While trying to get my Nextcloud instance to talk to an OpenCloud Test instance I had to dig a little deeper into the unterlying protocol: Open Cloud Mesh (or short OCM, details s. RFC-draft).
TL;DR: For everyone keen to get things up and running: I didn’t succeed (yet). And though I really like the idea of being able to share data between different cloud solutions, it looks like we’re not yet there when it comes to interoperability.
Preparing OpenCloud
In order to activate OCM with OpenCloud (docker installation), we’ll need to add "OC_ENABLE_OCM=true" to the docker environment.
We also need to provide a list of trusted servers in /etc/opencloud/ocmproviders.json.
Details about how to set things up can be found here.
Check OCM endpoint "/.well-known/ocm":
linux # curl -s https://opencloud.mydomain.de/.well-known/ocm
{
"enabled": true,
"apiVersion": "1.1.0",
"endPoint": "https://opencloud.mydomain.de/ocm",
"provider": "OpenCloud",
"resourceTypes": [
{
"name": "file",
"shareTypes": [
"user"
],
"protocols": {
"webdav": "/dav/ocm"
}
}
],
"capabilities": [
"/invite-accepted"
]
}Preparing Nextcloud
With some past release the OCM functionality was moved to the "federation" application. After installing/activating that app you can add "Trusted servers" ("Administrative Settings" -> "Sharing" -> "Trusted servers"). If these servers allow the connection even user/group lists can be transferred from there (not yet tested).
Check OCM endpoint "/ocm-provider" (maybe a redirect from "/.well-known/ocm" should be here?):
linux # curl -s https://nextcloud.mydomain.de/ocm-provider | jq
{
"enabled": true,
"apiVersion": "1.0-proposal1",
"version": "1.1",
"endPoint": "https://cloud.mydomain.de/index.php/ocm",
"publicKey": {
"keyId": "https://cloud.mydomain.de/ocm#signature",
"publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMII<...>\n-----END PUBLIC KEY-----\n"
},
"resourceTypes": [
{
"name": "file",
"shareTypes": [
"user",
"group"
],
"protocols": {
"webdav": "/public.php/webdav/"
}
}
]
}Other implementations
OCM is also supported by OwnCloud (s. here), seafile and CERNBox.
Test run
My first tests were to share a file from OpenCloud to my existing Nextcloud instance, but that didn’t work out.
So I started to verify, that my Nextcloud could share files with other Nextcloud instances. For that I used a Nextcloud instance of a friend of mine and it worked flawlessly.
For further testing I started up another local Nextcloud docker instance (called "nctest.mydomain", using Apache as reverse proxy and for SSL termination).
Trying to share files from my pre-existing Nextcloud instance failed however … so what the hell is going on here?
While trying to add the newly created docker Nextcloud server to the "Trusted server" list (which failed) I got some hints in the nextcloud log:
Host "192.168.123.45" (nctest.mydomain.de) violates local access rulesI don’t know nothing about those “local access rules” but the suggested workaround was to add an extra option to Nextcloud’s configuration:
linux # vi config/config.php
<...>
'allow_local_remote_servers' => true,
<...>After restarting Nextcloud – in my case that meant restarting php-fpm – things started to work:
linux # systemctl restart php8.3-fpmJust shared a file/a directory using the federation app and got a notification on the other (Nextcloud) site.
However this still didn’t make Nextcloud and Opencloud cooperate …
Site notes
Nextcloud
You do not need the “Trusted server” config in order to share files/directories.
However you’ll need trusted servers to share the usernames for something like auto-completion.
In case the status of the trusted servers stays yellow, make sure to run Nextcloud’s cron.php and sync the addressbooks:
linux # docker run -ti --user www-data nctest php -f cron.php
linux # docker run -ti --user www-data nctest php occ federation:sync-addressbooksSome more details about what’s going on can be found here.