? The newsletter boasts “NC hub 9 is the best thing after sliced bread” yet i don’t see any difference both in visual or performance compared to NC hub 2
Conclusion: we made our business to rely on nextcloud forms as a signup form, but the only reason we were using it was disabled who knows how many weeks ago.
You must log in or register to comment.
Wait, you update productions systems without running a staging environment? Or even checking the update notes and your installed apps? Also no backups? What kind of business are you running over there?
Oh, Nextcloud docker is a joke. They follow no standards or best practices when it comes to docker. They keep the entire app directory mounted as a volume, which means it does upgrade you without you “needing” to upgrade the docker image. They have volumes within volumes they need to mount. Their configs can (and do) override environment variables. Most actions that need to be taken require running an
occcommand which can only be done by exec’ing into the container.Nextcloud docker is honestly just such a joke. They should have rethought their application from a docker sense and they didn’t. God just number one - Docker images should never update. It’s a freaking pinned version for a reason. If I want to update, it should be as simple as upping the version tag, and it does any upgrades in place when I do that.
I honestly steer people away from Nextcloud now because of how mismanaged their images are.
The images work fine for me. The problem is that Nextcloud is a complex app that doesn’t really work with the design of one container to do one job. It is pretty much a regular application that uses docker for packaging.
That doesn’t make up for bad container decisions. I run much more complex containers both that split out responsibilities and that contain everything as one container. The size and complexity is irrelevant to the bad design decisions. You can have an image that eats up gigabytes of space that runs off of proper environment/config variables with properly mounted volumes.
Again there docker image is just a packaging format and a health check. I very much wish it were better but for now it works
Just because it works doesn’t mean it follows best practices.
https://docs.docker.com/build/building/best-practices/#create-ephemeral-containers
Yep, and I’d guess there’s probably a huge component of “it must be as easy as possible” because the primary target is selfhosters that don’t really even want to learn how to set up Docker containers properly.
The AIO Docker image is an abomination. The other ones are slightly more sane but they still fundamentally mix code and data in the same folder so it’s not trivial to just replace the app.
In Docker, the auto updater should be completely neutered, it’s the wrong way to update the app.
The packages in the Arch repo are legit saner than the Docker version.
I had to learn how to mount subpaths for their terrible container, and god just the updater is mind boggling. And I have to store their code in a volume, because of course I have to, why would code and configuration ever need to be… configurable? I actually just tried to put their
config.phpinto a ConfigMap just to try, and of course PHP doesn’t allow that - not that I blame PHP for it - but ffs it’s been years, it’s time to allow config to also come from a yaml or something.OwnCloud rewrite in Go is way better
I’m attracted to it because of the posix backend. Did anyone try it? Is it stable?
For reference, https://owncloud.dev/architecture/posixfs-storage-driver/
I’m testing it now. Seems way faster and more stable.
I’m just trying to get the oauth login to work but the actual file sync works great.
Is this compatible with existing (Android) clients? I need offline file support for KeePass.
Yes it works with the android app
To be fair a certain security company was in global news for exactly that same send it behavior. Why waste precious resources on multiple instances? Investors hate waste. 😅
The world is your
oystertest envIt worked on my box!
One that lacks a good IT department apparently
Yes no staging because it’s something used at most by 2 concurrent users, we were ok with 95% reliability (we discovered it was disabled after at least two weeks lol)
Otherwise we would just have signed up to one of the many cloud forms sites at $100/year
Backups daily but it’s unthinkable to revert something like nextcloud to a months old one
Subscribed to both newsletter and RSS feed to know about issues (the command to update the docker images isn’t automated but manually issued). The maintainer of the forms app is nextcloud itself so any incompatibility should have been written in red bold characters in the blog posts and newsletter.
Why are your backups so out of date? Just setup daily snapshots and call it a day if it isn’t critical. You never want to update major versions first thing. Wait 3 months and then update.
This smells like shadow IT
I have daily backups and hourly zfs snapshot. The problem is that, because nobody used the useless survey plugin, I have no idea when it broke. It could have been yesterday or it could have been 4 months ago
Backups and rollbacks should be your next endeavor.
Seems easier to blame Nextcloud
Why did you do automatic updates without testing? That is the real issue.
Honestly your IT department sounds like it could use some help
Manual docker upgrade issued my me after reading the official blog and newsletter. The upgrade notes described the new version as the best thing ever and didn’t mention that one of their selling points would be disabled without any notice.
I’m starting to see a pattern in those comments like “why did you wear a skirt that night? It looks like you asked for it…”
I’m starting to see a pattern in those comments like “why did you wear a skirt that night? It looks like you asked for it…”
Cute victim mentality, but gross and insanely wrong comparison
Learn from your mistake and don’t update without testing next time, it’s 100% on whoever updates the production environment to make sure that shit isn’t broken for whatever reason before pushing it customer-side
It’s more like you bought a random white powder from your dealer without asking what it was and are now upset you almost died
ok, please tell me where in the release notes they say that the forms app will be automatically disabled without warning after update, thanks https://docs.nextcloud.com/server/latest/admin_manual/release_notes/upgrade_to_30.html
Literally just googled “nextcloud forms” and looked at their supported versions and whaddya know, it says right on that webpage that there’s no stable version for 30 yet, so safe bet would be that it wouldn’t properly work when upgrading:
There is a supported nightly build, though, so you could probably have tried that
It’s on you to look up what will break when you update, or to test and see what happens when you do. A major update page isn’t going to list all of the things that rely on it that break because that’s fucking unreasonable
go to watch who is the maintainer of nextcloud forms, then see if they could have known that NC 30 was about to go out or not
It’s definitely not unreasonable that if I make product X and I make product Y, and they’re not compatible, then a bit of warning is suggested.
Again, wordpress updates break plugins all the time, but automattic plugins (same people of wordpress) never break. Coincidence? They just launch a new wordpress without checking if woocommerce or jetpack don’t work?
then a bit of warning is suggested
Which was given by the app that gets broken by the update
Windows doesn’t tell you that upgrading to 11 will break x, y, and z that you have installed, you’re expected to go to the sites for those programs and check if they work. Same exact idea
The same company making both apps is never a guarantee that they’ll play nice day 1, for many reasons
I’ll repeat: learn from your mistake instead of blaming other people for your naivete. If an app is important and might break during an update of something: check the apps documentation to see if it supports said update
Ok i get it, it’s best practice to do rushed releases without QA because users are the free testers.
They definitely had no way to know that their own app was incompatible, this is definitely a problem of the stupid user. Idiot user who believed their newsletter “update now, hub 9 is the best thing ever”. The user should have known that stable = untested beta
Also, this issue happened exclusively to me in the whole world, because everyone else isn’t an idiot like me and checks 30+ release notes scattered in 30 different repositories to guess any incompatibility. I was lazy and only checked the main notes! Such an idiot! Why I didn’t check every single installed app? It’s just 30! Nextcloud devs couldn’t have known that nextcloud devs didn’t update the manifest of the forms app! I should have checked before! Completely my fault!
Now if you excuse me I got an update to the Windows nextcloud desktop app and it must reboot after update because reasons even if there’s a GitHub issue with 200 angry comments about that. No wait! Stupid me! First I have to fire a VM and use a whole week to write automated tests that account for every possible combination of settings, language, power management, installed apps and so on. Otherwise I could lose a worthless survey that nobody reads and that will definitely get me fired!
Whoah, dude.
Not only are you being told what could have and will ward off unplanned breakage, but you have somehow characterised yourself as an unsuspecting victim here? Inaccurate and really inappropriate comparison.
You knew enough to take on deploying a service, now comes the grown-up part where you hedge against broken updates.
I don’t know if maybe it’s my bad english in explaining it or it’s your comprehension skills that lack something.
I write it again for the 10th time: I’m 100% ok having 1-2 weeks of downtime, and this is why i do it live. It simply doesn’t make sense to dedicate several hours every month on testing if all i need is getting 3 useless surveys filled per year. If it was essential for work and i needed 99.99999% uptime i would directly subscribe typeform or surveymonkey. If tomorrow my install completely bricks and disappears in thin air, i would have lost 30 minutes of time and no valuable data. I literally spent more time designing the logo for the instance than managing it. This is just to state how unimportant the data stored on it.
This post wasn’t made about “oh no i lost millions and all my irreplaceable data thanks to nextcloud stupid updates” but how stupid is to release something that breaks features that they’re using as selling point.
ok, now that we established that my IT skills are lacking and i should be fired because one single survey couldn’t be filled, this is the release notes: https://docs.nextcloud.com/server/latest/admin_manual/release_notes/upgrade_to_30.html
Please tell me where they say that this feature is automatically disabled and also tell me why you think that this is acceptable.
I don’t understand why you think that is acceptable.
I even can’t find other examples where a release is so rushed, that selling points are disabled without ETA. I never saw for Libreoffice 24 dropping support for opendocument files for a couple months just because they had to meet a self imposed deadline
Docker automatically upgrades if you tell it to by specifying “latest” or not specifying a version number. But it only upgrades if you issue the pull command or the compose up command. There are ways to start without a pull like using start or restart. So yes, there was warning and something you did actively told it to upgrade.
And it’s really bad practice to update any software without testing, especially between breaking/major version numbers.
Finally, it’s not uncommon for a platform to release its update and then the plugins or addons to follow. Especially with major updates that require lots of testing before release. This allows plugin/add-on makers to fully test their software with the release version of the platform rather than all of the plugin makers having to wait for one that may be lagging behind.
You again commented on the docker upgrade comment that I said it’s irrelevant. It’s really like saying “if you wore pants that day, they wouldn’t have done that, it’s your fault”. It doesn’t make sense to spend $1000 in operating costs to host a useless survey that gets 3 responses a year. If it breaks for a week nobody dies.
Focus on how they’re moving fast and breaking things, ok? It’s not normal that official plugins don’t support the latest stable release. It’s not an alpha, it’s not a beta, it’s stable. Stable means everything needs to work. Official plugins need to support the latest stable release. It’s acceptable only if this was a third party plugin made by a hobbyist in their free time
WordPress updates also break many plugins but it never happened that a stable release blocked official ones like woocommerce.
By the way, now I have learned that the latest version of nextcloud is a public beta and it’s better to always stay one version behind. So why don’t they call it public beta?
The docker image automatically updated the install to nextcloud 30, but the forms app requires nextcloud 29 or lower.
Lol. Do not blame others for your incompetence. If you have automatically updates enabled then that is your fault when it breaks things. Just pin the major version with a tag like nextcloud:29 or something. Upgrading major versions automatically in production is a terrible decision.
They’re releasing a new version every two month or so and dropping them rapidly from support, pinning it with a tag means that in 12 months the install would be exploitable.
Now, I did directly to production because this is low priority stuff, but it would have happened even with a testing stage. I would have never noticed that the forms apps was disabled, the system disabled it without any notification.
You would expect that an official app supports the latest release, no?
This wasn’t an app released by a nobody in their free time, this is a main feature heavily advertised in their blog. Look by yourself:
https://nextcloud.com/blog/nextcloud-forms-to-keep-your-surveys-private/
It’s not unreasonable to get pissed when 6 months after that blog post it doesn’t support the latest release anymore.
They’re releasing a new version every two month or so and dropping them rapidly from support, pinning it with a tag means that in 12 months the install would be exploitable.
The lifecycle can be found with a single online search. Here https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule
Releases are maintained for roughly a year.
Set yourself a notification if you forget it otherwise.
Docker images should never self update - that’s an anti pattern. They should be static code. The only time I would expect a docker image to “auto update” is if I was using the “latest” or “stable” tag and Compose/Kubernetes/I repull the image - but the image should never update itself.
Yes, OP bit off more than they could chew. Nextcloud, however, is breaking the entire purpose of Docker images by having an auto-updater at all.
If you say
Thing:latestand then redeploy your compose file or what not,
well, you’re getting the latest!
I run latest with watchtower on so much shit
That is a very bad idea. Use the stable tag instead. Better yet, create an Ansible playbook that updates the containers in bulk and then manually run it when you have time.
Naw I mostly do it for my own personal shit, can’t be fucked to update Plex 3 times a week and so on with other homelab stuff. Everything production is tagged with gitops version managed kubernetes manifests
Edit: should also mention I build quite a bit of the software being deployed
Plex doesn’t get updates 3 times a week
My point being I don’t want to update that sort of stuff that can be automated.
The forms app is useless. It’s basically for surveys. I can’t see how you’d use it for signups.
Not to flame you, but really just an HTML form was all you needed? It’s a super simple feature…
sure, but why solve problems in 10 minutes when i can do it way more sophisticated using 10x more time and resources?
(at the moment reverted to the easy html form + php send mail)
Specify a Version Tag in docker compose and update nextcloud deliberately through the webapp, that way it doesn’t update automatically on a pull
You can’t update it in the web app. You need to do a docker-compose pull followed by docker-compose up -d
No, I think if you’re using the nextcloud all in one image, then the management image connects to the docker socket and deploys nextcloud using that. The you could be able to update nextcloud via the web ui.
https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-update-the-containers
I’m talking about docker compose
No offence, but is Docker really the best way of running NC in a professional environment? Also, if you don’t want Docker to upgrade to latest image, don’t use the “latest” tag in your configuration.
Yes, docker is the best way. Anything else is hell. It is still painful with docker but at least it is manageable
deleted by creator
I disagree. I use and depend on the apps including things like calendar and talk.
deleted by creator
YOU CAN’T DO THAT
Us too, we only use it as a filelink provider for thunderbird and to host a useless survey that’s going to get filled once a quarter. That’s why nobody noticed the survey was disabled and that’s why we’re not doing multistage testing in multiple virtual machines. We are a super small company and ok with something that one day can be 3 days offline. Otherwise it would be cheaper to pay $100 to Surveymonkey and $100 to Dropbox
