Unlocking Real-Time Power: A Deep Dive into Nextcloud HaRP If you’ve been following the Nextcloud ecosystem lately, you’ve likely heard a new acronym buzzing around: High-performance AppAPI Reverse Proxy
, HaRP is the next evolution for anyone looking to build or run modern, real-time "External Apps" (ExApps) within Nextcloud Hub
Here is everything you need to know about why HaRP is a game-changer and how to get started. What is HaRP? In the past, Nextcloud’s AppAPI
relied on a Docker Socket Proxy (DSP) to manage external app containers. While functional, DSP had its limits—especially when it came to modern protocols like WebSockets. replaces DSP
as the recommended deployment daemon for Nextcloud 32 and beyond. It acts as a specialized bridge that: Enables WebSockets:
It routes traffic directly to ExApps, bypassing the standard Nextcloud PHP stack. This means no more polling and significantly lower latency for real-time features. Simplifies Networking: FRP (Fast Reverse Proxy)
tunnels, your app containers don't need to expose ports to the host or deal with complex NAT traversal. Boosts Performance:
By allowing direct communication between the client and the app, it reduces the load on your main Nextcloud server. Why You Should Care harp nextcloud
If you are an admin or a developer, the shift to HaRP isn't just an "optional upgrade." has signaled that the old DSP method will be deprecated and removed by Nextcloud 35.
For users, this architectural shift is what makes sophisticated AI apps, real-time collaborative tools, and high-speed chat interfaces possible within the Nextcloud dashboard. Quick Setup Guide
Ready to jump in? You can deploy HaRP as a Docker container. Here’s a basic look at a typical docker run command for a local installation
docker run -d \ --name appapi-harp \ --restart unless-stopped \ -e HP_SHARED_KEY= "your_secure_password" \ -e NC_INSTANCE_URL= "https://your-nextcloud-domain.com" \ -v /var/run/docker.sock:/var/run/docker.sock \ -p \ ghcr.io/nextcloud/nextcloud-appapi-harp:release Use code with caution. Copied to clipboard Key Ports to Know: The HTTP port for Nextcloud to talk to HaRP.
The FRP tunnel port used by the apps themselves to connect back to the proxy. Pro Tips for a Smooth Migration Check Your Version: HaRP requires Nextcloud 32 or higher . It won't work on older versions like NC 31. Don't Delete Data: When switching from DSP to HaRP, remove your old ExApps but
delete their data volumes. Once you reinstall them through the HaRP daemon, they will pick up right where they left off. Reverse Proxy Config:
If you run Nextcloud behind Nginx or Apache, ensure your main proxy is configured to support the 1800s request timeout and pass WebSocket headers correctly. Unlocking Real-Time Power: A Deep Dive into Nextcloud
HaRP represents a major step toward making Nextcloud a true "hub" for microservices. While the transition from the old proxy system can be a bit technical, the performance gains and real-time capabilities are well worth the effort. Are you planning to migrate your current ExApps to HaRP, or are you looking to develop a new app using WebSockets?
WebSockets in Nextcloud: creating real‑time apps via AppAPI 30 Oct 2025 —
Generating a proof for a 10‑version file takes 24 ms (client‑side verify: 31 ms). This is acceptable for periodic auditing.
Harp is a static site server and build tool that compiles HTML templates, Markdown, and assets into a static site. Nextcloud is a self-hosted file sync and collaboration platform. Integrating Harp with Nextcloud is useful when you want to host or serve a static site from Nextcloud storage (for previews, sharing, or simple hosting behind a Nextcloud-enabled webserver), or use Nextcloud as a source for site content/assets while building with Harp.
Any user can request a proof that a current file version is the result of a legitimate sequence of operations. The server returns the hash chain segment and a signed timestamp from a threshold of other nodes (in federated mode). This enables proof of integrity without a blockchain.
| Context | Likelihood | Explanation | |-----------------------------|------------|-------------| | Old forum / Reddit post | Medium | Users discussing Rust clients | | Internal company setup | Low | Custom named deployment | | Typo of "Hardening" | Medium | Nextcloud security hardening guides | | Mistake for "Horde" | Low | Horde is a groupware suite, not sync client |
Investigative journalists cannot trust central cloud servers. With Harp+Nextcloud, the Nextcloud server can be hosted on a cheap VPS (for search and indexing), but the actual document files never touch that VPS. They travel directly between journalists’ laptops via encrypted P2P. Centralized Bottlenecks: Traditional servers (FTP
Threat model: We assume the Nextcloud server storage is untrusted for integrity (malicious admin or rootkit), but the server cannot forge hash chains without breaking SHA3-256 or compromising the client’s initial hash seed.
The system does not protect against file content confidentiality if the server is malicious — that requires end‑to‑end encryption (e.g., Nextcloud’s native server‑side encryption is orthogonal).
Before we discuss the solution, we must diagnose the pain points of current systems:
Harp solves the transfer problem. Nextcloud solves the organization problem.
Developers have created a virtual filesystem layer where Nextcloud acts as the metadata manager (knowing what files exist and who owns them), while Harp acts as the data plane (moving the actual bytes).
The Workflow:
Result: Your Nextcloud server's CPU and bandwidth usage drop by 90% for large file transfers.