Hi! I’m trying to improve the security and performance of my apache based nextcloud instance. I’m only running nextcloud with it, and have not added any extra “apps” to nextcloud. I use a mariadb db. I require TLS/HTTPS. This is just a personal install.
Given this info, can someone help list the modules apache must load to work for nextcloud?
I see this page, https://docs.nextcloud.com/server/9/admin_manual/installation/source_installation.html#apache-web-server-configuration but I do not want to assume this page speaks to ALL necessary modules (including ones maybe considered defaults by apache)
Assistance is appreciated!
i dont fully understand the question asked.
what version of php are you using.
do you want a list of all needed modules or just the minimal requirements.
tflidd
August 6, 2017, 4:01pm
3
I think he wants to disable all modules that are not needed. I’m not sure if there is such a list. I would certainly keep the required and recommend modules and then disable the others one-by-one. The default modules and exact name differ between distributions.
Thanks for the responses! Sorry for the delay. Ideally, I’d love to only enable the ones required for Nextcloud. I’m running on a x64 linux OS, QNAP QTS and this is a custom package not supported by anyone. They seem to have gone module crazy.
PHP is 7.1.7 currently and there is a caching engine I can use. (not yet enabled - needs research)
As I don’t use anything extra in NextCloud, and its just a personal site I figured this should be straightforward. I just don’t know how modules work.
For example, authnz_ldap_module is obviously for ldap, which I have no need for, but perhaps Apache or NextCloud required it to be enabled. I have no idea how I could verify this with high reassurance other than asking the developers. I also don’t know what all the modules do, especially if they are not visibly doing anything.
It sounds like it is trial and error, which I can always resort to, but I’d rather avoid disabling something that could irreversibly corrupt my config/files. (I can make backups, but would rather understand what is safe to disable instead)
Kinda hoping asking NextCloud directly, is the best way to ensure I get this lockdown correct.
httpd.conf modules:
#LoadModule authn_file_module libexec/mod_authn_file.so
#LoadModule authn_dbm_module libexec/mod_authn_dbm.so
#LoadModule authn_anon_module libexec/mod_authn_anon.so
#LoadModule authn_dbd_module libexec/mod_authn_dbd.so
LoadModule authn_socache_module libexec/mod_authn_socache.so
LoadModule authn_core_module libexec/mod_authn_core.so
LoadModule authz_host_module libexec/mod_authz_host.so
LoadModule authz_groupfile_module libexec/mod_authz_groupfile.so
LoadModule authz_user_module libexec/mod_authz_user.so
LoadModule authz_dbm_module libexec/mod_authz_dbm.so
LoadModule authz_owner_module libexec/mod_authz_owner.so
LoadModule authz_dbd_module libexec/mod_authz_dbd.so
LoadModule authz_core_module libexec/mod_authz_core.so
LoadModule authnz_ldap_module libexec/mod_authnz_ldap.so
LoadModule authnz_fcgi_module libexec/mod_authnz_fcgi.so
LoadModule access_compat_module libexec/mod_access_compat.so
LoadModule auth_basic_module libexec/mod_auth_basic.so
LoadModule auth_form_module libexec/mod_auth_form.so
LoadModule auth_digest_module libexec/mod_auth_digest.so
LoadModule allowmethods_module libexec/mod_allowmethods.so
LoadModule isapi_module libexec/mod_isapi.so
LoadModule file_cache_module libexec/mod_file_cache.so
LoadModule cache_module libexec/mod_cache.so
LoadModule cache_disk_module libexec/mod_cache_disk.so
LoadModule cache_socache_module libexec/mod_cache_socache.so
LoadModule socache_shmcb_module libexec/mod_socache_shmcb.so
#LoadModule socache_dbm_module libexec/mod_socache_dbm.so
#LoadModule socache_memcache_module libexec/mod_socache_memcache.so
#LoadModule watchdog_module libexec/mod_watchdog.so
#LoadModule macro_module libexec/mod_macro.so
#LoadModule dbd_module libexec/mod_dbd.so
#LoadModule dumpio_module libexec/mod_dumpio.so
#LoadModule echo_module libexec/mod_echo.so
#LoadModule buffer_module libexec/mod_buffer.so
LoadModule data_module libexec/mod_data.so
#LoadModule ratelimit_module libexec/mod_ratelimit.so
#LoadModule reqtimeout_module libexec/mod_reqtimeout.so
#LoadModule ext_filter_module libexec/mod_ext_filter.so
LoadModule request_module libexec/mod_request.so
LoadModule include_module libexec/mod_include.so
LoadModule filter_module libexec/mod_filter.so
LoadModule reflector_module libexec/mod_reflector.so
LoadModule substitute_module libexec/mod_substitute.so
LoadModule sed_module libexec/mod_sed.so
LoadModule charset_lite_module libexec/mod_charset_lite.so
LoadModule deflate_module libexec/mod_deflate.so
LoadModule xml2enc_module libexec/mod_xml2enc.so
LoadModule proxy_html_module libexec/mod_proxy_html.so
LoadModule mime_module libexec/mod_mime.so
LoadModule ldap_module libexec/mod_ldap.so
LoadModule log_config_module libexec/mod_log_config.so
#LoadModule log_debug_module libexec/mod_log_debug.so
#LoadModule log_forensic_module libexec/mod_log_forensic.so
LoadModule logio_module libexec/mod_logio.so
LoadModule env_module libexec/mod_env.so
LoadModule mime_magic_module libexec/mod_mime_magic.so
#LoadModule expires_module libexec/mod_expires.so
LoadModule headers_module libexec/mod_headers.so
#LoadModule usertrack_module libexec/mod_usertrack.so
#LoadModule unique_id_module libexec/mod_unique_id.so
LoadModule setenvif_module libexec/mod_setenvif.so
LoadModule version_module libexec/mod_version.so
#LoadModule remoteip_module libexec/mod_remoteip.so
LoadModule proxy_module libexec/mod_proxy.so
LoadModule proxy_connect_module libexec/mod_proxy_connect.so
LoadModule proxy_ftp_module libexec/mod_proxy_ftp.so
LoadModule proxy_http_module libexec/mod_proxy_http.so
LoadModule proxy_fcgi_module libexec/mod_proxy_fcgi.so
LoadModule proxy_scgi_module libexec/mod_proxy_scgi.so
#LoadModule proxy_fdpass_module libexec/mod_proxy_fdpass.so
#LoadModule proxy_wstunnel_module libexec/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module libexec/mod_proxy_ajp.so
#LoadModule proxy_balancer_module libexec/mod_proxy_balancer.so
#LoadModule proxy_express_module libexec/mod_proxy_express.so
LoadModule session_module libexec/mod_session.so
LoadModule session_cookie_module libexec/mod_session_cookie.so
LoadModule session_crypto_module libexec/mod_session_crypto.so
LoadModule session_dbd_module libexec/mod_session_dbd.so
#LoadModule slotmem_shm_module libexec/mod_slotmem_shm.so
#LoadModule slotmem_plain_module libexec/mod_slotmem_plain.so
LoadModule ssl_module libexec/mod_ssl.so
#LoadModule dialup_module libexec/mod_dialup.so
#LoadModule lbmethod_byrequests_module libexec/mod_lbmethod_byrequests.so
#LoadModule lbmethod_bytraffic_module libexec/mod_lbmethod_bytraffic.so
#LoadModule lbmethod_bybusyness_module libexec/mod_lbmethod_bybusyness.so
#LoadModule lbmethod_heartbeat_module libexec/mod_lbmethod_heartbeat.so
LoadModule unixd_module libexec/mod_unixd.so
#LoadModule heartbeat_module libexec/mod_heartbeat.so
#LoadModule heartmonitor_module libexec/mod_heartmonitor.so
LoadModule dav_module libexec/mod_dav.so
LoadModule status_module libexec/mod_status.so
#LoadModule autoindex_module libexec/mod_autoindex.so
#LoadModule asis_module libexec/mod_asis.so
LoadModule info_module libexec/mod_info.so
LoadModule suexec_module libexec/mod_suexec.so
#<IfModule !mpm_prefork_module>
# LoadModule cgid_module libexec/mod_cgid.so
#</IfModule>
#<IfModule mpm_prefork_module>
# LoadModule cgi_module libexec/mod_cgi.so
#</IfModule>
LoadModule dav_fs_module libexec/mod_dav_fs.so
LoadModule dav_lock_module libexec/mod_dav_lock.so
LoadModule vhost_alias_module libexec/mod_vhost_alias.so
#LoadModule negotiation_module libexec/mod_negotiation.so
LoadModule dir_module libexec/mod_dir.so
LoadModule imagemap_module libexec/mod_imagemap.so
LoadModule actions_module libexec/mod_actions.so
LoadModule speling_module libexec/mod_speling.so
LoadModule userdir_module libexec/mod_userdir.so
LoadModule alias_module libexec/mod_alias.so
LoadModule rewrite_module libexec/mod_rewrite.so
#LoadModule php7_module /opt/Qapache/libexec/libphp7.so
LoadModule dav_svn_module /opt/Qapache/libexec/mod_dav_svn.so
LoadModule authz_svn_module /opt/Qapache/libexec/mod_authz_svn.so
LoadModule php7_module libexec/libphp7.so
Any chance I could get some help on this?https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html#apache-web-server-configuration ) does not list this module.
dav_module
bump, hoping for any help on this.