Hello, I’m using this exemple.
Can you please tell me what I have to modify ?
Hello, I’m using this exemple.
#apt update && apt install php7.3-fpm.
Was asked if I wanted to do some changes in some configuration files or keep the ones in place. decided to keep them and not change. The update was eventful.
Found that the lines needed to be edited was in fact located in /etc/nginx/conf.d/nextcloud.conf
Made the changes and saved.
#service php7.3-fpm restart
#service nginx restart
gives PHP 7.3.11-1+ubuntu18.04.1+deb.sury.org+1 (cli)
So far the site works as normal after the upgrade.
IMHO installing a sustainable and efficient server is not a simple endeavour. This may not matter most in small scaled service groups and for home users.
“Too many cooks spoil the broth.” & Beware of “quick and dirty.”
First, keep it small and keep it simple. Consider if your Nextcloud installation actualy needs the ‘php-fm’ module as this is the NC home user forum, if I may recall. Trust the true experts in the background and there is good reason for an advice like "Note that most Apache users probably want the libapache2-mod-php7.3 package. " on Debian. However, Nginx is an excellent workhorse for big scales and in addition may help on systems with narrow resources.
Second, don’t cross your bridges before you come to them. There will be an official update to the php7.3-fpm and rhe nginx package available in due time as should be appropriate for your system flavour. There should be an applicable security advisory like e.g., a DSA available too, I presume.
Naturally, you are free to use your NC install for trials and to load any software as you deem necessary. Many if not most of the comments in this thread may guide you and provide true help, hopefully.
Hope this helps.
Thanks for the headsup.
I am running nextcloudpi.
When i do php -v, I have the following:
"Cannot load Zend OPcache - it was already loaded
PHP 7.2.24-1+0~20191026.31+debian9~1.gbpbbacde (cli) (built: Oct 26 2019 14:18:28) ( NTS )
Copyright © 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright © 1998-2018 Zend Technologies
with Zend OPcache v7.2.24-1+0~20191026.31+debian9~1.gbpbbacde, Copyright © 1999-2018, by Zend Technologies"
I understand that the patest PHP version is v. 7.3.11
I cant find the nginx config files in /etc/nginx/
Can you help me with the steps to update the PHP to the latest version running NextcloutPI?
Nextcould version is : 22.214.171.124
7.2.24 is the latest in 7.2 branch.
Please be aware I have no expertise of my own with NextcloudPi, unfortunately. However, some general advice in the following.
Your system may be without the nginx server and happily away from the a.m. ‘NGINX/php-fpm’ issue. Check for your active webserver with:
sudo systemctl status apache2
This should show your Apache 2.4 on the job or some other info.
You may consult the below article for background information.
Why NextCloudPi uses Apache and not Nginx
Consult the NCP docs on the project website and the NCP release section at GitHub:
There is an article as of August 2019 available giving some overview and specific advice on NCP updates on:
Apparently, one should follow a three stages procedure for a more thorough NextcloudPi updates / system migration:
In order to upgrade issue the following commands
Should the upgrade fail at some Debian package, you can issue
ncp-dist-upgradeagain after fixing it to complete the process.
Your goal should be a PHP 7.3 install. Apparently, the NCP update procedure should ensure for everything in the right place.
However, please be aware to avoid the apt update command usual to other Linux flavours as NCP provides the a.m. special commands
ncp-dist-upgrade specifically. Mixing NCP packages with standard packages would bring you some hassle and would destroy the good efforts of the NCP project on your install, I presume.
Furtherly, you may consult the NC 16 php.ini configuration notes in the Nextcloud docs.
Please be aware you currently are in the ‘news’ category. There may be some better place to ask for help on your issues in this NC forum available at:
Hope this helps.
BTW a little ACK to my comment (i.e. click on the heart icon ) would show you are satisfied. This could be a kind gesture and would motivate me like authors of other advice to continue in seeking to help…
Debian users may perform the procedure of:
sudo apt update sudo apt upgrade
appropriately to make a security upgrade to php7.3 (7.3.11-1~deb10u1) security and some other packages. Same applies to 7.0.33-0+deb9u6 and 5.6.40+dfsg-0+deb8u7 apparently.
Please consult the DSA 4553 for the PHP 7.3 Debian Security Advisory.
Hope this helps.
I’m sorry but I read all your messages and I still not able to fix my configuration. I had a working configuration before and now it’s a blank page or an internal server error.
My configuration is a Debian and I don’t understand but I don’t have any error message.
My current configuration is this one:
May be I had a similar problem like yours.
After the updates of raspian on my pi I got error 502.
I figured out that the nginx service could not start because of a not startet php-fm service.
I had to enable the services again.
But that alone didn’t help because the services take too long to start an nginx again showed the error message. After adding this in nginx.service it seams to work.
At least for me…
Thanks, I only have to restart php with
systemctl restart php7.3-fpm.service
thanks for your answer. I think you right, I have apache2 running and active.
As you mentioned… can I assume I am out if troubles?
I will not run the debian update for voiding to breake nextcloudpi. (specially after reading others that have done it and got troubles).
You are welcome.
BTW a little ACK to one or more of my comments (i.e. click on the heart icon ) would show you are satisfied. This could be a kind gesture and would motivate me like authors of other advice to continue in lending a hand freely…
One should presume you are on the safe bank.
after the update I was receiving some errors, can’t remember them now because I recopied the configuration for nginx. When I did that the index.php is not rendering and is now just trying to download. I believe this is because I am not pointing to where fpm is listening or something along those lines but I double checked the config and everything seems fine.
Not sure what to do here.
No offence. Hope this helps.
Re: [Nextcloud community] [news] Urgent security issue in NGINX/php-fpm
And it’s time to start a new thread and new subject-line, this “Urgent” matter is old news now. I’m tired of seeing “Urgent” in my inbox. It makes this list look like click bait…
Wednesday, November 6, 2019, 2:25:27 AM, you wrote:
@system To whom this may be of concern at Nextcloud.
“We’re Nextcloud: the future of private file sync, share and communication!”
however, another click unfortunately.
Does this affect nginx-uwsgi users?
IMHO your NGINX server has to be fully examined concerning the a.m. security issue at your deliberation.
Always seek to update to the most current version of NGINX, I presume.
There may be some advice from true NGINX server experts around. unfortunately, I can give no more specific advice.
No you don’t uWSGI is an application that runs with any web server that supports the WSGI standard.
This enables the use of any language that uwsgi supports with that web server.
Which means in this case php, which is why I’m asking if uwsgi is affect of this CVE.
You have a NGINX server involved or not?
When NGINX involved, check for the conditions ref to the CVE and security advisory applicable to the flavour in use at your premises.
When NGINX not involved, have a nice day.
When some misunderstanding apparent, try to rephrase and reshuffle and provide some more details, I presume.
You may ignore any option and live happily ever after at your convenience.
Choose 1 - 4 and no cheating please.
Not my cup of tea.
BTW The uWSGI seems to be off-topic anyway.
Apparently, you chose option (1.) but cannot deduce sufficient details from a.m. CVE. Correct?
Emil Lerner and Andrew Danau discovered that insufficient validation in the path handling code of PHP FPM could result in the execution of arbitrary code in some setups
@Thaodan Would this information help you?
@Thaodan There seems to be a basic misunderstanding.
The author of this thread is @system i.e. Nextcloud GmbH.
The title of this thread given by the author is: “… issue in NGINX/php-fpm”
One may refer to #64 by @JasGot who nicely requested :
— And it’s time to start a new thread and new subject-line, this “Urgent” matter is old news now. —
Please note I am not affiliated with Nextcloud GmbH.
A basic misunderstanding again, I presume. Please take the effort to truly read the first lines of text in this thread:
@Thaodan IMHO the wording used here is quite correct.