Nextcloud version : 13.0.5
Operating system and version : Ubuntu 18.04 LTS for Raspberry Pi2
Apache version :
PHP version : 7.2
Raspeberry Pi2
Forgive me, I’m a newbie, both in computer science and in Nextcloud!
So, I should have installed and configured well:
Openssl
apache
mariadb
Netxcloud
When I log in, in the general information, these two messages appear to me:
The HTTP “Strict-Transport-Security” header is not configured with a value of at least “15552000” seconds. To improve security, we recommend enabling HSTS as described in the safety tips.
No memory cache has been configured. To improve performance, configure a memcache, if available. Further information is available in the documentation.
But even reading the documentation, I have no idea how to proceed to resolve.
Also I’m not sure I have enabled port 443 in the configurations, on the modem / router yes.
Is there anyone, kind and patient, who would please take a few minutes, explaining step by step how to do it?
Please do not let me go back to Google Drive!
Thanks to those who will answer me!
The HSTS is set within the enables ssl apache conf. This is a working conf from a apache2 v2.4.25
on a debian is located on /etc/apaches2/enables-sites/whatever-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
Protocols h2 http/1.1
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/x/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/x/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ServerName x
# Guarantee HTTPS for 6 Month including Sub Domains
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</VirtualHost>
# modern configuration, tweak to your need
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder on
# new ssl no compression method
# SSLCompression on
SSLSessionTickets off
SSLOptions +StrictRequire
# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>
The protocol ligne is for the HTTP/2 support ( if enable )
HSTS is set by the header line
Hello,
and I’m sorry if I answer you only now!
First of all thank you very much for the time you dedicated to me!
So … yesterday I tried again and in the end, I put the following string:
For inital level configuration check for the following settings under Memcache configuration file /etc/memcached.conf.
-d => Run Memcached in deamon mode. You can use this option to configure your Memcached server to run as service.
-m => Define the maximum number of Memory can be used by Memcached deamon. (default: 64 MB)
-p => Defind port for Memcached to listen on. (default: 11211)
-l => Defind the IP address to Memcached listen on. Set 0.0.0.0 to listen on all IPs(enterfaces) configured on system.
Check memcache manpage for extended options.
After making changes, restart the Memcached service.
Use the following command to check and verify that Memcached service is running properly on your system. This will show you the current statstics of your Memcached server. So the values may be differ that below results:
echo "stats settings" | nc localhost 11211
echo:
STAT maxbytes 134217728
STAT maxconns 1024
STAT tcpport 11211
STAT udpport 11211
STAT inter 127.0.0.1
STAT verbosity 0
STAT oldest 0
STAT evictions on
STAT domain_socket NULL
STAT umask 700
STAT growth_factor 1.25
STAT chunk_size 48
STAT num_threads 4
STAT num_threads_per_udp 4
STAT stat_key_prefix :
STAT detail_enabled no
STAT reqs_per_event 20
STAT cas_enabled yes
STAT tcp_backlog 1024
STAT binding_protocol auto-negotiate
STAT auth_enabled_sasl no
STAT item_size_max 1048576
STAT maxconns_fast no
STAT hashpower_init 0
STAT slab_reassign no
STAT slab_automove 0
STAT lru_crawler no
STAT lru_crawler_sleep 100
STAT lru_crawler_tocrawl 0
STAT tail_repair_time 0
STAT flush_enabled yes
STAT hash_algorithm jenkins
STAT lru_maintainer_thread no
STAT hot_lru_pct 32
STAT warm_lru_pct 32
STAT expirezero_does_not_evict no
END
Then install memcache for php: apt-get install php-memcached
then service apache2 restart
Check if Memcache php extension is enabled and working properly. Use php.info
html like file called php.info :
<?php
phpinfo();
?>
you should find a sub-section called memcache like this:
For local memory caching, don’t use Redis nor memcache. The first one is slower, though needed for transactional file locking, which is a different topic. The second is usually needed for distributed caching, a bid overkill, if your Nextcloud is a single server machine.
Use APCu for local memory caching. For this install php-apcu and add 'memcache.local' => '\OC\Memcache\APCu', to your config.php.
Thank you so much for both!
I think I’ll try APCu: micalng how do I configure it? In the link you posted are there any easy information for me too?
As for the Strict-Transport-Security, have I configured well or badly?
And the last question: how do I check if I have configured port 443 well?
Thanks again for your patience!
On my server, i have generated my https cert using the letsencrypt cerbot.
The easy way in fact, is to set a simple http apache2 server. Then to use letsencrypt cerbot to get a free certificat.
During the generation/install, cerbot use the apache2 mod_rewritte to redirect ALL traffic to port 443 using HTTPS.
Under /etc/apache2/sites-enabled
i have: 000-default.conf (for http port 80 traffic ) and 000-default-le-ssl.conf ( for https port 443 traffic ).
Hello to all,
sorry if I reopen this discussion. I have difficulties on my Raspberry Pi 2 model B, php7.2, mariadb, apache, ubuntu 18.04 for Rapsberry.
I had to install it all over again, everything works fine except memcache.
I did this:
sudo apt install php-apcu redis-server php-redis
sudo service apache2 restart
sudo nano /etc/redis/redis.conf and I put “port 0” and “unixsocketperm 770”
sudo usermod -a -G redis www-data
sudo service apache2 restart
sudo service redis-server start
I have configured the Nextcloud config.ini as follows:
