Help for memcache e Stric-Transport-Security

Nextcloud version : 13.0.5
Operating system and version : Ubuntu 18.04 LTS for Raspberry Pi2
Apache version :
PHP version : 7.2
Raspeberry Pi2

Forgive me, I’m a newbie, both in computer science and in Nextcloud!
So, I should have installed and configured well:

  • Openssl
  • apache
  • mariadb
  • Netxcloud

When I log in, in the general information, these two messages appear to me:

  • The HTTP “Strict-Transport-Security” header is not configured with a value of at least “15552000” seconds. To improve security, we recommend enabling HSTS as described in the safety tips.

  • No memory cache has been configured. To improve performance, configure a memcache, if available. Further information is available in the documentation.

But even reading the documentation, I have no idea how to proceed to resolve.
Also I’m not sure I have enabled port 443 in the configurations, on the modem / router yes.
Is there anyone, kind and patient, who would please take a few minutes, explaining step by step how to do it? :blush::pray:
Please do not let me go back to Google Drive!
Thanks to those who will answer me!:blush:


The HSTS is set within the enables ssl apache conf. This is a working conf from a apache2 v2.4.25

on a debian is located on /etc/apaches2/enables-sites/whatever-ssl.conf

<IfModule mod_ssl.c>

<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        Protocols h2 http/1.1
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLCertificateFile /etc/letsencrypt/live/x/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/x/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
        ServerName x
        # Guarantee HTTPS for 6 Month including Sub Domains
    Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"


# modern configuration, tweak to your need
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

SSLHonorCipherOrder     on
# new ssl no compression method
# SSLCompression          on
SSLSessionTickets       off

SSLOptions +StrictRequire

# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling          on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache        shmcb:/var/run/ocsp(128000)

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

The protocol ligne is for the HTTP/2 support ( if enable )
HSTS is set by the header line

Of course, an apache restart is needed for that.

1 Like

For your cache option, you may use different options, like using redis… or else.

This is depending on several parameters and usage for your server …

1 Like

and I’m sorry if I answer you only now!
First of all thank you very much for the time you dedicated to me! :slight_smile:
So … yesterday I tried again and in the end, I put the following string:

<IfModule mod_headers.c>
Header always set Strict-Transport-Security “max-age = 15768000; includeSubDomains; preload”
</ IfModule>

in /etc/apache2/apache.conf

and the Strict-Transport-Security alert, when I log in to my Nextcloud, has been discovered.
I was wrong?

For memcache I did not understand: do I have to install it? And how do I configure it?
Thank you for your patience! :slight_smile:

typical install for memcache is made by:

sudo apt-get update
sudo apt-get install memcached

For inital level configuration check for the following settings under Memcache configuration file /etc/memcached.conf.

-d => Run Memcached in deamon mode. You can use this option to configure your Memcached server to run as service.
-m => Define the maximum number of Memory can be used by Memcached deamon. (default: 64 MB)
-p => Defind port for Memcached to listen on. (default: 11211)
-l => Defind the IP address to Memcached listen on. Set to listen on all IPs(enterfaces) configured on system.
Check memcache manpage for extended options.

After making changes, restart the Memcached service.

Use the following command to check and verify that Memcached service is running properly on your system. This will show you the current statstics of your Memcached server. So the values may be differ that below results:

echo "stats settings" | nc localhost 11211


STAT maxbytes 134217728
STAT maxconns 1024
STAT tcpport 11211
STAT udpport 11211
STAT inter
STAT verbosity 0
STAT oldest 0
STAT evictions on
STAT domain_socket NULL
STAT umask 700
STAT growth_factor 1.25
STAT chunk_size 48
STAT num_threads 4
STAT num_threads_per_udp 4
STAT stat_key_prefix :
STAT detail_enabled no
STAT reqs_per_event 20
STAT cas_enabled yes
STAT tcp_backlog 1024
STAT binding_protocol auto-negotiate
STAT auth_enabled_sasl no
STAT item_size_max 1048576
STAT maxconns_fast no
STAT hashpower_init 0
STAT slab_reassign no
STAT slab_automove 0
STAT lru_crawler no
STAT lru_crawler_sleep 100
STAT lru_crawler_tocrawl 0
STAT tail_repair_time 0
STAT flush_enabled yes
STAT hash_algorithm jenkins
STAT lru_maintainer_thread no
STAT hot_lru_pct 32
STAT warm_lru_pct 32
STAT expirezero_does_not_evict no

Then install memcache for php:
apt-get install php-memcached
service apache2 restart

Check if Memcache php extension is enabled and working properly. Use
html like file called :


you should find a sub-section called memcache like this:

1 Like

For local memory caching, don’t use Redis nor memcache. The first one is slower, though needed for transactional file locking, which is a different topic. The second is usually needed for distributed caching, a bid overkill, if your Nextcloud is a single server machine.

Use APCu for local memory caching. For this install php-apcu and add 'memcache.local' => '\OC\Memcache\APCu', to your config.php.

The docs give some more explanations:

1 Like

Thank you so much for both! :smiley:
I think I’ll try APCu: micalng how do I configure it? In the link you posted are there any easy information for me too? :blush:

As for the Strict-Transport-Security, have I configured well or badly?
And the last question: how do I check if I have configured port 443 well?
Thanks again for your patience!:smiley:

Usually, apache2 https traffic use port 443.

On my server, i have generated my https cert using the letsencrypt cerbot.

The easy way in fact, is to set a simple http apache2 server. Then to use letsencrypt cerbot to get a free certificat.
During the generation/install, cerbot use the apache2 mod_rewritte to redirect ALL traffic to port 443 using HTTPS.

Under /etc/apache2/sites-enabled
i have: 000-default.conf (for http port 80 traffic ) and 000-default-le-ssl.conf ( for https port 443 traffic ).

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        Protocols h2 http/1.1
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

For HSTS check,

1 Like

ACPu install is explain here:

to resume: apt-get install php7.2-apcu

1 Like

I thank you for the answer! :smiley: :smiley: :smiley:
So I did the test you recommended, and I have the HSTS working and active. I conclude that I was not wrong then.

As for port 443, I under / etc / apache2 / sites-enable, I have:

  • @ 000-default.conf
  • @ default-ssl.conf
  • @ nextcloud.conf

The @ default-ssl.conf starts with:

<VirtualHost default: 443>

You say it’s set up right?

seem you vhost is set right.

In my case, witch is having several vhost on the same machine, i redirect ALL traffic to 443
In each of my vhost, i have <VirtualHost *:443>

1 Like

And I even made it to configure memcache. :wink:

You were really very kind and patient, thank you very much! :relaxed: :slight_smile:

1 Like

Hello to all,
sorry if I reopen this discussion. I have difficulties on my Raspberry Pi 2 model B, php7.2, mariadb, apache, ubuntu 18.04 for Rapsberry.
I had to install it all over again, everything works fine except memcache.
I did this:

  • sudo apt install php-apcu redis-server php-redis
  • sudo service apache2 restart
  • sudo nano /etc/redis/redis.conf and I put “port 0” and “unixsocketperm 770”
  • sudo usermod -a -G redis www-data
  • sudo service apache2 restart
  • sudo service redis-server start
  • I have configured the Nextcloud config.ini as follows:

‘memcache.local’ => ‘\ OC \ Memcache \ APCu’,
‘memcache.locking’ => ‘\ OC \ Memcache \ Redis’,
‘filelocking.enabled’ => ‘true’,
‘redis’ =>
array (
‘host’ => ‘/var/run/redis/redis.sock’,
‘port’ => 0,
‘timeout’ => 0.0,

  • sudo systemctl enable redis-server

I can safely enter my Nextcloud both locally and remotely, but I can not upload files or create a folder.
Why? Where am I wrong?