As I had some minor issues during this update I guess I should share the experience.
My Setup:
- Synology NAS with DSM 6.2.1-23824.
- PHP 7.0.30 & MariaDB 10.3.7-0051
- Migrated from OC 10 to NC 12 in April 2018. - post in howto section. And also why data folder is named owncloud. Change the folder names to fit your folders.
- My NC installation don’t have any additional addons or apps installed
- My data directory is on a different drive than web
Note: DSM terminal uses php 5.6.11 by default. php = 5.6.11, php56 = 5.6.36, php70=7.0.30
Note2: I get a php warning about php70 mysql module, when I use terminal php70. However it doesn’t seem to have any impact that I can find.
This is basically my standard upgrade process. However for NC 14 I needed to use php70 and also do some additional security changes after upgrade.
My steps to success:
SSH in to your server
Maintenance mode on
sudo -su root
cd /volume3/web/nextcloud
sudo -u http php70 occ maintenance:mode --on
Change file permissions
chown -R http:http /volume3/web/nextcloud/
find /volume3/web/nextcloud/ -type f -print0 | xargs -0 chmod 0777
find /volume3/web/nextcloud/ -type d -print0 | xargs -0 chmod 0777
datafiles, web and database backup (In case upgrade fails) (data folder takes some time)
rsync -ax /volume2/owncloud/ /volume2/bckup/data_owncloud-dirbkp_date +“%Y%m%d”/
rsync -ax /volume3/web/nextcloud/ /volume2/bckup/web_nextcloud-dirbkp_13_0_7_date +“%Y%m%d”/
mysqldump --lock-tables -h localhost -P 3307 --protocol=tcp -u[DBuser] -p[dbpassword] [databasename] > /volume2/bckup/nextcloud-sqlbkp_13_0_7_date +“%Y%m%d”.bak
Move nextcloud web folder
mv /volume3/web/nextcloud/ /volume3/web/nextcloud_13_0_7/
Download new nextcloud
wget --no-check-certificate https://download.nextcloud.com/server/releases/nextcloud-14.0.3.tar.bz2 -O /tmp/nextcloud-14.0.3.tar.bz2
cd /tmp
tar jxf nextcloud-14.0.3.tar.bz2
Move new nextcloud to web folder
mv /tmp/nextcloud /volume3/web/
Change file permissions
chown -R http:http /volume3/web/nextcloud/
find /volume3/web/nextcloud/ -type f -print0 | xargs -0 chmod 0777
find /volume3/web/nextcloud/ -type d -print0 | xargs -0 chmod 0777
Copy config.php from old nextcloud
rm /volume3/web/nextcloud/config/config.php
cp -av /volume3/web/nextcloud_13_0_7/config/config.php /volume3/web/nextcloud/config/config.php
Start the upgrade process
cd /volume3/web/nextcloud
sudo -u http php70 occ upgrade
Add security to .htaccess
This is the .htaccess file in /volume3/web/nextcloud
Add following lines at end of file.
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
Maintenance mode off
sudo -u http php70 occ maintenance:mode --off
Additional steps to comply with NC 14.0.3 security
- If security check tells you to run: occ db:add-missing-indices
cd /volume3/web/nextcloud
sudo -u http php70 occ db:add-missing-indices - If security check tells you
The “Referrer-Policy” HTTP header is not set to “no-referrer”, “no-referrer-when-downgrade”, “strict-origin” or “strict-origin-when-cross-origin”. This can leak referer information.
Add this line
Header set Referrer-Policy "no-referrer"
to the .htaccess file within the block ‘IfModule mod_env.c’
For reference, mine looks like this:
< IfModule mod_env.c>
# Add security and privacy related headers
Header set X-Content-Type-Options “nosniff”
Header set X-XSS-Protection “1; mode=block”
Header set X-Robots-Tag “none”
Header set X-Download-Options “noopen”
Header set X-Permitted-Cross-Domain-Policies “none”
Header set Referrer-Policy “no-referrer”
SetEnv modHeadersAvailable true
< /IfModule>
- I also had to change my cron job script in the DSM Task Scheduler to use php70 instead of php56 as I had for NC13.
sudo -u http php70 -f /volume3/web/nextcloud/cron.php
After successful testing change permissions for security
chown -R root:http /volume3/web/nextcloud/
chown -R http:http /volume3/web/nextcloud/apps/
chown -R http:http /volume3/web/nextcloud/config/
chown -R http:http /volume3/web/nextcloud/themes/
find /volume3/web/nextcloud/ -type f -print0 | xargs -0 chmod 0640
find /volume3/web/nextcloud/ -type d -print0 | xargs -0 chmod 0750
chown root:http /volume3/web/nextcloud/.htaccess
chmod 0644 /volume3/web/nextcloud/.htaccess
Remove old nextcloud web
rm /volume3/web/nextcloud_13_0_7/