Synology update NC 13.0.7 to NC 14.0.3

As I had some minor issues during this update I guess I should share the experience.

My Setup:

  • Synology NAS with DSM 6.2.1-23824.
  • PHP 7.0.30 & MariaDB 10.3.7-0051
  • Migrated from OC 10 to NC 12 in April 2018. - post in howto section. And also why data folder is named owncloud. Change the folder names to fit your folders.
  • My NC installation don’t have any additional addons or apps installed
  • My data directory is on a different drive than web

Note: DSM terminal uses php 5.6.11 by default. php = 5.6.11, php56 = 5.6.36, php70=7.0.30
Note2: I get a php warning about php70 mysql module, when I use terminal php70. However it doesn’t seem to have any impact that I can find.

This is basically my standard upgrade process. However for NC 14 I needed to use php70 and also do some additional security changes after upgrade.

My steps to success:
SSH in to your server
Maintenance mode on
sudo -su root
cd /volume3/web/nextcloud
sudo -u http php70 occ maintenance:mode --on
Change file permissions
chown -R http:http /volume3/web/nextcloud/
find /volume3/web/nextcloud/ -type f -print0 | xargs -0 chmod 0777
find /volume3/web/nextcloud/ -type d -print0 | xargs -0 chmod 0777
datafiles, web and database backup (In case upgrade fails) (data folder takes some time)
rsync -ax /volume2/owncloud/ /volume2/bckup/data_owncloud-dirbkp_date +"%Y%m%d"/
rsync -ax /volume3/web/nextcloud/ /volume2/bckup/web_nextcloud-dirbkp_13_0_7_date +"%Y%m%d"/
mysqldump --lock-tables -h localhost -P 3307 --protocol=tcp -u[DBuser] -p[dbpassword] [databasename] > /volume2/bckup/nextcloud-sqlbkp_13_0_7_date +"%Y%m%d".bak
Move nextcloud web folder
mv /volume3/web/nextcloud/ /volume3/web/nextcloud_13_0_7/
Download new nextcloud
wget --no-check-certificate -O /tmp/nextcloud-14.0.3.tar.bz2
cd /tmp
tar jxf nextcloud-14.0.3.tar.bz2
Move new nextcloud to web folder
mv /tmp/nextcloud /volume3/web/
Change file permissions
chown -R http:http /volume3/web/nextcloud/
find /volume3/web/nextcloud/ -type f -print0 | xargs -0 chmod 0777
find /volume3/web/nextcloud/ -type d -print0 | xargs -0 chmod 0777
Copy config.php from old nextcloud
rm /volume3/web/nextcloud/config/config.php
cp -av /volume3/web/nextcloud_13_0_7/config/config.php /volume3/web/nextcloud/config/config.php
Start the upgrade process
cd /volume3/web/nextcloud
sudo -u http php70 occ upgrade

Add security to .htaccess
This is the .htaccess file in /volume3/web/nextcloud
Add following lines at end of file.
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"

Maintenance mode off
sudo -u http php70 occ maintenance:mode --off

Additional steps to comply with NC 14.0.3 security

  1. If security check tells you to run: occ db:add-missing-indices
    cd /volume3/web/nextcloud
    sudo -u http php70 occ db:add-missing-indices
  2. If security check tells you

The “Referrer-Policy” HTTP header is not set to “no-referrer”, “no-referrer-when-downgrade”, “strict-origin” or “strict-origin-when-cross-origin”. This can leak referer information.

Add this line
Header set Referrer-Policy "no-referrer"
to the .htaccess file within the block ‘IfModule mod_env.c’

For reference, mine looks like this:

< IfModule mod_env.c>
# Add security and privacy related headers
Header set X-Content-Type-Options “nosniff”
Header set X-XSS-Protection “1; mode=block”
Header set X-Robots-Tag “none”
Header set X-Download-Options “noopen”
Header set X-Permitted-Cross-Domain-Policies “none”
Header set Referrer-Policy “no-referrer”
SetEnv modHeadersAvailable true
< /IfModule>

  1. I also had to change my cron job script in the DSM Task Scheduler to use php70 instead of php56 as I had for NC13.
    sudo -u http php70 -f /volume3/web/nextcloud/cron.php

After successful testing change permissions for security
chown -R root:http /volume3/web/nextcloud/
chown -R http:http /volume3/web/nextcloud/apps/
chown -R http:http /volume3/web/nextcloud/config/
chown -R http:http /volume3/web/nextcloud/themes/
find /volume3/web/nextcloud/ -type f -print0 | xargs -0 chmod 0640
find /volume3/web/nextcloud/ -type d -print0 | xargs -0 chmod 0750
chown root:http /volume3/web/nextcloud/.htaccess
chmod 0644 /volume3/web/nextcloud/.htaccess
Remove old nextcloud web
rm /volume3/web/nextcloud_13_0_7/

Just noted that my sql backup was taken from my old MariaDB5 and not the currently used MariaDB10. So updated mysqldump to include port and protocol for connection to MariaDB10.
also updated a few other typos.