14-11-2023
This commit is contained in:
@@ -6,6 +6,157 @@ https://docs.nextcloud.com/server/18/admin_manual/index.html
|
||||
|
||||
|
||||
|
||||
### Paramètres PHP:
|
||||
|
||||
#### Directives supplémentaires:
|
||||
|
||||
```ini
|
||||
opcache.enable=1
|
||||
opcache.enable_cli=1
|
||||
opcache.interned_strings_buffer=8
|
||||
opcache.max_accelerated_files=10000
|
||||
opcache.memory_consumption=128
|
||||
opcache.save_comments=1
|
||||
opcache.revalidate_freq=1
|
||||
|
||||
[php-fpm-pool-settings]
|
||||
env[PATH] = /usr/local/bin:/usr/bin:/bin
|
||||
```
|
||||
|
||||
### Paramètres Apache et Nginx:
|
||||
|
||||
#### Directives supplémentaires Apache:
|
||||
|
||||
```ini
|
||||
<LocationMatch "(?i:(?:wp-config\\.bak|\\.wp-config\\.php\\.swp|(?:license|changelog|-config|-sample)\\.(?:php|md|txt|htm|html)))">
|
||||
Require all denied
|
||||
</LocationMatch>
|
||||
```
|
||||
|
||||
#### Directives supplémentaires Nginx:
|
||||
|
||||
```ini
|
||||
# wordpress
|
||||
location ~* "(?:wp-config\.bak|\.wp-config\.php\.swp|(?:license|changelog|-config|-sample)\.(?:php|md|txt|htm|html))" {
|
||||
return 403;
|
||||
}
|
||||
|
||||
# Add headers to serve security related headers
|
||||
# Before enabling Strict-Transport-Security headers please read into this
|
||||
# topic first.
|
||||
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
|
||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Make a regex exception for `/.well-known` so that clients can still
|
||||
# access it despite the existence of the regex rule
|
||||
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
|
||||
# for `/.well-known`.
|
||||
|
||||
location ^~ /.well-known {
|
||||
# The rules in this block are an adaptation of the rules
|
||||
# in the Nextcloud `.htaccess` that concern `/.well-known`.
|
||||
|
||||
location = /.well-known/carddav { return 301 /nextcloud/remote.php/dav/; }
|
||||
location = /.well-known/caldav { return 301 /nextcloud/remote.php/dav/; }
|
||||
|
||||
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
|
||||
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
|
||||
|
||||
# Let Nextcloud's API for `/.well-known` URIs handle all other
|
||||
# requests by passing them to the front-end controller.
|
||||
return 301 /nextcloud/index.php$request_uri;
|
||||
}
|
||||
|
||||
# Enable gzip but do not remove ETag headers
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
# Pagespeed is not supported by Nextcloud, so if your server is built
|
||||
# with the `ngx_pagespeed` module, uncomment this line to disable it.
|
||||
#pagespeed off;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
|
||||
deny all;
|
||||
}
|
||||
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
}
|
||||
|
||||
# Adding the cache control header for js, css and map files
|
||||
# Make sure it is BELOW the PHP block
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
# Before enabling Strict-Transport-Security headers please read into
|
||||
# this topic first.
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
|
||||
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
|
||||
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended
|
||||
# to have those duplicated to the ones above)
|
||||
# Before enabling Strict-Transport-Security headers please read
|
||||
# into this topic first.
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header Referrer-Policy no-referrer;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
}
|
||||
```
|
||||
|
||||
|
||||
|
||||
### Réparation
|
||||
|
||||
Se mettre dans le répertoire de Nextcloud:
|
||||
|
||||
```bash
|
||||
@@ -15,7 +166,7 @@ Se mettre dans le répertoire de Nextcloud:
|
||||
Activer le mode maintenance:
|
||||
|
||||
```bash
|
||||
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/7.3/bin/php occ maintenance:mode --on
|
||||
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php occ maintenance:mode --on
|
||||
The current PHP memory limit is below the recommended value of 512MB.
|
||||
Maintenance mode enabled
|
||||
```
|
||||
@@ -23,11 +174,11 @@ Maintenance mode enabled
|
||||
Lance une réparation:
|
||||
|
||||
```bash
|
||||
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/7.3/bin/php occ maintenance:repair
|
||||
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php occ maintenance:repair
|
||||
```
|
||||
|
||||
```bash
|
||||
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/7.3/bin/php updater/updater.phar
|
||||
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php updater/updater.phar
|
||||
Nextcloud Updater - version: v16.0.3-3-ga0c2b25 dirty
|
||||
|
||||
Current version is 18.0.3.
|
||||
@@ -38,19 +189,19 @@ Nothing to do.
|
||||
```
|
||||
|
||||
```bash
|
||||
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/7.3/bin/php occ upgrade
|
||||
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php occ upgrade
|
||||
The current PHP memory limit is below the recommended value of 512MB.
|
||||
Nextcloud is already latest version
|
||||
```
|
||||
|
||||
```bash
|
||||
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/7.3/bin/php occ maintenance:mode --off
|
||||
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php occ maintenance:mode --off
|
||||
The current PHP memory limit is below the recommended value of 512MB.
|
||||
Maintenance mode disabled
|
||||
```
|
||||
|
||||
```bash
|
||||
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/7.3/bin/php console.php files:scan --all
|
||||
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php console.php files:scan --all
|
||||
The current PHP memory limit is below the recommended value of 512MB.
|
||||
Starting scan for user 1 out of 1 (bruno)
|
||||
+---------+-------+--------------+
|
||||
@@ -62,18 +213,34 @@ Starting scan for user 1 out of 1 (bruno)
|
||||
|
||||
|
||||
|
||||
#### Mise-à-jour de Nextcloud:
|
||||
### Mise-à-jour de Nextcloud:
|
||||
|
||||
```bash
|
||||
~$ ./upgrade_nextcloud.sh
|
||||
```
|
||||
|
||||
Si erreur pendant la m-à-j : PHP Fatal error: Allowed memory size of 134217728 bytes exhausted
|
||||
|
||||
```bash
|
||||
[✔] Downloading
|
||||
[ ] Verify integrity ...PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 189370744 bytes) in phar:///var/www/vhosts/maboiteverte.fr/httpdocs/nextcloud/updater/updater.phar/lib/Updater.php on line 652
|
||||
```
|
||||
|
||||
executer la commande avec `-d memory_limit=-1`en paramètre:
|
||||
|
||||
```bash
|
||||
[bruno@localhost nextcloud]$ sudo -u bruno /opt/plesk/php/8.0/bin/php -d memory_limit=-1 updater/updater.phar
|
||||
Nextcloud Updater - version: v25.0.3-2-gd49ee0d
|
||||
```
|
||||
|
||||
|
||||
|
||||
### Erreurs:
|
||||
|
||||
#### La base de données a quelques index manquants:
|
||||
|
||||
```bash
|
||||
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/7.4/bin/php occ db:add-missing-indices
|
||||
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php occ db:add-missing-indices
|
||||
```
|
||||
|
||||
|
||||
@@ -112,7 +279,7 @@ https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/loggi
|
||||
Afficher les logs:
|
||||
|
||||
```lo
|
||||
tail -f /var/www/vhosts/maboiteverte.fr/httpdocs/nextcloud/nextcloud.log
|
||||
tail -f /var/www/vhosts/maboiteverte.fr/httpdocs/nextcloud/data/nextcloud.log
|
||||
```
|
||||
|
||||
Configuration:
|
||||
|
||||
Reference in New Issue
Block a user