He stated that as an update in his answer as well:
Update:
Yesterday, I’ve used the above set of commands to install PHP 7.3 on Ubuntu 16.04 and everything went completely fine. Just replace 7.2 with 7.3 within these commands - the entire process took about 7 minutes.
@system I noticed that try_files was included, while further down the config we still set PATHINFO. Doesn’t that cause issues? Due to a bug try_files resets $fastcgi_path_info… http://trac.nginx.org/nginx/ticket/321
SCRIPT_FILENAME and PATH_INFO (notice the _ between the words). Got bit once again and spent some time thinking my server was borked. Hope it helps someone else.
I appreciate such urgent info and the resp. Nextcloud announcement. However, for the convenience of administrators and other interested parties one may add several links such as:
I run a fully-refreshed snap on Ubuntu 16.04. Version information is installed: 16.0.5snap2 (16402) 228MB and I do not see nginx running at all. That leads me to believe the version of php-fpm (which is installed) is not a problem.
Services from nextcloud snap:
$ sudo snap services nextcloud
Service Startup Current Notes
nextcloud.apache enabled active -
nextcloud.mdns-publisher enabled active -
nextcloud.mysql enabled active -
nextcloud.nextcloud-cron enabled active -
nextcloud.nextcloud-fixer enabled inactive -
nextcloud.php-fpm enabled active -
nextcloud.redis-server enabled active -
nextcloud.renew-certs enabled active -
I’m just wondering (but could be an idiotic thought): are users really safe just because they run apache? I mean, the bug was actually in PHP (not nginx) in combination with php-fpm. Doesn’t apache use php-fpm as well?
As said, just wondering. Could be a totally mislead thought.