Joplin : improve security of the Nextcloud link
Posted on January 3, 2023 • 4 minutes • 651 words • Other languages: Français
I begin this article by wishing you all a wonderful 2023: health, happiness and fulfillment 🥳!
I’m not going to introduce you to Joplin , that excellent free note-taking application in Markdown format. Instead, I will present you an alternative to connect Joplin to your Nextcloud instance in order to limit access to your data to the bare minimum.
Standard synchronization between Joplin and Nextcloud
In the Joplin app, whether Mobile (iOS/Android) or Desktop (Linux/Mac/Windows), you can connect Joplin to a Nextcloud account, which has the advantage of:
- backup your notes
- sync your notes on all your devices
For this, the Joplin FAQ , as well as many tutorials, will advise you to use Nextcloud’s WebDAV file server and to configure Joplin in this way :
- Nextcloud WebDAV URL : https://your-nextcloud.com/remote.php/dav/files/username/JoplinFolder
- Username : username de votre compte Nextcloud
- Password : password de votre compte Nextcloud
If you have enabled dual authentication on your Nextcloud instance, you will need to generate an application password and enter it instead of the password in Joplin.
This method works but I find it very insecure because your Joplin apps have full read/write access to all of your data in your Nextcloud account. We’ll see how to improve this.
After discussions on the Joplin Discord, it turns out that the problem is only with the Linux application. The application does not support the Linux keychain. If you can improve this issue, please contribute here: https://github.com/laurent22/joplin/
Give limited access to Joplin on your Nextcloud account
Your Joplin notes are all grouped in one folder on your Nextcloud account. The goal is that the Joplin app cannot access anything other than that folder.
To do this, we can use Nextcloud’s sharing and WebDAV features to avoid connecting to Joplin directly through our personal Nextcloud account.
A - Set up your Nextcloud instance
For this method to work, the Nextcloud public shares must be accessible via WebDAV. This is a common option and usually enabled on Nextcloud servers.
However, if you are an administrator, or would like to have the administrator enable this feature, it can be found in Administration > Sharing > Federated Cloud Sharing. Check the box :
- “Allow users of this server to send shares to other servers”
B - Share your Joplin folder
Then make a share on your Joplin notes folder, and adjust the settings to your liking. Don’t forget to add a password to the share :
Once the sharing is done, you will get a URL like :
Pay attention to this URL, because it is the last part (xF4CDBt5mRCid83) that will be used as your username in the Joplin application.
C - Connect your Joplin application
In the Joplin application (Desktop/mobile), here is the information to enter :
- Nextcloud WebDAV URL : https://your-nextcloud.com/public.php/webdav/
- Username : the last part of the URL (xF4CDBt5mRCid83)
- Password : Nextcloud share password (UxMb6WFMqkoQ)
Pay attention to the URL of your Nextcloud which must end with /public.php/webdav.
Conclusion
I find this connection method between Joplin and Nextcloud to be a security gain by significantly limiting access to your Nextcloud account (which is always good when possible). Moreover, this method will extend the possibilities of sharing notes thanks to Nextcloud allowing to :
- create an access by device if you want (by creating several links)
- create one or more “read-only” accesses (sharing your Joplin folder with friends or colleagues?)
- create a time-limited access by setting an expiration date
This is, for me, the best way to use Joplin coupled with Nextcloud. See you soon !