Nextcloud version 29.01
Operating system and version: Ubuntu Server 22.04.5
Apacheversion:
HP version: 8.3.7
The issue you are facing: i’ve migrated my previous Nextcloud instance to new hosts, but the new instance is displaying numerous errors that did not appear on the previous system. The configuration is the same nothing changed.
sudo -u www-data php /var/www/nextcloud/occ setupchecks
dav:
\u2713 DAV system address book: No outstanding DAV system address book sync.
network:
\u2717 WebDAV endpoint: Your web server is not yet properly set up to allow file synchronization, because the WebDAV interface seems to be broken.
To allow this check to run you have to make sure that your webserver can connect to itself. Therefor it must be able to resolve and connect to at least one its `trusted_domains` or the `overwrite.cli.url`.
\u2713 Data directory protected
\u2713 Internet connectivity
\u26a0 JavaScript source map support: Your webserver is not set up to serve `.js.map` files. Without these files, JavaScript Source Maps won't function properly, making it more challenging to troubleshoot and debug any issues that may arise.
\u26a0 JavaScript modules support: Could not check for JavaScript support via any of your `trusted_domains` nor `overwrite.cli.url`. This may be the result of a server-side DNS mismatch or outbound firewall rule. Please check manually if your webserver serves `.mjs` files using the JavaScript MIME type.
To allow this check to run you have to make sure that your webserver can connect to itself. Therefor it must be able to resolve and connect to at least one its `trusted_domains` or the `overwrite.cli.url`.
\u26a0 OCS provider resolving: Your web server is not properly set up to resolve "/ocm-provider/", "/ocs-provider/".
This is most likely related to a web server configuration that was not updated to deliver this folder directly.
Please compare your configuration against the shipped rewrite rules in ".htaccess" for Apache or the provided one in the documentation for Nginx.
On Nginx those are typically the lines starting with "location ~" that need an update.
\u26a0 .well-known URLs: Your web server is not properly set up to resolve `.well-known` URLs, failed on:
`/.well-known/webfinger`
\u2139 WOFF2 file loading: Could not check for WOFF2 loading support. Please check manually if your webserver serves `.woff2` files.
To allow this check to run you have to make sure that your webserver can connect to itself. Therefor it must be able to resolve and connect to at least one its `trusted_domains` or the `overwrite.cli.url`.
system:
\u2713 Errors in the log: No errors in the logs since May 15, 2024, 10:29:36\u202fPM
\u2139 Brute-force Throttle: Your remote address could not be determined.
\u2713 Cron errors: The last cron job ran without errors.
\u2713 Cron last run: Last background job execution ran 4 minutes ago.
\u2713 Debug mode: Debug mode is disabled.
\u2713 File locking
\u2713 Maintenance window start: Maintenance window to execute heavy background jobs is between 1:00 UTC and 7:00 UTC
\u2713 Memcache: Configured
\u2713 Architecture: 64-bit
\u2713 Temporary space available: Temporary directory is correctly configured:
- 35.0 GiB available in /tmp (PHP temporary directory)
\u2713 Push service: Free push service
notifications:
\u2713 Push notifications - Fair use policy
passwords:
\u2713 Checking if the server runs background tasks with the same PHP version.: Background jobs are executed with the same PHP version.
\u2713 Checking if the server runs background jobs with cron.: Background jobs are executed with cron.
security:
\u2713 App directories owner: App directories have the correct owner "www-data"
\u2713 Old administration imported certificates
\u2713 Code integrity: No altered files
\u2139 Forwarded for headers: Your remote address could not be determined.
\u26a0 HTTPS access and URLs: You are accessing your instance over a secure connection, however your instance is generating insecure URLs. This most likely means that you are behind a reverse proxy and the overwrite config variables are not set correctly.
\u2713 Old server-side-encryption: Disabled
\u2713 PHP version: You are currently running PHP 8.3.7.
\u2713 Random generator: Secure
\u26a0 HTTP headers: Some headers are not set correctly on your instance
- The `X-Content-Type-Options` HTTP header is not set to `nosniff`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
- The `X-Robots-Tag` HTTP header is not set to `noindex,nofollow`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
- The `X-Frame-Options` HTTP header is not set to `sameorigin`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
- The `X-Permitted-Cross-Domain-Policies` HTTP header is not set to `none`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
- The `X-XSS-Protection` HTTP header does not contain `1; mode=block`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
- The `Referrer-Policy` HTTP header is not set to `no-referrer`, `no-referrer-when-downgrade`, `strict-origin`, `strict-origin-when-cross-origin` or `same-origin`. This can leak referer information. See the W3C Recommendation.
- The `Strict-Transport-Security` HTTP header is not set (should be at least `15552000` seconds). For enhanced security, it is recommended to enable HSTS.
database:
\u2713 Database missing columns: None
\u2713 Database missing indices: None
\u2713 Database missing primary keys: None
\u2713 Database pending bigint migrations: None
\u2713 MySQL Unicode support: MySQL is used as database and does support 4-byte characters
\u2713 Database version: 10.6.16-MariaDB-0ubuntu0.22.04.1
\u2713 Database transaction isolation level: Read committed
config:
\u2713 Default phone region: en
\u2713 Email test: Email test was successfully sent
\u2713 Overwrite CLI URL: The "overwrite.cli.url" option in your config.php is set to "http://network_machine_IP/nextcloud" which is a correct URL. Suggested URL is "http://localhost".
\u2713 Configuration file access rights: Nextcloud configuration file is writable
php:
\u2713 PHP default charset: UTF-8
\u2713 PHP set_time_limit: The function is available.
\u2713 Freetype: Supported
\u2713 PHP getenv
\u2713 PHP memory limit: ?
\u2713 PHP modules
\u2713 PHP opcache: Correctly configured
\u2713 PHP "output_buffering" option: Disabled
\u2713 PHP Imagick module
nextcloud/config.php
<?php
$CONFIG = array (
'updatechecker' => false,
'instanceid' => 'xxxxx',
'passwordsalt' => 'xxxxxxx',
'secret' => 'xxxxxxxxx',
'trusted_domains' =>
array (
0 => '127.0.0.1',
1 => 'localhost',
),
'datadirectory' => '/data',
'overwrite.cli.url' => 'http://localhost',
'dbtype' => 'mysql',
'version' => '29.0.0.19',
'dbname' => 'nextcloud',
'dbhost' => 'IP',
'dbtableprefix' => 'oc_',
'dbuser' => 'nextcloud',
'dbpassword' => 'xxxxxxxx',
'logtimezone' => 'UTC',
'installed' => true,
'default_phone_region' => 'PT',
'maintenance' => true,
'theme' => '',
'loglevel' => 0,
'filelocking.enabled' => true,
'overwriteprotocol' => 'https',
'preview_max_memory' => '1280',
'overwritehost' => 'nextcloud.example.com',
'overwritecondaddr' => '^network_GW$',
'maintenance_window_start' => 1,
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.distributed' => '\\OC\\Memcache\\Memcached',
'memcache.locking' => '\\OC\\Memcache\\Memcached',
'memcached_servers' =>
array (
0 =>
array (
0 => '127.0.0.1',
1 => 11211,
),
),
'mail_from_address' => 'nextcloud',
'mail_smtpmode' => 'smtp',
'mail_smtpauthtype' => 'LOGIN',
'mail_domain' => 'xxxxxxx',
'mail_sendmailmode' => 'smtp',
'updater.release.channel' => 'stable',
'app_install_overwrite' =>
array (
0 => 'social',
1 => 'documents',
2 => 'dropit',
3 => 'files_clipboard',
4 => 'uploaddetails',
5 => 'impersonate',
6 => 'files_downloadactivity',
7 => 'tencentcloudcosconfig',
),
'encryption.legacy_format_support' => false,
'encryption.key_storage_migrated' => false,
'mysql.utf8mb4' => true,
'mail_smtphost' => 'mail.example.com',
'mail_smtpport' => '587',
'mail_smtpauth' => 1,
'mail_smtpname' => 'nextcloud@example.com,
'mail_smtppassword' => 'xxxxxxxxxx',
);
nextcloud/.htaccess
# Section for Apache 2.4 to 2.6
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order Allow,Deny
Deny from all
Satisfy All
</IfModule>
# Section for Apache 2.2
<IfModule !mod_authz_core.c>
<IfModule !mod_access_compat.c>
<IfModule mod_authz_host.c>
Order Allow,Deny
Deny from all
</IfModule>
Satisfy All
</IfModule>
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^ocm-provider/(.*)$ /path/to/ocm-provider/$1 [L]
RewriteRule ^ocs-provider/(.*)$ /path/to/ocs-provider/$1 [L]
</IfModule>
# Section for Apache 2.2 to 2.6
<IfModule mod_autoindex.c>
IndexIgnore *
</IfModule>
virtual hosts File.
<VirtualHost *:443>
ServerName nextcloud.example.com
ServerAlias nextcloud.example.com
DocumentRoot /var/www/nextcloud/
ErrorLog /var/log/apache/example.com/error.log
# RewriteMap directive
RewriteMap lowercase int:tolower
# Add MIME type for .mjs files
AddType application/javascript .mjs
# Redirect rule for "/nextcloud"
Redirect "/nextcloud" "https://nextcloud.example.com"
# Security headers
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
Header always set X-Content-Type-Options "nosniff"
Header always set X-Robots-Tag "noindex, nofollow"
Header always set X-Frame-Options "sameorigin"
Header always set X-Permitted-Cross-Domain-Policies "none"
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "no-referrer"
</IfModule>
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_NAME} =nextcloud.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</IfModule>
</Directory>
<Location /remote.php/webdav>
Dav On
AuthType Basic
AuthName "WebDAV"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Location>
</VirtualHost>
