NextCloud Installation Q & A

    • OMV 3.x
    • tinh_x7 wrote:

      OwnCloud vhost setup is slow for NextCloud.
      You can test it, but don't use it for the long run.
      Would it make sense to do the setup with owncloud config and later paste the vhost config from the tutorial?

      The config is the only thing, that I have changed now...


      tinh_x7 wrote:

      Double check your configuration.
      It may take more than 2 or 3 times to get it right.
      :D ;( I am more around 10 to 15 times double checking and retrying. What else than the vhost config could I check/adapt? Could it also be an OMV3 vs OMV4 difference?
    • kolmberger wrote:

      Would it make sense to do the setup with owncloud config and later paste the vhost config from the tutorial?
      No. That's the reason I wrote the tutorial.

      The tutorial work for OMV3 and OMV4.
      OMV4 just need to install additional dependencies.
      Check some the previous posts.


      By the way, check your NC permissions.
      Ensure it's www-data:www-data

      Since you aren't using SSL at the moment, set : fastcgi_param HTTPS off

      Copy and paste your vhost config here, maybe some other users can help you.

      I just looked page 1, and one of the users had the same error like yours: forum.openmediavault.org/index…xtCloud-Installation-Q-A/
      OMV v4.0
      Asus Z97-A/3.1; i3-4370
      32GB RAM Corsair Vengeance Pro
      4x3TB RAID10

      The post was edited 2 times, last by tinh_x7 ().

    • tinh_x7 wrote:

      By the way, check your NC permissions.
      Ensure it's www-data:www-data
      Where exactly can I check this, here?

      There it looks like this:

      It looks similar with folder "www".

      My vhost config:

      Shell-Script

      1. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
      2. add_header X-Content-Type-Options nosniff;
      3. # add_header X-Frame-Options "SAMEORIGIN";
      4. add_header X-XSS-Protection "1; mode=block";
      5. add_header X-Robots-Tag none;
      6. add_header X-Download-Options noopen;
      7. add_header X-Permitted-Cross-Domain-Policies none;
      8. location = /robots.txt {
      9. log_not_found off;
      10. allow all;
      11. access_log off;
      12. }
      13. # The following 2 rules are only needed for the user_webfinger app.
      14. # Uncomment it if you're planning to use this app.
      15. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
      16. #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
      17. # last;
      18. location = /.well-known/carddav {
      19. return 301 $scheme://$host/remote.php/dav;
      20. }
      21. location = /.well-known/caldav {
      22. return 301 $scheme://$host/remote.php/dav;
      23. }
      24. # set max upload size
      25. client_max_body_size 50G;
      26. fastcgi_buffers 64 4K;
      27. # Disable gzip to avoid the removal of the ETag header
      28. gzip off;
      29. # Uncomment if your server is build with the ngx_pagespeed module
      30. # This module is currently not supported.
      31. #pagespeed off;
      32. error_page 403 /core/templates/403.php;
      33. error_page 404 /core/templates/404.php;
      34. location / {
      35. rewrite ^ /index.php$uri;
      36. }
      37. location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
      38. deny all;
      39. }
      40. location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
      41. deny all;
      42. }
      43. location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
      44. fastcgi_split_path_info ^(.+\.php)(/.*)$;
      45. include fastcgi_params;
      46. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      47. fastcgi_param PATH_INFO $fastcgi_path_info;
      48. #fastcgi_param HTTPS on;
      49. fastcgi_param HTTPS off;
      50. #Avoid sending the security headers twice
      51. fastcgi_param modHeadersAvailable true;
      52. fastcgi_param front_controller_active true;
      53. fastcgi_pass $socket;
      54. fastcgi_intercept_errors on;
      55. }
      56. location ~ ^/(?:updater|ocs-provider)(?:$|/) {
      57. try_files $uri/ =404;
      58. index index.php;
      59. }
      60. # Adding the cache control header for js and css files
      61. # Make sure it is BELOW the PHP block
      62. location ~* \.(?:css|js|woff|svg|gif)$ {
      63. try_files $uri /index.php$uri$is_args$args;
      64. add_header Cache-Control "public, max-age=7200";
      65. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
      66. add_header X-Content-Type-Options nosniff;
      67. add_header X-Frame-Options "SAMEORIGIN";
      68. add_header X-XSS-Protection "1; mode=block";
      69. add_header X-Robots-Tag none;
      70. add_header X-Download-Options noopen;
      71. add_header X-Permitted-Cross-Domain-Policies none;
      72. # Optional: Don't log access to assets
      73. access_log off;
      74. }
      75. location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
      76. try_files $uri /index.php$uri$is_args$args;
      77. # Optional: Don't log access to other assets
      78. access_log off;
      79. }
      Display All



      tinh_x7 wrote:

      Since you aren't using SSL at the moment, set : fastcgi_param HTTPS off
      Already applied.


      tinh_x7 wrote:

      I just looked page 1, and one of the users had the same error like yours: forum.openmediavault.org/index…xtCloud-Installation-Q-A/
      I found that too, yet I have used the method to upload that install php file. In my next try (tries :P ) I will try to use the download method.

      If you find something wrong in the sharedfolders config or else, I am happy to learn by it!

      Thanks again.
    • Ok, couple steps ahead 8o I processed the downloader method, as described in the tutorial, from step 4 on, that worked finally! But I don't know why... ?(

      My procedure according to steps 4 to 7:

      Source Code

      1. cd /srv/dev-disk-by-label-Testraid/www/nextcloud
      2. wget https://download.nextcloud.com/server/releases/nextcloud-13.0.4.zip
      3. apt-get install unzip # because it told me first, "command not found"...?
      4. unzip nextcloud-13.0.4.zip
      5. cp -r nextcloud/. /srv/dev-disk-by-label-Testraid/www/nextcloud
      6. cd /srv/dev-disk-by-label-Testraid/www/nextcloud


      After that, I was able to execute and finish the NC setup.

      Next,I ran into problems with steps 8, 9 and 10 because I could not locate the files in my NC13 setup. I also had NC telling me in the security checks, that OPcache settings are not correct.

      Following, my steps in a short how it worked out for me (after fiddling a lot in this many config files):

      - after checking, installed redis-server and php7.0-redis
      - in my: /srv/dev-disk-by-label-Testraid/www/nextcloud
      - changed: config.php to (that is one part, that was quite unclear where and in which file to do)

      PHP Source Code

      1. <?php
      2. $CONFIG = array (
      3. 'instanceid' => 'abcdefg12345',
      4. 'passwordsalt' => 'abcdefgh12345678',
      5. 'secret' => '12345678sdfghjkl',
      6. 'trusted_domains' =>
      7. array (
      8. 0 => 'localhost',
      9. 1 => 'some.domain.com',
      10. 2 => '192.168.x.x',
      11. ),
      12. 'datadirectory' => '/srv/dev-disk-by-label-Testraid/www/nextcloud/data',
      13. 'overwrite.cli.url' => 'http://192.168.x.x:90',
      14. 'dbtype' => 'mysql',
      15. 'version' => '13.0.4.0',
      16. 'dbname' => 'nextcloud',
      17. 'dbhost' => 'localhost',
      18. 'dbport' => '',
      19. 'dbtableprefix' => 'oc_',
      20. 'dbuser' => 'xyz',
      21. 'dbpassword' => '1234578dfghj32456',
      22. 'installed' => true,
      23. 'memcache.local' => '\OC\Memcache\Redis',
      24. 'memcache.locking' => '\OC\Memcache\Redis',
      25. 'redis' => array(
      26. 'host' => 'localhost',
      27. 'port' => 6379,
      28. ),
      29. );
      Display All
      - removed nextcloud.zip and the nextcloud dir
      - created the script for strong permissions (which hopefully helps for something):

      Shell-Script

      1. #!/bin/bash
      2. ocpath='/srv/dev-disk-by-label-Testraid/www/nextcloud'
      3. htuser='www-data'
      4. htgroup='www-data'
      5. rootuser='root'
      6. printf "Creating possible missing Directories\n"
      7. mkdir -p $ocpath/data
      8. mkdir -p $ocpath/updater
      9. printf "chmod Files and Directories\n"
      10. find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640
      11. find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750
      12. printf "chown Directories\n"
      13. chown -R ${rootuser}:${htgroup} ${ocpath}/
      14. chown -R ${htuser}:${htgroup} ${ocpath}/apps/
      15. chown -R ${htuser}:${htgroup} ${ocpath}/config/
      16. chown -R ${htuser}:${htgroup} ${ocpath}/data/
      17. chown -R ${htuser}:${htgroup} ${ocpath}/themes/
      18. chown -R ${htuser}:${htgroup} ${ocpath}/updater/
      19. chmod +x ${ocpath}/occ
      20. printf "chmod/chown .htaccess\n"
      21. if [ -f ${ocpath}/.htaccess ]
      22. then
      23. chmod 0644 ${ocpath}/.htaccess
      24. chown ${rootuser}:${htgroup} ${ocpath}/.htaccess
      25. fi
      26. if [ -f ${ocpath}/data/.htaccess ]
      27. then
      28. chmod 0644 ${ocpath}/data/.htaccess
      29. chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess
      30. fi
      Display All

      - executed: bash setstrongpermissionnc (couple of times)
      - service nginx restart (couple of times)

      - opcache problem solved by editing: etc/php/70/mods-available/opcache.ini

      Source Code

      1. ; configuration for php opcache module
      2. ; priority=10
      3. zend_extension=opcache.so
      4. zend_extension=/usr/lib/php/20151012/opcache.so
      5. opcache.enable=1
      6. opcache.enable_cli=1
      7. opcache.interned_strings_buffer=8
      8. opcache.max_accelerated_files=10000
      9. opcache.memory_consumption=128
      10. opcache.save_comments=1
      11. opcache.revalidate_freq=1
      Display All

      Now I need to take care about the message, that "files haven't passed the integrity check" - a lot of files indeed...
      And finally to enable SSL with my existing lets-encrypt certficate.

      If my notes help others, my pleasure.

      thanks especially to tinh_x7
      :thumbsup:
    • Glad you got NC working.

      To view permissions, connect to your server via SSH with Putty or Terminal (Mac/Linux).

      1. cd srv/dev-disk-by-label-Testraid/www/nextcloud
      2. ls -la

      "files haven't passed the integrity check" : telling you that some files integrity don't match with it's original hash.
      You may have to copy & replace those files from the nextcloud-vXYZ.zip into your server. Next, chown entire NC dir to www-data:www-data.
      Then re-scan the files from NC admin panel.

      kolmberger wrote:

      - executed: bash setstrongpermissionnc (couple of times)
      - service nginx restart (couple of times)
      When your NC is working like you wanted, then run this script only once.
      OMV v4.0
      Asus Z97-A/3.1; i3-4370
      32GB RAM Corsair Vengeance Pro
      4x3TB RAID10

      The post was edited 1 time, last by tinh_x7 ().

    • Hi and thanks for the tutorial! It worked very well in omv 3, now I upgraded to omv 4 and I run into problems.

      Whenever I try to access nextcloud after the upgrade I get a bad gateway error which can be traced back to this (see below).

      Source Code

      1. 2018/07/28 16:17:45 [crit] 2617#2617: *9 connect() to unix:/var/run/fpm-34c7e7c6-933e-424b-97ee-8b5c99892767.sock failed (2: No such file or directory) while connecting to upstream, client: 192.168.XXX, server: , request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/fpm-34c7e7c6-933e-424b-97ee-8b5c99892767.sock:", host: "192.168.XXX", referrer: "https://192.168.XXX/"
      I also tried to deinstall and reinstall nginx but the error is still the same. I assume there is something broken with php but I am still new to linux and not sure what to do. Any help is highly appreciated.
    • Thanks for the quick reply!
      Unfortunately, when I use fastcgi_pass $socket; the system tells me that the command cannot be found. I also went back to my working omv 3.0 installation and there I get the same error.

      Back in the upgraded omv 4 installation I found in etc/nginx/sites-available & etc/nginx/sites-enabled a zzz-omv-nginx file in which the broken sock file is mentioned set $socket "unix:/var/run/fpm-65c47d61-df16-43b9-bb80-e098bd11a952.sock";. I replaced it with set $socket "unix:/var/run/php/php7.0-fpm.sock but somehow it is not used. After restarting the whole system, again I find the old broken sock file in it.
    • Hi
      Same problem. I wrote a reply with my environment and summary at https://forum.openmediavault.org/index.php/SearchResult/1777880/?highlight=.
      In my case, replacing the line fastcgi_pass $socket; makes the OMV4 gui to stop working. I did not reset the system, just restarted nginx and php7.0-fpm
    • Guten Abend,

      Ich habe gestern ein Update auf die Version 13.0.5 gemacht.
      Und nun bekomme ich einen 500er Error gemeldet.

      Folgende Konfigurationen habe ich:

      OMW 4:

      Server:
      Zusätzliche Optionen:

      Source Code

      1. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
      2. client_max_body_size 10G; # set max upload size
      3. fastcgi_buffers 64 4K;
      4. rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
      5. rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
      6. rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
      7. error_page 403 /core/templates/403.php;
      8. error_page 404 /core/templates/404.php;
      9. location = /robots.txt {
      10. allow all;
      11. log_not_found off;
      12. access_log off;
      13. }
      14. location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
      15. deny all;
      16. }
      17. location / {
      18. # The following 2 rules are only needed with webfinger
      19. rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
      20. rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
      21. rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
      22. rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
      23. rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
      24. try_files $uri $uri/ index.php;
      25. }
      26. location ~ ^(.+?\.php)(/.*)?$ {
      27. try_files $1 = 404;
      28. include fastcgi_params;
      29. fastcgi_param SCRIPT_FILENAME $document_root$1;
      30. fastcgi_param PATH_INFO $2;
      31. fastcgi_param HTTPS on;
      32. fastcgi_pass $socket;
      33. }
      34. # Optional: set long EXPIRES header on static assets
      35. location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
      36. expires 30d;
      37. # Optional: Don't log access to assets
      38. access_log off;
      39. }
      Display All

      PHP Pool:

      Source Code

      1. env[HOSTNAME] = $HOSTNAME
      2. env[PATH] = /usr/local/bin:/usr/bin:/bin
      3. env[TMP] = /tmp
      4. env[TMPDIR] = /tmp
      5. env[TEMP] = /tmp


      Nextcloud Config:


      PHP Source Code

      1. <?php
      2. $CONFIG = array (
      3. 'instanceid' => 'xxxxx',
      4. 'passwordsalt' => 'xxxxxx',
      5. 'secret' => 'xxxxxxx',
      6. 'trusted_domains' =>
      7. array (
      8. 0 => 'xxxx:8444',
      9. 1 => 'xxxxx:8444',
      10. ),
      11. 'datadirectory' => '/srv/dev-disk-by-label-xxxx/www/nextcloud/data',
      12. 'overwrite.cli.url' => 'https://xxxxxx:8444',
      13. 'dbtype' => 'mysql',
      14. 'version' => '13.0.5.2',
      15. 'dbname' => 'next',
      16. 'dbhost' => 'localhost',
      17. 'dbport' => '',
      18. 'dbtableprefix' => 'oc_',
      19. 'dbuser' => 'next',
      20. 'dbpassword' => 'xxxxx',
      21. 'installed' => true,
      22. 'theme' => '',
      23. 'loglevel' => 0,
      24. 'maintenance' => false,
      25. 'updater.release.channel' => 'stable',
      26. 'updater.secret' => 'xxxx',
      27. );
      Display All


      Hat jemand eine Idee woran es liegen kann das ich keinen Zugang mehr bekomme?

      Vielen Dank schon einmal für eure Hilfe.
    • I upgraded to nextcloud 14 and added

      Source Code

      1. add_header Referrer-Policy no-referrer always;





      to my nginx-config

      my config is:

      Source Code

      1. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
      2. add_header X-Content-Type-Options nosniff;
      3. # add_header X-Frame-Options "SAMEORIGIN";
      4. add_header X-XSS-Protection "1; mode=block";
      5. add_header X-Robots-Tag none;
      6. add_header X-Download-Options noopen;
      7. add_header X-Permitted-Cross-Domain-Policies none;
      8. add_header Referrer-Policy no-referrer always;
      9. location = /robots.txt {
      10. log_not_found off;
      11. allow all;
      12. access_log off;
      13. }
      14. # The following 2 rules are only needed for the user_webfinger app.
      15. # Uncomment it if you're planning to use this app.
      16. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
      17. #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
      18. # last;
      19. location = /.well-known/carddav {
      20. return 301 $scheme://$host/remote.php/dav;
      21. }
      22. location = /.well-known/caldav {
      23. return 301 $scheme://$host/remote.php/dav;
      24. }
      25. #letsencrypt
      26. location ^~ /.well-known/acme-challenge/ { }
      27. # set max upload size
      28. client_max_body_size 50G;
      29. fastcgi_buffers 64 4K;
      30. # Disable gzip to avoid the removal of the ETag header
      31. gzip off;
      32. # Uncomment if your server is build with the ngx_pagespeed module
      33. # This module is currently not supported.
      34. #pagespeed off;
      35. error_page 403 /core/templates/403.php;
      36. error_page 404 /core/templates/404.php;
      37. location / {
      38. rewrite ^ /index.php$uri;
      39. }
      40. location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
      41. deny all;
      42. }
      43. location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
      44. deny all;
      45. }
      46. location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
      47. fastcgi_split_path_info ^(.+\.php)(/.*)$;
      48. include fastcgi_params;
      49. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      50. fastcgi_param PATH_INFO $fastcgi_path_info;
      51. fastcgi_param HTTPS on;
      52. #Avoid sending the security headers twice
      53. fastcgi_param modHeadersAvailable true;
      54. fastcgi_param front_controller_active true;
      55. # fastcgi_pass $socket;
      56. fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
      57. fastcgi_intercept_errors on;
      58. }
      59. location ~ ^/(?:updater|ocs-provider)(?:$|/) {
      60. try_files $uri/ =404;
      61. index index.php;
      62. }
      63. # Adding the cache control header for js and css files
      64. # Make sure it is BELOW the PHP block
      65. location ~* \.(?:css|js|woff|svg|gif)$ {
      66. try_files $uri /index.php$uri$is_args$args;
      67. add_header Cache-Control "public, max-age=7200";
      68. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
      69. add_header X-Content-Type-Options nosniff;
      70. add_header X-Frame-Options "SAMEORIGIN";
      71. add_header X-XSS-Protection "1; mode=block";
      72. add_header X-Robots-Tag none;
      73. add_header X-Download-Options noopen;
      74. add_header X-Permitted-Cross-Domain-Policies none;
      75. add_header Referrer-Policy no-referrer always;
      76. # Optional: Don't log access to assets
      77. access_log off;
      78. }
      79. location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
      80. try_files $uri /index.php$uri$is_args$args;
      81. # Optional: Don't log access to other assets
      82. access_log off;
      83. }
      Display All

      I get no errors within Nextcloud -> Settings ->Overview



      but checking Nextcloud Security Scan throws me:




      Changing my config to

      Source Code

      1. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
      2. # add_header X-Content-Type-Options nosniff;
      3. # add_header X-Frame-Options "SAMEORIGIN";
      4. # add_header X-XSS-Protection "1; mode=block";
      5. add_header X-Robots-Tag none;
      6. # add_header X-Download-Options noopen;
      7. # add_header X-Permitted-Cross-Domain-Policies none;
      8. add_header Referrer-Policy no-referrer always;
      9. location = /robots.txt {
      10. log_not_found off;
      11. allow all;
      12. access_log off;
      13. }
      14. # The following 2 rules are only needed for the user_webfinger app.
      15. # Uncomment it if you're planning to use this app.
      16. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
      17. #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
      18. # last;
      19. location = /.well-known/carddav {
      20. return 301 $scheme://$host/remote.php/dav;
      21. }
      22. location = /.well-known/caldav {
      23. return 301 $scheme://$host/remote.php/dav;
      24. }
      25. #letsencrypt
      26. location ^~ /.well-known/acme-challenge/ { }
      27. # set max upload size
      28. client_max_body_size 50G;
      29. fastcgi_buffers 64 4K;
      30. # Disable gzip to avoid the removal of the ETag header
      31. gzip off;
      32. # Uncomment if your server is build with the ngx_pagespeed module
      33. # This module is currently not supported.
      34. #pagespeed off;
      35. error_page 403 /core/templates/403.php;
      36. error_page 404 /core/templates/404.php;
      37. location / {
      38. rewrite ^ /index.php$uri;
      39. }
      40. location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
      41. deny all;
      42. }
      43. location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
      44. deny all;
      45. }
      46. location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
      47. fastcgi_split_path_info ^(.+\.php)(/.*)$;
      48. include fastcgi_params;
      49. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      50. fastcgi_param PATH_INFO $fastcgi_path_info;
      51. fastcgi_param HTTPS on;
      52. #Avoid sending the security headers twice
      53. fastcgi_param modHeadersAvailable true;
      54. fastcgi_param front_controller_active true;
      55. # fastcgi_pass $socket;
      56. fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
      57. fastcgi_intercept_errors on;
      58. }
      59. location ~ ^/(?:updater|ocs-provider)(?:$|/) {
      60. try_files $uri/ =404;
      61. index index.php;
      62. }
      63. # Adding the cache control header for js and css files
      64. # Make sure it is BELOW the PHP block
      65. location ~* \.(?:css|js|woff|svg|gif)$ {
      66. try_files $uri /index.php$uri$is_args$args;
      67. add_header Cache-Control "public, max-age=7200";
      68. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
      69. add_header X-Content-Type-Options nosniff;
      70. add_header X-Frame-Options "SAMEORIGIN";
      71. add_header X-XSS-Protection "1; mode=block";
      72. add_header X-Robots-Tag none;
      73. add_header X-Download-Options noopen;
      74. add_header X-Permitted-Cross-Domain-Policies none;
      75. add_header Referrer-Policy no-referrer always;
      76. # Optional: Don't log access to assets
      77. access_log off;
      78. }
      79. location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
      80. try_files $uri /index.php$uri$is_args$args;
      81. # Optional: Don't log access to other assets
      82. access_log off;
      83. }
      Display All

      Gives me a positive check on Nextcloud Security Scan



      but within Nextcloud -> Settings -> Overview




      This is paradox! Whats wrong with my config? I am a little concerned about security of my cloud.

      Edit (2018-10-03):

      I figured out, that nextcloud security-scan is crap, I used securityheaders.com instead, which stated me an "A".
      I lack

      Source Code

      1. Content-Security-Policy
      2. Feature-Policy

      Has someone experience setting up these headers and can give me a little hint? I tried some recommendations I found on the internet, but it seems there is a synthax error in it.

      Example:

      Source Code

      1. add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";

      Source Code

      1. add_header Feature-Policy geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;


      It seems there is an problem with " " and ' ' signs.
      Chaos is found in greatest abundance wherever order is being sought.
      It always defeats order, because it is better organized.
      Terry Pratchett

      The post was edited 5 times, last by riff-raff ().

    • Users Online 1

      1 Guest