Help giving php access to /dev/urandom

I have my Nextcloud hardened according to the hardening guide in the documentation, but over the months I haven’t gotten around to increasing the quality of “randomly” generated numbers. With my low knowledge of PHP, and the vagueness of the documentation, could someone tell me how to do that the right way?

It sounds to me like it’s something I can add to the php.ini file for Apache. What’s best practice? Here’s what I have:

Ubuntu Server 16.04
Nextcloud is running in a LXD container and the container OS is Ubuntu 16.04

Everything else is pretty basic. HTTPS only connections, running basic DAV apps, Spreed, TOTP. Not sure what variables dictate how I should pass permissions to /dev/urandom

/dev/urandom must be in die PATH. you must add this entry to the php.ini to the open_basedir.