Fix errors on NextCloud

Case

A half year ago, I move Nextcloud and other services to new server. At that time, there was some error and alert had occurred. I fix only fatal error but not fixed other alerts.

I embarked on a modification of the rest of the warning.

Screenshot of alerts

Components

  • AWS Lightsail
  • Ubuntu 18.04
  • PHP7.3   - PHP7.4 is activated too because of other application's requirement
  • Version of Nextcloud: 17.07,18.07 (Updated during this work)
  • Web server: nginx
    • username: nginx

Update database

Alert say "Execute occ db:convert-filecache-bigint" then I do so

$ cd /path/to/nextcloud # Move to Nextcloud directory.

$ sudo -u nginx php occ db:convert-filecache-bigint # Execute php command as the user nginx."
This version of Nextcloud is not compatible with > PHP 7.3.<br/>You are currently running 7.4.8. # php7.4 was called but it was out of support so occured an error

# Make sure that php7.3 was activated and execute php command with version.
$ sudo systemctl start php7.3-fpm.service 
$ sudo -u nginx php7.3 occ db:convert-filecache-bigint
Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
Following columns will be updated:

* mounts.storage_id
* mounts.root_id
* mounts.mount_id

This can take up to hours, depending on the number of files in your instance!
Continue with the conversion (y/n)? [n] y

Done.

In that time, I upgraded Nextcloud So hereinafter the Version of Nextcloud is 18.07.

With upgrading, need new update about database.occ db:add-missing-indices

$ sudo -u nginx php occ db:add-missing-indices # missing version suffix but no probrem occured. I suppose Nextcloud 18.07 supporting PHP7.4.
Command "db:add-missing-indices" is not defined.
Do you want to run "db:add-missing-indices" instead?  (yes/no) [no]:
> yes

Check indices of the share table.
Check indices of the filecache table.
Check indices of the twofactor_providers table.
Check indices of the login_flow_v2 table.
Check indices of the whats_new table.
Check indices of the cards table.
Check indices of the cards_properties table.
Check indices of the calendarobjects_props table.
Adding calendarobject_calid_index index to the calendarobjects_props table, this can take some time...
calendarobjects_props table updated successfully.
Check indices of the schedulingobjects table.
Adding schedulobj_principuri_index index to the schedulingobjects table, this can take some time...
schedulingobjects table updated successfully.

Configure environment variable

Installation on Linux — Nextcloud latest Administration Manual latest documentation

By default, php-fpm disable some environment variables. Nextcloud requires to enable them. To be more specific, below configures is commented out by default, so uncomment them to enable.

env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp   

HSTS (HTTP Strict Transport Security)

It seems not necessary to apply HSTS in this case that the site is only for myself, but I did it to be safe.

Configure Nginx

Insert add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; into server directive for HTTPS in Nginx config file.

server {
    listen 443 ssl http2;
    # (snip)
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    # (snip)
}

References

HTTP Strict Transport Security (HSTS) and NGINX - NGINX Hardening and security guidance — Nextcloud latest Administration Manual latest documentation

Result

result

It is safe at this.