And it failed spectacularly.
We only needed a simple form, but we wanted to be fancy, so we used “nextcloud forms”.
The docker image automatically updated the install to nextcloud 30, but the forms app requires nextcloud 29 or lower. No warning whatsoever. It’s an official app, couldn’t they wait that it was ready for NC 30 before launching it? The newsletter boasts “NC hub 9 is the best thing after sliced bread” yet i don’t see any difference both in visual or performance compared to NC hub 2
Conclusion: we made our business to rely on nextcloud forms as a signup form, but the only reason we were using it was disabled who knows how many weeks ago.
You must log in or # to comment.
The docker image automatically updated the install to nextcloud 30, but the forms app requires nextcloud 29 or lower.
Lol. Do not blame others for your incompetence. If you have automatically updates enabled then that is your fault when it breaks things. Just pin the major version with a tag like nextcloud:29 or something. Upgrading major versions automatically in production is a terrible decision.
Docker images should never self update - that’s an anti pattern. They should be static code. The only time I would expect a docker image to “auto update” is if I was using the “latest” or “stable” tag and Compose/Kubernetes/I repull the image - but the image should never update itself.
Yes, OP bit off more than they could chew. Nextcloud, however, is breaking the entire purpose of Docker images by having an auto-updater at all.
If you say
Thing:latestand then redeploy your compose file or what not,
well, you’re getting the latest!
I run latest with watchtower on so much shit
That is a very bad idea. Use the stable tag instead. Better yet, create an Ansible playbook that updates the containers in bulk and then manually run it when you have time.
Naw I mostly do it for my own personal shit, can’t be fucked to update Plex 3 times a week and so on with other homelab stuff. Everything production is tagged with gitops version managed kubernetes manifests
Edit: should also mention I build quite a bit of the software being deployed
Plex doesn’t get updates 3 times a week
My point being I don’t want to update that sort of stuff that can be automated.
What are you talking about? If you are not manual (or by something like watchtower) pull the newest image it will not update by itself.
I have never seen an auto-update feature by nextcloud itself, can you pls link to it?
I don’t have the link here, but essentially yes, nextcloud can update it’s own app code in it’s image because you have to mount the code to your own filesystem. This means that between docker images you can have a mismatch of the code that you have stored and the code that the image is expecting, which frequently causes mismatches for me. This is an antipattern. The code should be stored in the image, not as a volume mount. There should never be a mismatch of code in a docker image - that’s the whole point. The configuration could be out of date sure, or if there’s a data file that’s needed, that’s expected. The actual running code thought, that should never be on a mountable volume.
Next time you update the image you will probably be greeted with a “Nextcloud needs to update”. That should not exist. You already pulled the image, that should be everything you need to do. The caveats are extensions, kind of a grey area in my book, but I know it’s not a clean pattern with those either. (The best one I’ve seen lets you pin the extension version with environment variables or a config file, and then once again you are in control of when they update, and no running code is stored outside of the image.)
You can disable the web updater in the config which is the default when deploying via docker. The only time i had a mismatch is when i migrated from a nativ debian installation to a docker one and fucked up some permissions. And that was during tinkering while migrating it. Its solid for me ever since.
Again, there is no official nextcloud auto updater, OP chose to use an auto updater which bricked OPs setup (a plugin was disabled).
Thanks, I’ll disable that. I’m extra salty right now because I had to rollback a bad version and had to rebuild some of my config over the last week. I got into version hell because the code on the volume (which is why I’m pissed at it) said that I couldn’t run the image that I had set. So I pinned an earlier version, but then there were extensions that were pinned to a later one and said that I couldn’t rollback and didn’t start. I had to end up redoing the whole drive manually, forcing specific versions in the version.php and the config.php to finally make it work (Why is it in two places). Then after all that I had to run the upgrade command. Extremely annoying, and a waste of time for me. Other docker containers if I need to pin a version? I just… pin the version. Nextcloud is the only one I’ve seen where they store code on my volume and then pin specific versions to it.
They’re releasing a new version every two month or so and dropping them rapidly from support, pinning it with a tag means that in 12 months the install would be exploitable.
Now, I did directly to production because this is low priority stuff, but it would have happened even with a testing stage. I would have never noticed that the forms apps was disabled, the system disabled it without any notification.
You would expect that an official app supports the latest release, no?
This wasn’t an app released by a nobody in their free time, this is a main feature heavily advertised in their blog. Look by yourself:
https://nextcloud.com/blog/nextcloud-forms-to-keep-your-surveys-private/
It’s not unreasonable to get pissed when 6 months after that blog post it doesn’t support the latest release anymore.
They’re releasing a new version every two month or so and dropping them rapidly from support, pinning it with a tag means that in 12 months the install would be exploitable.
The lifecycle can be found with a single online search. Here https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule
Releases are maintained for roughly a year.
Set yourself a notification if you forget it otherwise.
Exactly, they have a release schedule, why their own plugin, that they’re heavily promoting as a feature, isn’t following that? If for some reason the forms app isn’t ready for that date, why not postponing the launch instead of having it broken for who know how many months?
It’s not a plugin made by someone else in their free time. They knew that by updating to NC 30 that feature that was marketed just 6 months ago would be disabled, so at least have the decency to write it in the release notes. I subscribe to the newsletter and the RSS for what, just enjoy the marketing buzzwords?
It’s like if Microsoft releases an operating system with a buggy and broken taskbar because of a rushed self imposed deadline and fixes it one year later.
Specify a Version Tag in docker compose and update nextcloud deliberately through the webapp, that way it doesn’t update automatically on a pull
You can’t update it in the web app. You need to do a docker-compose pull followed by docker-compose up -d
No, I think if you’re using the nextcloud all in one image, then the management image connects to the docker socket and deploys nextcloud using that. The you could be able to update nextcloud via the web ui.
https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-update-the-containers
I’m talking about docker compose
Im using docker compose. Cant remember the image RN, but something like nextcloud 26. AS long AS you specify a full Tag and use volumes, you can upgrade in the webapp.
That’s makes sense
Just a side note but I think 26 is EOL. Upgrade to 29 or 30
Why did you do automatic updates without testing? That is the real issue.
Honestly your IT department sounds like it could use some help
Manual docker upgrade issued my me after reading the official blog and newsletter. The upgrade notes described the new version as the best thing ever and didn’t mention that one of their selling points would be disabled without any notice.
I’m starting to see a pattern in those comments like “why did you wear a skirt that night? It looks like you asked for it…”
I’m starting to see a pattern in those comments like “why did you wear a skirt that night? It looks like you asked for it…”
Cute victim mentality, but gross and insanely wrong comparison
Learn from your mistake and don’t update without testing next time, it’s 100% on whoever updates the production environment to make sure that shit isn’t broken for whatever reason before pushing it customer-side
It’s more like you bought a random white powder from your dealer without asking what it was and are now upset you almost died
ok, please tell me where in the release notes they say that the forms app will be automatically disabled without warning after update, thanks https://docs.nextcloud.com/server/latest/admin_manual/release_notes/upgrade_to_30.html
Literally just googled “nextcloud forms” and looked at their supported versions and whaddya know, it says right on that webpage that there’s no stable version for 30 yet, so safe bet would be that it wouldn’t properly work when upgrading:
There is a supported nightly build, though, so you could probably have tried that
It’s on you to look up what will break when you update, or to test and see what happens when you do. A major update page isn’t going to list all of the things that rely on it that break because that’s fucking unreasonable
go to watch who is the maintainer of nextcloud forms, then see if they could have known that NC 30 was about to go out or not
It’s definitely not unreasonable that if I make product X and I make product Y, and they’re not compatible, then a bit of warning is suggested.
Again, wordpress updates break plugins all the time, but automattic plugins (same people of wordpress) never break. Coincidence? They just launch a new wordpress without checking if woocommerce or jetpack don’t work?
then a bit of warning is suggested
Which was given by the app that gets broken by the update
Windows doesn’t tell you that upgrading to 11 will break x, y, and z that you have installed, you’re expected to go to the sites for those programs and check if they work. Same exact idea
The same company making both apps is never a guarantee that they’ll play nice day 1, for many reasons
I’ll repeat: learn from your mistake instead of blaming other people for your naivete. If an app is important and might break during an update of something: check the apps documentation to see if it supports said update
Ok i get it, it’s best practice to do rushed releases without QA because users are the free testers.
They definitely had no way to know that their own app was incompatible, this is definitely a problem of the stupid user. Idiot user who believed their newsletter “update now, hub 9 is the best thing ever”. The user should have known that stable = untested beta
Also, this issue happened exclusively to me in the whole world, because everyone else isn’t an idiot like me and checks 30+ release notes scattered in 30 different repositories to guess any incompatibility. I was lazy and only checked the main notes! Such an idiot! Why I didn’t check every single installed app? It’s just 30! Nextcloud devs couldn’t have known that nextcloud devs didn’t update the manifest of the forms app! I should have checked before! Completely my fault!
Now if you excuse me I got an update to the Windows nextcloud desktop app and it must reboot after update because reasons even if there’s a GitHub issue with 200 angry comments about that. No wait! Stupid me! First I have to fire a VM and use a whole week to write automated tests that account for every possible combination of settings, language, power management, installed apps and so on. Otherwise I could lose a worthless survey that nobody reads and that will definitely get me fired!
Docker is kind of a giant mess in my experience. The trick to it is creating backup plans to recover your data when it fails. As such, I don’t really recommend it to anyone at all.
Docker is kind of a giant mess in my experience. The trick to it is creating backup plans to recover your data when it fails.
Thats the trick for any production service. Especially when you do an update.
I wouldn’t recommend Docker for a production environment either, but there are plenty of container-based solutions that use OCI compatible images just fine and they are very widely used in production. Having said that, plenty of people run docker images in a homelab setting and they work fine. I don’t like running rootful containers under a system daemon, but calling it a giant mess doesn’t seem fair in my experience.
Honestly it is fine assuming you don’t need 24/7 uptime. Just make a compose file and verify you have a working health check
Sounds like you are not using docker correctly.
There was a recent related discussion on Hacker News and the top comment discusses why this sort of solution is not likely to be the best fit for smaller organizations. In short, doing it well requires time and effort from someone technically sophisticated, who must do more than the bare minimum for good results, as you just learned.
Even then, it’s likely to be less reliable than solutions hosted by big corporations and when there’s a problem, it’s your problem. I don’t want to discourage you, but understand what you’re committing to and make sure you have adequate buy-in in your organization.
That reminds me of work. I’m old, young me has been through the mistakes and the pain of wanting to control and self-host everything.
Now I manage a team of young idealists who have not yet been burned sufficiently hard by reality and I feel like I spend half of my time denying them permission to add new self-hosted services to our stack.
Just last month a young padawan was pissed at the spent on an external auth service and had been pushing hard for a self hosted OSS solution which he was convinced he could handle by himself (which was most likely true, from a purely technical standpoint).
Since he wouldn’t let it go, I “punished” him by having him spend one day in excel and powerpoint to prepare a cost benefit analysis to present to the architecture review board, including server cost, backups, redundancy, security, monitoring, pen-testing, auditing, his time and all the bells and whistles we needed to be compliant with all the ISO-x we have to be. (we’re in a banking related field).
Our estimated internal cost ended up about 6x the one of the SASS solutions and still wasn’t as reliable.
Most people don’t understand the amount of effort it requires to run a secure & reliable system and if I had a dollar for everytime I heard it’s as simple as “docker run”, I could retire early.
You can still choose to installt he old version in NC30 and it will do so. and I upgraded to NC30 and my forms app continues to be functional. you can still give it a try.
take a VM snapshot, upgrade the app, validate it still works as intended, if not, revert from snapshot
Not to flame you, but really just an HTML form was all you needed? It’s a super simple feature…
sure, but why solve problems in 10 minutes when i can do it way more sophisticated using 10x more time and resources?
(at the moment reverted to the easy html form + php send mail)
I pretty much use NextCloud as just a storage device and nothing else. Using anything in the actual UI is just atrocious and the apps are not updated or just outright abandoned, and can’t be relied on.
I disagree. I use and depend on the apps including things like calendar and talk.
YOU CAN’T DO THAT
YOU CAN’T DO THAT
Us too, we only use it as a filelink provider for thunderbird and to host a useless survey that’s going to get filled once a quarter. That’s why nobody noticed the survey was disabled and that’s why we’re not doing multistage testing in multiple virtual machines. We are a super small company and ok with something that one day can be 3 days offline. Otherwise it would be cheaper to pay $100 to Surveymonkey and $100 to Dropbox
No offence, but is Docker really the best way of running NC in a professional environment? Also, if you don’t want Docker to upgrade to latest image, don’t use the “latest” tag in your configuration.
Docker is probably the simplest way to get a working deployment, since there’s a lot of moving pieces in a Nextcloud install.
Though, it’s not going to automatically update itself unless you’ve made a poor choice for a production environment configuration, which sounds like what happened here.
(Even using a latest tag isn’t really a problem until/unless you re-pull the image to do the upgrade. And/or have configured something to automatically update your shit, but again, don’t do that in production.)
Nextcloud is also annoying in that updating the base won’t pull all the apps to a current version, so you have to know what’s going to break before you update the base so you can then update the apps as needed. Which, again, can’t just be left up to automatic updates.
Yes, docker is the best way. Anything else is hell. It is still painful with docker but at least it is manageable
