Everything fine or not?

#1

When I use scan.nextcloud.com I get an A+. When I log in into my own NC via web interface an navigate to https:///settings/admin/overview I get some warnings relating to PHP. Whom should I trust?

#2

both. because the scans are on different level.

2 Likes
#3

Where can I find an explanation about these levels and their differences?

#4

i don’t know if there is anywhere a complete list of scans.

https://docs.nextcloud.com/server/16/admin_manual/configuration_server/security_setup_warnings.html?highlight=security

but scan.nextcloud.com only scans your web server from outside. like many other web server security scanner. scan.nextcloud.com additional checks your nextcloud version.

but this scanners are not able to detect if your setup is using redis or memcache for caching. this is only possible on os level.

lets say: if your outside scan result is a+ you are secure. if the internal scan on the admin page shows additional results your setup is still secure but needs some fine tuning.

#5

The warnings are normally tweaks that you need to do to your php.ini file in order to have best performances with your nextcloud.

You have the details of the lines you need to add/modify

Could you show us the warnings you get ?

1 Like
#6

I’ve translated the warnings from German to English:

There are some warnings with your system configuration.

You are currently using PHP 7.0.33-0+deb9u3. Upgrade your PHP version to use the speed and security updates provided by the PHP group as soon as it supports your distribution.

Some columns in the database are not converted to big int. Due to the fact that changing column types for large tables can take some time, they have not been changed automatically. By running “occ db:convert-filecache-bigint” these outstanding changes can be applied manually. This operation must be performed while the instance is offline. See the documentation page for more details.

filecache.mtime
filecache.storage_mtime

Please review the installation instructions ? and check the log for possible errors or warnings.

BTW, I am wondering why on my machine is installed the PHP version 7.0.x.

I’ve entered

sudo apt-get update && sudo apt-get upgrade php

But this obviously has not installed the current version 7.3.x.

#7

The 7.3 version isn’t in the official repository for your distro.
I use this page to install and update my nextcloud https://www.c-rieger.de/nextcloud-installation-guide-ubuntu/

You need to do this command in your server :
sudo -u www-data php /var/www/nextcloud/occ db:convert-filecache-bigint

1 Like
#8

I have broken my NC. :frowning:

I have followed this instruction. Finally, I have rebooted my Raspi. But unfortunately now I cannot connect my NC. The browser shows:

Internal Server Error

The server encountered an internal error and was unable to complete your request.
Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report.
More details can be found in the server log.

#9

I think you miss a php module or something like that.
You have more details in the error log of your ngnix /var/log/ngnix/…

1 Like
#10
2019/05/11 13:43:58 [error] 588#588: *1485 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught Doctrine\DBAL\DBALException: Failed to connect to the database: An except$
        Is the server running on host "localhost" (::1) and accepting
        TCP/IP connections on port 5432?
could not connect to server: Connection refused
        Is the server running on host "localhost" (127.0.0.1) and accepting
        TCP/IP connections on port 5432? in /home/pi/usbdrive/html/lib/private/DB/Connection.php:64
Stack trace:
#0 /home/pi/usbdrive/html/3rdparty/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(429): OC\DB\Connection->connect()
#1 /home/pi/usbdrive/html/3rdparty/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(389): Doctrine\DBAL\Connection->getDatabasePlatformVersion()
#2 /home/pi/usbdrive/html/3rdparty/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(328): Doctrine\DBAL\Connection->detectDatabasePlatform()
#3 /home/pi/usbdrive/html/3rdparty/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(623): Doctrine\D...
PHP message: PHP Fatal error:  Uncaught Doctrine\DBAL\DBALException: Failed to connect to the database: An exception occured in driver: SQLSTATE[08006] [7] could not connect to serv$
        Is the server running on host "localhost" (::1) and accepting
        TCP/IP connections on port 5432?
could not connect to server: Connection refused
        Is the server running on host "localhost" (127.0.0.1) and accepting
        TCP/IP connections on port 5432? in /home/pi/usbdrive/html/lib/private/DB/Connection.php:64
Stack trace:
#0 /home/pi/usbdrive/html/3rdparty/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(429): OC\DB\Connection->connect()
#1 /home/pi/usbdrive/html/3rdparty/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(389): Doctrine\DBAL\Connection->getDatabasePlatformVersion()
#2 /home/pi/usbdrive/html/3rdparty/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(328): Doctrine\DBAL\Connection->detectDatabasePlatform()
#3 /home/pi/usbdrive/html/3rdpart
#11

Php cannot connect to your database.
What database are you using ? mysql mariadb or postgresql ?

Then try to connect to your database without php or html. Mysql -u root -p /for exemple if you’re using mysql or mariadb.

1 Like
#12

I am using postgresql.

#13

apt-get install php-pgsql
This command will install the PHP module for using Postgresql.

Reload your ngnix or apache webserver and see if it’s working.

1 Like
#14

Unfortunately, this hasn’t brought success.

Last line of nginx/error.log

2019/05/11 16:19:41 [crit] 597#597: *364 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hell$
#15

Now it’s a problem with ssl handshake.
Go into your ngnix nextcloud.conf file.

Put a # in front of every lines into the server Https bracket.

Restart Ngnix and go on http://yournextcloudserver
If it works you have to reconfigure your ssl configuration.

1 Like
#16

I have a certificate from letsencrypt. The server is configured to renew the certificate every week. How can I manually force the server to renew the certificate just now? Would this solve the problem?

#17

certbot renew
Or
letsencrypt renew

1 Like
#18
pi@raspberrypi:~ $ sudo letsencrypt renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/vatocloud.firewall-gateway.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/vatocloud.firewall-gateway.com/fullchain.pem expires on 2019-07-10 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

And

pi@raspberrypi:~ $ sudo certbot --force-renewal
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
pi@raspberrypi:~ $ man certbot
pi@raspberrypi:~ $ sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested nginx plugin does not appear to be installed
#19

Your cert isn’t expired.
You have a problem on your nextcloud.conf file with ssl. Follow what i told you before

1 Like
#20
pi@raspberrypi:/ $ locate nextcloud.conf
/etc/apache2/sites-available/nextcloud.conf

And the content of the file is:

Alias /nextcloud "/var/www/html/"

<Directory /var/www/html/>
  Options +FollowSymlinks
  AllowOverride All

 <IfModule mod_dav.c>
  Dav off
 </IfModule>

 SetEnv HOME /var/www/html
 SetEnv HTTP_HOME /var/www/html

</Directory>