Security & setup warnings, error log?

LandyVlad · November 20, 2017, 1:02pm

Hi I’m new here so please be patient
I did try looking in the documentation but probably don;t know what I should be searching for!

Nextcloud version 12.0.3:
OS Windows 10
Apache or nginx version: I have absolutely no idea?!
PHP version 5.6.30

Issue 1
In the Security & setup warnings section is has:

The “Strict-Transport-Security” HTTP header is not configured to at least “15552000” seconds. For enhanced security we recommend enabling HSTS as described in our security tips.
No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our documentation.
The PHP OPcache is not properly configured. For better performance we recommend to use following settings in the php.ini:
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

I’ve no idea how to go about fixing these, and the documentation section it refers to doesn’t really shed enough light on it for me to know precisely what to do…

Bonus - unrelated issue
I keep getting pop-up ‘notifications’ to say I’ve got a notification but… no notification by email or anything?

The output of your Nextcloud log in Admin > Logging:
Nothing really - all it says is “Missing expected parameters in change user hook”

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php $CONFIG = array ( 'instanceid' => 'redacted', 'passwordsalt' => 'also redactedi', 'secret' => 'very redcated', 'trusted_domains' => array ( 0 => 'landyvlad.net', ), 'datadirectory' => '/home/directory/nextclouddata', 'overwrite.cli.url' => 'https://domain/nextcloud', 'dbtype' => 'mysql', 'version' => '12.0.3.3', 'dbname' => 'redacted', 'dbhost' => 'localhost', 'dbport' => '', 'dbtableprefix' => 'oc_', 'dbuser' => 'redacted', 'dbpassword' => 'redacted', 'installed' => true, );

The output of your Apache/nginx/system log in /var/log/____:
What? Where?

I’m really not thick, although it probably appears that way. I’m just frustrated and hope someone has the patience to walk me through this please.

Thank you all

MichaIng · November 20, 2017, 4:32pm

You installed the Nextcloud instance on a windows 10 server? I didn’t know that this is possible and all docs rely on a linux server. Or is this just your client system you use to access Nextcloud web interface? How did you install your Nextcloud instance?

In case the server is Linux base, use apachectl -V to get your apache version or nginx -v in case you use nginx webserver.

To resolve the admin panel warnings we usually don’t need logs. After you name your webserver, we can help you enable HSTS, for opcache you (on regular linux debian/ubuntu) you just need to add the given lines with values to /etc/php5/apache2/php.ini respectively /etc/php5/fpm/php.ini in case of nginx preferable beneath the [opcache] line or to /etc/php5/mods-available/opcache.ini which has the same effect. Afterwards restart the webserver to load new configs: service apache2/nginx restart

LandyVlad · November 21, 2017, 11:40am

Ah no. I mean my computer uses a win 10 OS

Hosting - I have a cPanel account with netVirtue
see https://netvirtue.com.au/web-hosting/economy

It was installed using softaculous.

I have working installs of Wordpress, piwigo, SMF forums etc.

Does this help?

MichaIng · November 21, 2017, 4:36pm

Ah okay I thought so: The warning can just be resolved server side. Your hosting provider should know how. Both HSTS and opcache can be also set just for your Nextcloud folder location within the webserver config by using HSTS header and PHP_ADMIN_VALUE directive/fastcgi param.

Just give your hosting provider this info/topic for reference.

LandyVlad · June 14, 2018, 4:32am

OK I have advised my hosting provider of this, and your solution above Michalng and they say that “Unfortunately, those changes cannot be done on Shared hosting”.

Which doesn’t sound right to me… sigh.

@MichaIng

MichaIng · June 18, 2018, 4:18pm

There is of course always a discrepancy of what is possible and what is wanted.

HSTS is possible on vhost basis at least, but applies then for the while domain. Not sure indeed if it is possible to set it just for your personal independant domain, instead of server IP and hosting providers domain as well.

OPcache as mentioned is possible on directory basis within vhost. But of course the question is if it’s wanted that you may theoretically block 128M RAM by OPcache.