Where is Nextcloud 17.1. There is a Owncloud 17.1, but I would like desperately to renew my Nextcloud 16 instance. Does Nextcloud 17.1 have a special problem to produce it?

Peter

Forum: 
Tags: 
Jeremy Davis's picture

Hi Peter, we haven't done it yet...

There is no particularly good reason why we have updated ownCloud but haven't updated the Nextcloud app yet. Just that our normal major version updated release process got interrupted with a range of issues (one after another...). As such, the initial v17.x release has dragged out for much longer than we might have hoped.

I don't have an ETA but I do hope to publish the next batch of appliances updated to v17.x in about 2 weeks. I have asked one of our devs to prioritise it. No promises, but hopefully it will be in that batch.

Witzker's picture

Pls, don't forget to update to PHP 8.x if possible for future releases of Nextcloud

There are some warnings regarding your setup.

Or is there a Problem?

https://github.com/nextcloud/server/issues/29287

What do you think?

Jeremy Davis's picture

We get PHP from Debian - v17.x = Debian 11/Bullseye, which has PHP 7.4. Whilst it's not the latest, there are advantages sticking with the Debian default PHP - primarily the relative safety of auto security updates.

Having said that, newer PHP is perhaps one of the most common questions/requests we get. So we're keen to try to make it as easy as possible. As you may already be aware, there is a trustworthy 3rd party PHP apt repository that can be used to install newer versions. But it's not as simple as we'd like. I have had a couple of stabs at a tool to make it easier but haven't nailed it yet.

The GH issue you link to appears to be related to running Nextcloud on PHP 8.1. So unless you installed PHP 8.1, it shouldn't be an issue for you.

BobbyJ1's picture

I think people are asking about PHP 7.4 because its officially dead, end of live back in Nov 2022.  Hackers know that no more security patches will be added so they can exploit any web site that uses PhP 7.4 or older.    8.0 and 8.1 have been out for some time now and are being supported.

I don't know that 8.0 or 8.1 PHP has been tested with NextCloud 17.1 ISO.  I know my website broke with PHP 8.1 and had to go back to 7.4 until the developers catch up and test on 8.1.

 

Has anyone tested this 17.1 Next Cloud ISO and then updated to PHP 8.1 without issues?

 

Thanks!

 

Jeremy Davis's picture

Whilst PHP upstream support has ended for PHP 7.4 (i.e. the PHP devs no longer directly support it), we don't install from upstream source code. TurnKey is based on Debian (TKL v17.x == Debian 11/Bullseye) and we install PHP from the Debian apt repositories.

With very few exceptions, all packages in Debian main repo (i.e. almost all software - 'contrib' and 'non-free' repos get "best effort" security support) get security fixes from the Debian Security Team. The Debian Security team collaborate with other Linux & BSD developers (e.g. from Ubuntu, Red Hat, SUSE, FreeBSD, etc), as well as getting assistance from PHP devs, to carefully craft minimalist backported security patches. The patches change the least possible amount of code, whilst resolving the security issue. That means that you PHP code that was working fine before the security update, should work exactly the same after the sec bug has been patched.

The Debian Security Team provides backported security patches for one year after release of the next stable release (next stable release will be 12/Bookworm). Debian has a "release when ready" release schedule (so no firm date) but it's estimated that the Security Team support will end around mid-2024. At that point, maintenance is taken over by the LTS team (LTS = Long Term Support). It is anticipated that LTS will run until mid 2026.

I suspect that it's completely irrelevant in the context of Nextcloud, but it's likely that after LTS support ends, that Debian 11/Bullseye will go into ELTS - likely supported up until ~2029. Considering that both Red Hat and now Ubuntu offer 10 year security support - it's highly likely that there will be PHP7.4 apps running safely and securely in the wild for many years to come!

Beyond that, because the backported security patches are so carefully crafted, we believe that they are safe enough to auto-install. So TurnKey checks for and installs any available sec updates every night. TL;DR - hackers that think they'll be able to easily hack a PHP7.4 app will be sadly disappointed.

Nextcloud claims that it supports both PHP 8.0 & 8.1 - so I would expect it to work fine on both. We have a few apps that actually require newer PHP (e.g. Invoice-Ninja & Leantime both require 8.1) so we pre-install alternate versions (from the sury.org trusted third party repo - FWIW Onrej is a member of both the Debian and Ubuntu packaging teams). Given both of those points, I haven't tested, but would assume that Nextcloud would "just work" on either PHP8.0 or 8.1 (and likely not 8.2).

I don't recall whether anybody has reported back after upgrading to PHP 8.0/8.1 for Nextcloud, but I can confirm that PHP 8.0 & 8.1 work great on TurnKey v17.x. Some have hit issues, because there can be devil in the detail, but there are plenty of instructions around on how to add sury.org. You'll find a few threads here on he forums discussing it in relatively high detail. Let me know if you can't find them.

If you want to do that yourself, please don't do it on your "production" server (e.g. if you rely on it working). Much better to do it on a test server (e.g. spin up a new Nextcloud VM - ideally a snapshot of your existing one) and test in that first. Then just re-run the same steps on your "production" server.

If you have any problems, please report the issues and I'm more than happy to assist. So long as you are making an effort to help yourself, I'm more than happy to go well out of my way to assist TurnKey users achieve their goals (but FYI I generally don't respond well to zero effort demands - not aimed at you, just for context).

BobbyJ1's picture

From what I have read it might be as long as Debian11 Bulleye is supported the Debian team will retro any PHP 7.4 security patches.    So there will be no need to updated to PHP 8.0/8.1 for Nextcloud.  

Below is what they did on Debian 9/php7.0.

Debian 9.0 is currently supported.

PHP7.0 in Debian 9.0 does receive security fixes: https://metadata.ftp-master.debian.org/changelogs//main/p/php7.0/php7.0_7.0.33-0+deb9u8_changelog

TLDR: You're safe as long as Debian 9.0 is supported.

 

 

Jeremy Davis's picture

I missed this post previously, but it sounds like you've done some more reading and get the gist of it all. Great work.

Although, I would not recommend using any TurnKey v15.x/Debian 9 based system these days if you can avoid it.

BobbyJ1's picture

Thanks for the information.  I had already posted that before I saw your long reply.  Appreciate the help and effort. 

Yes I did a bit of research.   I'm running a production turnkey 16 php 7.3 next cloud.  Working fine for years no issues.   But.  now it fails the nextcloud security scanner with a F grading.   The world is still spinning so not a huge deal. 

https://scan.nextcloud.com/

Only way to get my A rating back is either updating PHP (I borked it last try) or Turnkey 17.1 with php 7.4

I did a some custom editing of the files to make it more professional which I will have to redo on the update (not had time)  

Is starting from scratch (Turnkey nextcloud 17.1) and adding my custom edits manually the best way?  

 

I looked on the Turnkey website to see if Nextcloud 17.1 is available. Not available. But in my Proxmox I already downloaded it.

Is it a miracle?

I suggest updating the website.

Peter

PS I'm quite happy that the new Nextcloud finally arrived.

Jeremy Davis's picture

You are correct Peter! :)

The updated v17.1 release of v17.1 Nextcloud has indeed been published (and part of the publishing process means that they're available via Proxmox). As you note, I still need to update the website... I was hoping to get that done last week (the images were published on Wed), but ran out of time. I should get it done in the next day or 2. FWIW, you can always find the latest (and older) builds on our mirror.

Hi Jeremy,

Thanks for the mirror!

But now I have just another complaint!! The DONATE page does not work. So when you start updating the website do not forget that important page. I really need it!

Peter

 

Jeremy Davis's picture

I've finally published the announcement of the latest batch of builds - including Nextcloud.

I'll have to have a look at the donations page...

Witzker's picture

Hi, Thx for publishing new Nextcloud

I have the olde v16 version running on an ESXi 7 machine.

What would be the easiest way to get this Installation to v17?

THX for step to step instructions

Jeremy Davis's picture

I would imagine that a TKLBAM data migration should "just work", but I haven't tested.

Or you could just manually migrate the data. You should only need the 2 folders and the database.

Another option would be to do a Debian style in-place upgrade. Technically you would end up with something that isn't quite v17.1 but is very close.

M Vak's picture

Hi,

So glad you updated this to 17.1.  I was getting sick of doing my manual Debian build up.

One issue though, we put a legal disclaimer link where the "Nextcloud Appliance - Powered by Turnkey Linux" is.  On a vanilla build of Nextcloud this is controlled in the Theming section of the admin settings in Nextcloud.  No matter what we put there it seems to be hijacked. 

I did try this:

a2dismod substitute

and it said it was already disabled.

How can I allow the disclaimer link to show by either removing or moving the Turnkey message?

Thanks!

Jeremy Davis's picture

Glad to hear that the v17.1 build is (mostly) working for you.

In regards to your question about the footer, Nextcloud is somewhat unique in that the footer isn't done through mod_substitute. Looking at the build code it appears we tweak the template file: /var/www/nextcloud/core/templates/layout.guest.php

Hopefully that sorts you out?

Also, in future, it's best to start your own thread if your post isn't directly related (I know it's related, but not directly to the original post). Being in a new thread makes your question stand out more and it makes it easier for others to find the info in future.

Add new comment