A lot of info here to digest
Frustrating that this has been ongoing for a number of versions.
I’m on SiteGround if that assists.
I ran NC Security Scan which indicates …
Running Nextcloud 11.0.3.2
See next section of what is installed.
Install Info
Nextcloud version : 14.0.4
Operating system and version (eg, Ubuntu 17.04):
Apache or nginx version (eg, Apache 2.4.25):
PHP version : 7.1.24
Database Server:
- Server: Localhost via UNIX socket
- Server type: Percona Server
- Server version: 5.6.40-84.0-log - Percona Server (GPL), Release 84.0, Revision 47234b3
- Protocol version: 10
Web Server:
cpsrvd 11.66.0.24
Database client version: libmysql - 5.1.73
PHP extension: mysqliDocumentation curlDocumentation mbstringDocumentation
PHP version: 5.6.30
The issue you are facing:
Ongoing Security & setup warnings
I have been getting these warning on an ongoing basis
Is this the first time you’ve seen this error? (Y/N): No
It has been an ongoing issue since NC v 10
Steps to replicate it:
- Delete and Install New Version
- Auto Update new version
- Manually update new version
Regardless of what method chosen these errors continue
Security & setup warnings output
Transactional file locking is disabled, this might lead to issues with race conditions. Enable "filelocking.enabled" in config.php to avoid these problems. See the documentation ↗ for more information.
The "X-XSS-Protection" HTTP header is not set to "1; mode=block". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
The "X-Content-Type-Options" HTTP header is not set to "nosniff". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
The "X-Robots-Tag" HTTP header is not set to "none". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
The "X-Download-Options" HTTP header is not set to "noopen". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
The "X-Permitted-Cross-Domain-Policies" HTTP header is not set to "none". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗.
Refer .htaccess file
Your web server is not properly set up to resolve "/.well-known/caldav". Further information can be found in the documentation.
Your web server is not properly set up to resolve "/.well-known/carddav". Further information can be found in the documentation.
No memory cache has been configured. To enhance performance, please configure a memcache, if available. Further information can be found in the documentation.
---- .htaccess root contents included -------
RewriteRule ^\.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
RewriteRule ^\.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json [QSA,L]
RewriteRule ^\.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
RewriteRule ^\.well-known/carddav /nextcloud/remote.php/dav/ [R=301,L]
RewriteRule ^\.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L]
---- .htaccess root contents included -------
The PHP OPcache is not properly configured. For better performance it is recommended to use the following settings in the php.ini:
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
Refer php.ini file
---- Admin > Logging -----
Debug no app in context No cache entry found for /appdata_occv9adk2rxx/avatar/yerg55/avatar.jpg (storage: local::/home/bbbbbb/ncdata/, internalPath: appdata_occv9adk2rxx/avatar/yerg55/avatar.jpg) a minute ago
Debug no app in context No cache entry found for /appdata_occv9adk2rxx/css/icons/icons-vars.css.gzip (storage: local::/home/bbbbbb/ncdata/, internalPath: appdata_occv9adk2rxx/css/icons/icons-vars.css.gzip) a minute ago
Debug no app in context No cache entry found for /appdata_occv9adk2rxx/theming/images/background (storage: local::/home/bbbbbb/ncdata/, internalPath: appdata_occv9adk2rxx/theming/images/background) a minute ago
Debug no app in context No cache entry found for /appdata_occv9adk2rxx/avatar/yerg55/avatar.jpg (storage: local::/home/bbbbbb/ncdata/, internalPath: appdata_occv9adk2rxx/avatar/yerg55/avatar.jpg) a minute ago
Debug cron Finished OCA\Support\BackgroundJobs\CheckSubscription job with ID 966 in 0 seconds 5 minutes ago
Debug cron Run OCA\Support\BackgroundJobs\CheckSubscription job with ID 966 5 minutes ago
Debug cron Finished OCA\DAV\BackgroundJob\UpdateCalendarResourcesRoomsBackgroundJob job with ID 963 in 0 seconds 5 minutes ago
Debug cron Run OCA\DAV\BackgroundJob\UpdateCalendarResourcesRoomsBackgroundJob job with ID 963 5 minutes ago
Debug cron Finished OC\Preview\BackgroundCleanupJob job with ID 960 in 0 seconds 5 minutes ago
Debug cron Run OC\Preview\BackgroundCleanupJob job with ID 960 5 minutes ago
Debug cron Finished OC\Log\Rotate job with ID 955 in 0 seconds 5 minutes ago
Debug cron Run OC\Log\Rotate job with ID 955 5 minutes ago
Debug cron Finished OC\Authentication\Token\DefaultTokenCleanupJob job with ID 954 in 0 seconds 5 minutes ago
Debug cron Invalidating remembered session tokens older than 2018-11-26T06:00:02+00:00 5 minutes ago
Debug cron Invalidating session tokens older than 2018-12-10T06:00:02+00:00 5 minutes ago
Debug cron Invalidating remembered session tokens older than 2018-11-26T06:00:02+00:00 5 minutes ago
Debug cron Invalidating session tokens older than 2018-12-10T06:00:02+00:00 5 minutes ago
Debug cron Run OC\Authentication\Token\DefaultTokenCleanupJob job with ID 954 5 minutes ago
Debug cron Finished OCA\UpdateNotification\ResetTokenBackgroundJob job with ID 275 in 0 seconds 5 minutes ago
Debug cron Run OCA\UpdateNotification\ResetTokenBackgroundJob job with ID 275 5 minutes ago
Debug cron Finished OC\Authentication\Token\DefaultTokenCleanupJob job with ID 14 in 0 seconds 5 minutes ago
Debug cron Invalidating remembered session tokens older than 2018-11-26T06:00:02+00:00 5 minutes ago
Debug cron Invalidating session tokens older than 2018-12-10T06:00:02+00:00 5 minutes ago
Debug cron Invalidating remembered session tokens older than 2018-11-26T06:00:02+00:00 5 minutes ago
Debug cron Invalidating session tokens older than 2018-12-10T06:00:02+00:00 5 minutes ago
Debug cron Run OC\Authentication\Token\DefaultTokenCleanupJob job with ID 14 5 minutes ago
Debug cron Finished OCA\Files\BackgroundJob\CleanupFileLocks job with ID 12 in 0 seconds 5 minutes ago
Debug cron Run OCA\Files\BackgroundJob\CleanupFileLocks job with ID 12 5 minutes ago
Debug cron Finished OCA\Activity\BackgroundJob\EmailNotification job with ID 1 in 0 seconds 5 minutes ago
Debug cron Run OCA\Activity\BackgroundJob\EmailNotification job with ID 1 5 minutes ago
Debug cron Finished OCA\Files\BackgroundJob\ScanFiles job with ID 10 in 0 seconds 5 minutes ago
Debug cron Run OCA\Files\BackgroundJob\ScanFiles job with ID 10 5 minutes ago
Debug cron Finished OCA\Files_Sharing\DeleteOrphanedSharesJob job with ID 8 in 0 seconds 5 minutes ago
Debug DeleteOrphanedSharesJob 0 orphaned share(s) deleted 5 minutes ago
Debug cron Run OCA\Files_Sharing\DeleteOrphanedSharesJob job with ID 8 5 minutes ago
Debug no app in context No cache entry found for /appdata_occv9adk2rxx/avatar/yerg55/avatar.jpg (storage: local::/home/bbbbbb/ncdata/, internalPath: appdata_occv9adk2rxx/avatar/yerg55/avatar.jpg) 30 minutes ago
Debug no app in context No cache entry found for /appdata_occv9adk2rxx/theming/images/background (storage: local::/home/bbbbbb/ncdata/, internalPath: appdata_occv9adk2rxx/theming/images/background) 30 minutes ago
Debug no app in context No cache entry found for /appdata_occv9adk2rxx/avatar/yerg55/avatar.jpg (storage: local::/home/bbbbbb/ncdata/, internalPath: appdata_occv9adk2rxx/avatar/yerg55/avatar.jpg) 30 minutes ago
Debug no app in context No cache entry found for /appdata_occv9adk2rxx/avatar/yerg55/avatar.jpg (storage: local::/home/bbbbbb/ncdata/, internalPath: appdata_occv9adk2rxx/avatar/yerg55/avatar.jpg) 31 minutes ago
Debug no app in context No cache entry found for /appdata_occv9adk2rxx/avatar/yerg55/avatar.jpg (storage: local::/home/bbbbbb/ncdata/, internalPath: appdata_occv9adk2rxx/avatar/yerg55/avatar.jpg) 31 minutes ago
Debug core SCSSCacher: /nextcloud/settings/css/settings.scss compiled and successfully cached 31 minutes ago
Debug no app in context No cache entry found for /appdata_occv9adk2rxx/preview/25063 (storage: local::/home/bbbbbb/ncdata/, internalPath: appdata_occv9adk2rxx/preview/25063) 31 minutes ago
Debug no app in context No cache entry found for /appdata_occv9adk2rxx/preview/25062 (storage: local::/home/bbbbbb/ncdata/, internalPath: appdata_occv9adk2rxx/preview/25062) 31 minutes ago
Debug no app in context No cache entry found for /appdata_occv9adk2rxx/preview/25061 (storage: local::/home/bbbbbb/ncdata/, internalPath: appdata_occv9adk2rxx/preview/25061) 31 minutes ago
Debug no app in context No cache entry found for /appdata_occv9adk2rxx/preview/25063 (storage: local::/home/bbbbbb/ncdata/, internalPath: appdata_occv9adk2rxx/preview/25063) 31 minutes ago
Debug no app in context No cache entry found for /appdata_occv9adk2rxx/css/settings/4f30-f309-settings.css.gzip (storage: local::/home/bbbbbb/ncdata/, internalPath: appdata_occv9adk2rxx/css/settings/4f30-f309-settings.css.gzip) 31 minutes ago
Debug no app in context No cache entry found for /appdata_occv9adk2rxx/preview/25011 (storage: local::/home/bbbbbb/ncdata/, internalPath: appdata_occv9adk2rxx/preview/25011) 31 minutes ago
Debug no app in context No cache entry found for /appdata_occv9adk2rxx/preview/25062 (storage: local::/home/bbbbbb/ncdata/, internalPath: appdata_occv9adk2rxx/preview/25062) 31 minutes ago
Debug no app in context No cache entry found for /appdata_occv9adk2rxx/css/settings/4f30-f309-settings.css.deps (storage: local::/home/bbbbbb/ncdata/, internalPath: appdata_occv9adk2rxx/css/settings/4f30-f309-settings.css.deps) 31 minutes ago
---- end Admin > Logging -----
------- config.php ------
<?php
$CONFIG = array (
'instanceid' => 'occv9adk2rxx',
'passwordsalt' => 'XWRGs4hFeYjbE0xHleq3DxQ3PVxuTa',
'secret' => '6Ci5/7Non3LxPHCF+Ox0ffl/kp4CrNvb4+cEq+jX+BYiwUwM',
'trusted_domains' =>
array (
0 => 'domain.com.au',
1 => 'www.domain.com.au',
),
'datadirectory' => '/home/xxxx/ncdata',
'overwrite.cli.url' => 'https://xxxx.com.au/nextcloud',
'dbtype' => 'mysql',
'version' => '14.0.4.2',
'dbname' => 'xxxxxxx_nextcloud',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'xxxx_xxxxxx',
'dbpassword' => 'xxxxxxxxx',
'logtimezone' => 'UTC',
'installed' => true,
'updater.server.url' => 'https://updates.nextcloud.com/updater_server/',
'updater.release.channel' => 'stable',
'maintenance' => false,
'filelocking.enabled' => true,
'theme' => '',
'loglevel' => 0,
'trashbin_retention_obligation' => 'auto',
);
------- end config.php ------
---- .htaccess --------
<IfModule mod_headers.c>
<IfModule mod_setenvif.c>
<IfModule mod_fcgid.c>
SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
</IfModule>
<IfModule mod_proxy_fcgi.c>
SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
</IfModule>
</IfModule>
<IfModule mod_env.c>
# Add security and privacy related headers
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header set X-Robots-Tag "none"
Header set X-Download-Options "noopen"
Header set X-Permitted-Cross-Domain-Policies "none"
Header set Referrer-Policy "no-referrer"
SetEnv modHeadersAvailable true
</IfModule>
# Add cache control for static resources
<FilesMatch "\.(css|js|svg|gif)$">
Header set Cache-Control "max-age=15778463"
</FilesMatch>
# Let browsers cache WOFF files for a week
<FilesMatch "\.woff$">
Header set Cache-Control "max-age=604800"
</FilesMatch>
</IfModule>
<IfModule mod_php5.c>
php_value upload_max_filesize 511M
php_value post_max_size 511M
php_value memory_limit 512M
php_value mbstring.func_overload 0
php_value always_populate_raw_post_data -1
php_value default_charset 'UTF-8'
php_value output_buffering 0
<IfModule mod_env.c>
SetEnv htaccessWorking true
</IfModule>
</IfModule>
<IfModule mod_php7.c>
php_value upload_max_filesize 511M
php_value post_max_size 511M
php_value memory_limit 512M
php_value mbstring.func_overload 0
php_value default_charset 'UTF-8'
php_value output_buffering 0
<IfModule mod_env.c>
SetEnv htaccessWorking true
</IfModule>
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} DavClnt
RewriteRule ^$ /remote.php/webdav/ [L,R=302]
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
RewriteRule ^remote/(.*) remote.php [QSA,L]
RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.*
RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>
<IfModule mod_mime.c>
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
</IfModule>
<IfModule mod_dir.c>
DirectoryIndex index.php index.html
</IfModule>
AddDefaultCharset utf-8
Options -Indexes
<IfModule pagespeed_module>
ModPagespeed Off
</IfModule>
#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####
ErrorDocument 403 /nextcloud/
ErrorDocument 404 /nextcloud/
---- end .htaccess --------
---- php.ini --------
allow_url_include=Off
disable_functions=show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open
open_basedir=/home/xxxx/public_html:/tmp:/home/xxxx/public_html/tmp:/home/xxxx/public_html/log
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
---- end php.ini --------