I recently built an instance of NCP. The current NCP version is 1.5.1. The current version of NC is 15.0.2. I would like to run occ based on the below text. However, I’m told on the NC settings page overview the below text. When I SSH into the unit and o to /var/www/nextcloud/, I’m told it can’t be run. What would the proper location be to follow the recommendations? Thank you very much for the assistance.
Security & setup warnings
It’s important for the security and performance of your instance that everything is configured correctly. To help you with that we are doing some automatic checks. Please see the linked documentation for more information.
There are some warnings regarding your setup.
The database is missing some indexes. Due to the fact that adding indexes on big tables could take some time they were not added automatically. By running "occ db:add-missing-indices" those missing indexes could be added manually while the instance keeps running. Once the indexes are added queries to those tables are usually much faster.
Missing index "owner_index" in table "oc_share".
Missing index "initiator_index" in table "oc_share".
This instance is missing some recommended PHP modules. For improved performance and better compatibility it is highly recommended to install them.
imagick
Some columns in the database are missing a conversion to big int. Due to the fact that changing column types on big tables could take some time they were not changed automatically. By running 'occ db:convert-filecache-bigint' those pending changes could be applied manually. This operation needs to be made while the instance is offline. For further details read the documentation page about this.
filecache.mtime
filecache.storage_mtime
The "Referrer-Policy" HTTP header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin", "strict-origin-when-cross-origin" or "same-origin". This can leak referer information. See the W3C Recommendation ↗.
Please double check the installation guides , and check for any errors or warnings in the log.
Check the security of your Nextcloud over our security scan .
For the “Referrer-Policy” thing you have to add this line in your Apache Virtualhost file (VirtualHost section) :
Header always set Referrer-Policy "no-referrer"
Then you’ll have to reload apache configuration
But it seems there is a bug because even if the line is ok NC is still complaining about that even of you get A+ here https://scan.nextcloud.com/
It should be fine if your Apache Virtualhost file contains this line
Header always set Referrer-Policy "no-referrer"
Your Apache Virtualhost file should be located here /etc/apache2/sites-available/ but I don’t know its name because I have no NCP installation, maybe /etc/apache2/sites-available/nextcloud.conf.
My Apache Virtualhost looks like this (it’s just an example, don’t use it for your installation), you can see the line Header always set Referrer-Policy “no-referrer”
<VirtualHost *:80>
ServerAdmin me@mydomain.tld
ServerName nextcloud.mydomain.tld
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [redirect=301]
# HTTP2
Protocols h2 h2c http/1.1
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin me@mydomain.tld
ServerName nextcloud.mydomain.tld
DocumentRoot /var/www/nextcloud
# HTTP2
Protocols h2 h2c http/1.1
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Header always set Referrer-Policy "no-referrer"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
SSLCertificateFile /etc/letsencrypt/live/nextcloud.mydomain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.mydomain.tld/privkey.pem
SSLEngine on
SSLProtocol all -TLSv1 -TLSv1.1 -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
</VirtualHost>
</IfModule>