Locaton for running 'occ'

ℹ️ Support 📦 Appliances (Docker, Snappy, VM, NCP, AIO)
1

Hello, all.

I recently built an instance of NCP. The current NCP version is 1.5.1. The current version of NC is 15.0.2. I would like to run occ based on the below text. However, I’m told on the NC settings page overview the below text. When I SSH into the unit and o to /var/www/nextcloud/, I’m told it can’t be run. What would the proper location be to follow the recommendations? Thank you very much for the assistance.

Security & setup warnings

It’s important for the security and performance of your instance that everything is configured correctly. To help you with that we are doing some automatic checks. Please see the linked documentation for more information.
There are some warnings regarding your setup.

The database is missing some indexes. Due to the fact that adding indexes on big tables could take some time they were not added automatically. By running "occ db:add-missing-indices" those missing indexes could be added manually while the instance keeps running. Once the indexes are added queries to those tables are usually much faster.
    Missing index "owner_index" in table "oc_share".
    Missing index "initiator_index" in table "oc_share".
This instance is missing some recommended PHP modules. For improved performance and better compatibility it is highly recommended to install them.
    imagick
Some columns in the database are missing a conversion to big int. Due to the fact that changing column types on big tables could take some time they were not changed automatically. By running 'occ db:convert-filecache-bigint' those pending changes could be applied manually. This operation needs to be made while the instance is offline. For further details read the documentation page about this.
    filecache.mtime
    filecache.storage_mtime
The "Referrer-Policy" HTTP header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin", "strict-origin-when-cross-origin" or "same-origin". This can leak referer information. See the W3C Recommendation ↗.

Please double check the installation guides :arrow_upper_right:, and check for any errors or warnings in the log.

Check the security of your Nextcloud over our security scan :arrow_upper_right:.

2

Hi,

For databases issues you have to do this if your Nextcloud installation is in .var/www/nextcloud :

sudo -u www-data php /var/www/nextcloud/occ db:add-missing-indices
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on
sudo -u www-data php /var/www/nextcloud/occ db:convert-filecache-bigint
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off

This operation can be very looooong.

For imagick you’ll have to do :

sudo apt-install php-imagick

For the “Referrer-Policy” thing you have to add this line in your Apache Virtualhost file (VirtualHost section) :

Header always set Referrer-Policy "no-referrer"

Then you’ll have to reload apache configuration
But it seems there is a bug because even if the line is ok NC is still complaining about that even of you get A+ here https://scan.nextcloud.com/

Regards

3

So, if I’m thinking right, it should be fine even if it does complain. Would I be correct?

Thank you very much for the assistance.

4

It should be fine if your Apache Virtualhost file contains this line

Header always set Referrer-Policy "no-referrer"

Your Apache Virtualhost file should be located here /etc/apache2/sites-available/ but I don’t know its name because I have no NCP installation, maybe /etc/apache2/sites-available/nextcloud.conf.

My Apache Virtualhost looks like this (it’s just an example, don’t use it for your installation), you can see the line Header always set Referrer-Policy “no-referrer”

<VirtualHost *:80>
        ServerAdmin me@mydomain.tld
        ServerName nextcloud.mydomain.tld
        RewriteEngine On
        RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [redirect=301]
        # HTTP2
        Protocols h2 h2c http/1.1
</VirtualHost>

<IfModule mod_ssl.c>
        <VirtualHost *:443>
                ServerAdmin me@mydomain.tld
                ServerName nextcloud.mydomain.tld
                DocumentRoot /var/www/nextcloud
                # HTTP2
                Protocols h2 h2c http/1.1

                Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
                Header always set Referrer-Policy "no-referrer"

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                        <Directory /var/www/nextcloud/>
                        Options +FollowSymlinks
                        AllowOverride All

                        <IfModule mod_dav.c>
                                Dav off
                        </IfModule>

                        SetEnv HOME /var/www/nextcloud
                        SetEnv HTTP_HOME /var/www/nextcloud

                        </Directory>

                SSLCertificateFile /etc/letsencrypt/live/nextcloud.mydomain.tld/fullchain.pem
                SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.mydomain.tld/privkey.pem

                SSLEngine on
                SSLProtocol all -TLSv1 -TLSv1.1 -SSLv2 -SSLv3
                SSLHonorCipherOrder on
                SSLCompression off
                SSLOptions +StrictRequire
                SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

        </VirtualHost>
</IfModule>
5

Thank you very much. I definitely appreciate it.