# Nextcloud sur VPS/Plesk: https://docs.nextcloud.com/server/18/admin_manual/index.html ### Paramètres PHP: #### Directives supplémentaires: ```ini opcache.enable=1 opcache.enable_cli=1 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1 [php-fpm-pool-settings] env[PATH] = /usr/local/bin:/usr/bin:/bin ``` ### Paramètres Apache et Nginx: #### Directives supplémentaires Apache: ```ini Require all denied ``` #### Directives supplémentaires Nginx: ```ini # wordpress location ~* "(?:wp-config\.bak|\.wp-config\.php\.swp|(?:license|changelog|-config|-sample)\.(?:php|md|txt|htm|html))" { return 403; } # Add headers to serve security related headers # Before enabling Strict-Transport-Security headers please read into this # topic first. # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. # HTTP response headers borrowed from Nextcloud `.htaccess` location = /robots.txt { allow all; log_not_found off; access_log off; } # Make a regex exception for `/.well-known` so that clients can still # access it despite the existence of the regex rule # `location ~ /(\.|autotest|...)` which would otherwise handle requests # for `/.well-known`. location ^~ /.well-known { # The rules in this block are an adaptation of the rules # in the Nextcloud `.htaccess` that concern `/.well-known`. location = /.well-known/carddav { return 301 /nextcloud/remote.php/dav/; } location = /.well-known/caldav { return 301 /nextcloud/remote.php/dav/; } location /.well-known/acme-challenge { try_files $uri $uri/ =404; } location /.well-known/pki-validation { try_files $uri $uri/ =404; } # Let Nextcloud's API for `/.well-known` URIs handle all other # requests by passing them to the front-end controller. return 301 /nextcloud/index.php$request_uri; } # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # Pagespeed is not supported by Nextcloud, so if your server is built # with the `ngx_pagespeed` module, uncomment this line to disable it. #pagespeed off; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { deny all; } location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { try_files $uri/ =404; index index.php; } # Adding the cache control header for js, css and map files # Make sure it is BELOW the PHP block # Add headers to serve security related headers (It is intended to # have those duplicated to the ones above) # Before enabling Strict-Transport-Security headers please read into # this topic first. add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. location ~ \.(?:css|js|woff2?|svg|gif|map)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463"; # Add headers to serve security related headers (It is intended # to have those duplicated to the ones above) # Before enabling Strict-Transport-Security headers please read # into this topic first. add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; # # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. add_header Referrer-Policy no-referrer; add_header X-Content-Type-Options nosniff; add_header X-Download-Options noopen; add_header X-Frame-Options SAMEORIGIN; add_header X-Permitted-Cross-Domain-Policies none; add_header X-Robots-Tag none; add_header X-XSS-Protection "1; mode=block" always; # Optional: Don't log access to assets access_log off; } location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { try_files $uri /index.php$request_uri; } ``` ### Réparation Se mettre dans le répertoire de Nextcloud: ```bash ~$ cd ~/httpdocs/nextcloud ``` Activer le mode maintenance: ```bash ~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php occ maintenance:mode --on The current PHP memory limit is below the recommended value of 512MB. Maintenance mode enabled ``` Lance une réparation: ```bash ~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php occ maintenance:repair ``` ```bash ~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php updater/updater.phar Nextcloud Updater - version: v16.0.3-3-ga0c2b25 dirty Current version is 18.0.3. No update available. Nothing to do. ``` ```bash ~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php occ upgrade The current PHP memory limit is below the recommended value of 512MB. Nextcloud is already latest version ``` ```bash ~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php occ maintenance:mode --off The current PHP memory limit is below the recommended value of 512MB. Maintenance mode disabled ``` ```bash ~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php console.php files:scan --all The current PHP memory limit is below the recommended value of 512MB. Starting scan for user 1 out of 1 (bruno) +---------+-------+--------------+ | Folders | Files | Elapsed time | +---------+-------+--------------+ | 5 | 16 | 00:00:00 | +---------+-------+--------------+` ``` ### Mise-à-jour de Nextcloud: ```bash ~$ ./upgrade_nextcloud.sh ``` Si erreur pendant la m-à-j : PHP Fatal error: Allowed memory size of 134217728 bytes exhausted ```bash [✔] Downloading [ ] Verify integrity ...PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 189370744 bytes) in phar:///var/www/vhosts/maboiteverte.fr/httpdocs/nextcloud/updater/updater.phar/lib/Updater.php on line 652 ``` executer la commande avec `-d memory_limit=-1`en paramètre: ```bash [bruno@localhost nextcloud]$ sudo -u bruno /opt/plesk/php/8.0/bin/php -d memory_limit=-1 updater/updater.phar Nextcloud Updater - version: v25.0.3-2-gd49ee0d ``` ### Erreurs: #### La base de données a quelques index manquants: ```bash ~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php occ db:add-missing-indices ``` #### Le module php-imagick n’a aucun support SVG dans cette instance (Nextcloud 21.0.1) Il faut installer `libmagickcore`: ```bash $ sudo apt install libmagickcore-6.q16-3-extra ``` #### Joplin: ```bash bruno@localhost:~/.nextcloud/data/9d67e72f9807/bruno/files$ l total 10728 drwxr-xr-x 5 bruno psacln 4096 Apr 12 08:39 . drwxr-xr-x 6 bruno psacln 4096 Apr 12 09:59 .. drwxr-xr-x 2 bruno psacln 4096 Apr 11 19:15 Documents drwxr-xr-x 5 bruno psacln 16384 Apr 12 12:55 .Joplin -rw-r--r-- 1 bruno psacln 3963036 Apr 11 19:15 'Nextcloud intro.mp4' -rw-r--r-- 1 bruno psacln 6933565 Apr 11 19:15 'Nextcloud Manual.pdf' -rw-r--r-- 1 bruno psacln 50598 Apr 11 19:15 Nextcloud.png drwxr-xr-x 2 bruno psacln 4096 Apr 11 19:15 Photos ``` #### Logs: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html Afficher les logs: ```lo tail -f /var/www/vhosts/maboiteverte.fr/httpdocs/nextcloud/data/nextcloud.log ``` Configuration: ```bash # dans config.php: 'loglevel' => 2, 'log_type' => 'file', 'logfile' => 'nextcloud.log', 'logdateformat' => 'F d, Y H:i:s', ``` Problèmes de synchro Plesk -> Wordpress -> maboiteverte.fr -> Vérifier la sécurité: Décocher: - Bloquer l'accès aux fichiers potentiellement sensibles - [Nextcloud sur NAS Synology](../Synology/dsm6/nextcloud.md) [Installer Nextcloud en ligne de commande](../Divers/nextcloud.md)