Nextcloud sur VPS/Plesk:¶
https://docs.nextcloud.com/server/18/admin_manual/index.html
Paramètres PHP:¶
Directives supplémentaires:¶
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
[php-fpm-pool-settings]
env[PATH] = /usr/local/bin:/usr/bin:/bin
Paramètres Apache et Nginx:¶
Directives supplémentaires Apache:¶
<LocationMatch "(?i:(?:wp-config\\.bak|\\.wp-config\\.php\\.swp|(?:license|changelog|-config|-sample)\\.(?:php|md|txt|htm|html)))">
Require all denied
</LocationMatch>
Directives supplémentaires Nginx:¶
# wordpress
location ~* "(?:wp-config\.bak|\.wp-config\.php\.swp|(?:license|changelog|-config|-sample)\.(?:php|md|txt|htm|html))" {
return 403;
}
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
# HTTP response headers borrowed from Nextcloud `.htaccess`
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in the Nextcloud `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /nextcloud/remote.php/dav/; }
location = /.well-known/caldav { return 301 /nextcloud/remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /nextcloud/index.php$request_uri;
}
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended
# to have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read
# into this topic first.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy no-referrer;
add_header X-Content-Type-Options nosniff;
add_header X-Download-Options noopen;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Robots-Tag none;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
}
Réparation¶
Se mettre dans le répertoire de Nextcloud:
~$ cd ~/httpdocs/nextcloud
Activer le mode maintenance:
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php occ maintenance:mode --on
The current PHP memory limit is below the recommended value of 512MB.
Maintenance mode enabled
Lance une réparation:
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php occ maintenance:repair
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php updater/updater.phar
Nextcloud Updater - version: v16.0.3-3-ga0c2b25 dirty
Current version is 18.0.3.
No update available.
Nothing to do.
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php occ upgrade
The current PHP memory limit is below the recommended value of 512MB.
Nextcloud is already latest version
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php occ maintenance:mode --off
The current PHP memory limit is below the recommended value of 512MB.
Maintenance mode disabled
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php console.php files:scan --all
The current PHP memory limit is below the recommended value of 512MB.
Starting scan for user 1 out of 1 (bruno)
+---------+-------+--------------+
| Folders | Files | Elapsed time |
+---------+-------+--------------+
| 5 | 16 | 00:00:00 |
+---------+-------+--------------+`
Mise-à-jour de Nextcloud:¶
~$ ./upgrade_nextcloud.sh
Si erreur pendant la m-à-j : PHP Fatal error: Allowed memory size of 134217728 bytes exhausted
[✔] Downloading
[ ] Verify integrity ...PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 189370744 bytes) in phar:///var/www/vhosts/maboiteverte.fr/httpdocs/nextcloud/updater/updater.phar/lib/Updater.php on line 652
executer la commande avec -d memory_limit=-1en paramètre:
[bruno@localhost nextcloud]$ sudo -u bruno /opt/plesk/php/8.0/bin/php -d memory_limit=-1 updater/updater.phar
Nextcloud Updater - version: v25.0.3-2-gd49ee0d
Erreurs:¶
La base de données a quelques index manquants:¶
~/httpdocs/nextcloud$ sudo -u bruno /opt/plesk/php/8.0/bin/php occ db:add-missing-indices
Le module php-imagick n’a aucun support SVG dans cette instance (Nextcloud 21.0.1)¶
Il faut installer libmagickcore:
$ sudo apt install libmagickcore-6.q16-3-extra
Joplin:¶
bruno@localhost:~/.nextcloud/data/9d67e72f9807/bruno/files$ l
total 10728
drwxr-xr-x 5 bruno psacln 4096 Apr 12 08:39 .
drwxr-xr-x 6 bruno psacln 4096 Apr 12 09:59 ..
drwxr-xr-x 2 bruno psacln 4096 Apr 11 19:15 Documents
drwxr-xr-x 5 bruno psacln 16384 Apr 12 12:55 .Joplin
-rw-r--r-- 1 bruno psacln 3963036 Apr 11 19:15 'Nextcloud intro.mp4'
-rw-r--r-- 1 bruno psacln 6933565 Apr 11 19:15 'Nextcloud Manual.pdf'
-rw-r--r-- 1 bruno psacln 50598 Apr 11 19:15 Nextcloud.png
drwxr-xr-x 2 bruno psacln 4096 Apr 11 19:15 Photos
Logs:¶
Afficher les logs:
tail -f /var/www/vhosts/maboiteverte.fr/httpdocs/nextcloud/data/nextcloud.log
Configuration:
# dans config.php:
'loglevel' => 2,
'log_type' => 'file',
'logfile' => 'nextcloud.log',
'logdateformat' => 'F d, Y H:i:s',
Problèmes de synchro
Plesk -> Wordpress -> maboiteverte.fr -> Vérifier la sécurité:
Décocher:
- Bloquer l'accès aux fichiers potentiellement sensibles¶
Installer Nextcloud en ligne de commande
Dernière mise à jour:
March 4, 2022