以下裝完Nextcloud後,安全及設定警告內的一些警告提示,有些提示內已經教怎麼做了,一些要自己爬。

There are some warnings regarding your setup.

  • The PHP OPcache is not properly configured. For better performance it is recommended to use the following settings in the php.ini:
  • opcache.enable=1
  • opcache.enable_cli=1
  • opcache.interned_strings_buffer=8
  • opcache.max_accelerated_files=10000
  • opcache.memory_consumption=128
  • opcache.save_comments=1
  • opcache.revalidate_freq=1

在/etc/php.d/10-opcache.ini 參照上述修改設定

The database is missing some indexes. Due to the fact that adding indexes on big tables could take some time they were not added automatically. By running “occ db:add-missing-indices” those missing indexes could be added manually while the instance keeps running. Once the indexes are added queries to those tables are usually much faster.

  • Missing index “owner_index” in table “oc_share”.
  • Missing index “initiator_index” in table “oc_share”.

#sudo -u nginx ./occ db:add-missing-indices

Some columns in the database are missing a conversion to big int. Due to the fact that changing column types on big tables could take some time they were not changed automatically. By running ‘occ db:convert-filecache-bigint’ those pending changes could be applied manually. This operation needs to be made while the instance is offline. For further details read the documentation page about this.

  • filecache.mtime
  • filecache.storage_mtime

#sudo -u nginx ./occ db:convert-filecache-bigint

This instance is missing some recommended PHP modules. For improved performance and better compatibility it is highly recommended to install them.

  • intl
  • imagick

#yum install -y php-intl php-imagick

The database is missing some indexes. Due to the fact that adding indexes on big tables could take some time they were not added automatically. By running “occ db:add-missing-indices” those missing indexes could be added manually while the instance keeps running. Once the indexes are added queries to those tables are usually much faster.

  • Missing index “twofactor_providers_uid” in table “oc_twofactor_providers”.
  • Missing index “version” in table “oc_whats_new”.
  • Missing index “cards_abid” in table “oc_cards”.
  • Missing index “cards_prop_abid” in table “oc_cards_properties”.

#sudo -u nginx ./occ db:add-missing-indices

  • MySQL is used as database but does not support 4-byte characters. To be able to handle 4-byte characters (like emojis) without issues in filenames or comments for example it is recommended to enable the 4-byte support in MySQL. For further details read the documentation page about this.

忘了紀錄,已經先處理完了,參照官方提供的來做就好,大略就是轉換為mb4

  • 目前 HTTP 的 X-Content-Type-Options 標頭設定並不是 “nosniff” ,這是一個潛在的安全性和隱私風險,我們建議調整此項設定。
  • 目前 HTTP 的 X-Robots-Tag 標頭設定並不是 “none” ,這是一個潛在的安全性和隱私風險,我們建議調整此項設定。
  • 目前 HTTP 的 X-Frame-Options 標頭設定並不是 “SAMEORIGIN” ,這是一個潛在的安全性和隱私風險,我們建議調整此項設定。
  • 目前 HTTP 的 X-Download-Options 標頭設定並不是 “noopen” ,這是一個潛在的安全性和隱私風險,我們建議調整此項設定。
  • 目前 HTTP 的 X-Permitted-Cross-Domain-Policies 標頭設定並不是 “none” ,這是一個潛在的安全性和隱私風險,我們建議調整此項設定。

盡量參照官網的Nginx conf設定,我自己設定nextcloud.conf 會造成上述錯誤。改照官網的來改就可以了

  • 您的網頁伺服器設定不正確,因此無法解析 “/.well-known/caldav” ,請至說明文件瞭解更多資訊。
  • 您的網頁伺服器設定不正確,因此無法解析 “/.well-known/carddav” ,請至說明文件瞭解更多資訊。

我的NextCloud用非標準443 Port,所以要修改這部分設定加上Port號如1234
location = /.well-known/carddav {
return 301 $scheme://$host:1234/remote.php/dav;
}

location = /.well-known/caldav {
return 301 $scheme://$host:1234/remote.php/dav;
}

  • 您沒有設定記憶體快取 (memcache),如果可以,請完成設定來提升效能。更多資訊請查閱說明文件

$sudo yum install -y redis memcached php-pecl-apcu php-pecl-redis
$sudo systemctl enable redis memcached
$sudo systemctl start redis memcached
$sudo vim /etc/php.d/40-apcu.ini
將 apc.enable_cli 改為1
$sudo vim /usr/share/nginx/nextcloud/config/config.php
加入
 ‘memcache.local’ => ‘\OC\Memcache\APCu’,
‘memcache.distributed’ => ‘\OC\Memcache\Redis’,
‘redis’ => [
‘host’ => ‘localhost’,
‘port’ => 6379,
],
‘memcache.locking’ => ‘\OC\Memcache\Redis’,

  • The “Referrer-Policy” HTTP header is not set to “no-referrer”, “no-referrer-when-downgrade”, “strict-origin”, “strict-origin-when-cross-origin” or “same-origin”. This can leak referer information. See the W3C Recommendation ↗.

$sudo vim /etc/nginx/conf.d/nextcloud.conf
在server{}內加入
add_header Strict-Transport-Security “max-age=31536000; includeSubDomains” always;