Warnings & Configuring NC through SSH

Hello lovely community,

I am new to all this, and I have been checking the documents and asking my dear friend, ChatGPT, for assistance, but I underestimated how overwhelming it could be to replace GDrive with NC. I feel I’m doing a Ph.D. in software engineering if this is the right field for whatever I’m trying to achieve.

I have so far successfully, being positive here, installed NC on a docker and a portainer. I am using a Synology NAS DSM 7.2
However, I seem to have a number of issues with my NC, which are:
Administration Overview Warnings:

  • The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips :arrow_upper_right:.

  • Your web server is not properly set up to resolve “/.well-known/caldav”. Further information can be found in the documentation :arrow_upper_right:.

  • Your web server is not properly set up to resolve “/.well-known/carddav”. Further information can be found in the documentation :arrow_upper_right:.

  • The database is used for transactional file locking. To enhance performance, please configure memcache, if available. See the documentation :arrow_upper_right: for more information.

  • Your installation has no default phone region set. This is required to validate phone numbers in the profile settings without a country code. To allow numbers without a country code, please add “default_phone_region” with the respective ISO 3166-1 code :arrow_upper_right: of the region to your config file.

  • The database is missing some indexes. Due to the fact that adding indexes on big tables could take some time they were not added automatically. By running “occ db:add-missing-indices” those missing indexes could be added manually while the instance keeps running. Once the indexes are added queries to those tables are usually much faster.

    • Missing index “mounts_user_root_path_index” in table “oc_mounts”.

Also, when syncing, I get errors for files that contain spaces in their names for some reason.

I tried to follow many of the provided solutions here and elsewhere, and I hope I didn’t worsen the issue.

I am using Apache 2.4, and I have Nginx Proxy Manager installed as well, in addition to Cloudflare. I am unsure what other information I should include, but please feel free to ask me for any information to clarify the situation better.

Hello!

These are common points after creating the default install. The first three would be fixed on the proxy, next two are in the Nextcloud config/config.php, and last needs run as a command inside the docker container.

I use nginx as my reverse proxy but have not played with the Proxy Manager web interface. The cal and card dav section is easy once you find the right document, just scroll down in this page until you see nginx and add the two rewrite lines to your proxy config.
https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html

These are how I get passed those warnings:

    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload";

    rewrite ^/\.well-known/carddav https://$server_name/remote.php/dav/ redirect;
    rewrite ^/\.well-known/caldav https://$server_name/remote.php/dav/ redirect;

This is what I have for memcache in my config, it’s possible it may have required additional setup as well. The link provided in the warnings only mentions Redis. I provided another link which mentions this option for small/private servers.
https://docs.nextcloud.com/server/27/admin_manual/configuration_server/caching_configuration.html?highlight=cache
I don’t see anything else needed. The phone region may need changed depending on where you live.

  'memcache.local' => '\\OC\\Memcache\\APCu',
  'default_phone_region' => 'US',

To run occ in a docker situation you’ll need to use docker exec -it as www-data. I usually do these after any updates. You can get the docker container information by running docker ps. Docker commands need done as root or through sudo.

docker exec -itu www-data CONTAINER_ID_OR_NAME ./occ db:add-missing-columns
docker exec -itu www-data CONTAINER_ID_OR_NAME ./occ db:add-missing-indices
docker exec -itu www-data CONTAINER_ID_OR_NAME ./occ db:add-missing-primary-keys
docker exec -itu www-data CONTAINER_ID_OR_NAME ./occ db:convert-filecache-bigint

Hope this helps!

EDIT: Forgot the piece about the phone code.

2 Likes

Thank you very much, Hyperling! I tried over and over and was very close to giving up, then I found out, thanks to @arifulislamat, that it’s neither Apache nor Nginx that needs to be edited. It was Cloudflare! Since it was the one acting as the proxy manager! It was an easy UI fix, and everything works like a charm now!

For reference to those who will get baffled in the future like me, here’s the guide to fixing the Strict Transport Security on Cloudflare:

And for the caldav and carddav, it’s only a matter of creating a page rule for each.

Thank you again, Hyperling, for the detailed answer! Peace

1 Like