Mercredi 12 février 2020

OVH vps785909 (1 vCore/2GoRam/20GoSSD) Debian Buster

nc.cinay.eu - Nextcloud

Liens

Prérequis

Serveur Debian Buster fonctionnel

  • nginx version: nginx/1.16.1
  • OpenSSL 1.1.1d
  • mysql Ver 15.1 Distrib 10.3.18-MariaDB (Mot de passe MySql/MariaDB : /etc/mysql/mdp)
  • PHP 7.3
  • Certificats Let’s Encrypt
  • Parefeu iptables
  • Installer le cache PHP acpu : sudo apt install php-apcu

nginx - Changer la configuration nginx.conf

IPV4 54.37.13.57 , IPV6 2001:41d0:401:3200::d48 , serveur VPS
Sauvegarde et création nouveau fichier nginx.conf

mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak && nano /etc/nginx/nginx.conf

Collez les lignes suivantes:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
}

http {
  server_names_hash_bucket_size 64;
		upstream php-handler {
	  		server unix:/run/php/php7.3-fpm.sock;
		}

	
	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
}

Nginx - Changer le paramétrage SSL DH HEADERS OCSP

nouveau fichier ssl_dh_headers_ocsp

nano /etc/nginx/ssl_dh_headers_ocsp
    ssl_certificate /etc/ssl/private/cinay.eu-fullchain.pem;
    ssl_certificate_key /etc/ssl/private/cinay.eu-key.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
    ssl_session_tickets off;

    ssl_dhparam /etc/ssl/private/dh2048.pem;

    # intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    # Add headers to serve security related headers
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    add_header X-Frame-Options "SAMEORIGIN"; 
    add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains;';
    add_header Referrer-Policy "no-referrer" always;

    # OCSP settings
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/ssl/private/cinay.eu-fullchain.pem; 
    resolver 127.0.0.1;

Redémarrez NGINX

service nginx restart 

PHP - configuration

Exécuter les instructions suivantes

cp /etc/php/7.3/fpm/pool.d/www.conf /etc/php/7.3/fpm/pool.d/www.conf.bak
cp /etc/php/7.3/cli/php.ini /etc/php/7.3/cli/php.ini.bak
cp /etc/php/7.3/fpm/php.ini /etc/php/7.3/fpm/php.ini.bak
cp /etc/php/7.3/fpm/php-fpm.conf /etc/php/7.3/fpm/php-fpm.conf.bak

sed -i "s/;env\[HOSTNAME\] = /env[HOSTNAME] = /" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s/;env\[TMP\] = /env[TMP] = /" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s/;env\[TMPDIR\] = /env[TMPDIR] = /" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s/;env\[TEMP\] = /env[TEMP] = /" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s/;env\[PATH\] = /env[PATH] = /" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s/pm.max_children = .*/pm.max_children = 240/" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s/pm.start_servers = .*/pm.start_servers = 20/" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s/pm.min_spare_servers = .*/pm.min_spare_servers = 10/" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s/pm.max_spare_servers = .*/pm.max_spare_servers = 20/" /etc/php/7.3/fpm/pool.d/www.conf
sed -i "s/;pm.max_requests = 500/pm.max_requests = 500/" /etc/php/7.3/fpm/pool.d/www.conf

sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/7.3/cli/php.ini
sed -i "s/max_execution_time =.*/max_execution_time = 1800/" /etc/php/7.3/cli/php.ini
sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/7.3/cli/php.ini
sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/7.3/cli/php.ini
sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/7.3/cli/php.ini
sed -i "s/max_file_uploads =.*/max_file_uploads = 100/" /etc/php/7.3/cli/php.ini
sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/7.3/cli/php.ini
sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/7.3/cli/php.ini

sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php/7.3/fpm/php.ini
sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/7.3/fpm/php.ini
sed -i "s/max_execution_time =.*/max_execution_time = 1800/" /etc/php/7.3/fpm/php.ini
sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/7.3/fpm/php.ini
sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/7.3/fpm/php.ini
sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/7.3/fpm/php.ini
sed -i "s/max_file_uploads =.*/max_file_uploads = 100/" /etc/php/7.3/fpm/php.ini
sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/7.3/fpm/php.ini
sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/7.3/fpm/php.ini
sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/7.3/fpm/php.ini
sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/7.3/fpm/php.ini
sed -i "s/;opcache.memory_consumption=.*/opcache.memory_consumption=128/" /etc/php/7.3/fpm/php.ini
sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=8/" /etc/php/7.3/fpm/php.ini
sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/7.3/fpm/php.ini
sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/7.3/fpm/php.ini
sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/7.3/fpm/php.ini

sed -i "s/;emergency_restart_threshold =.*/emergency_restart_threshold = 10/" /etc/php/7.3/fpm/php-fpm.conf
sed -i "s/;emergency_restart_interval =.*/emergency_restart_interval = 1m/" /etc/php/7.3/fpm/php-fpm.conf
sed -i "s/;process_control_timeout =.*/process_control_timeout = 10s/" /etc/php/7.3/fpm/php-fpm.conf

sed -i "s/09,39.*/# &/" /etc/cron.d/php
(crontab -l ; echo "09,39 * * * * /usr/lib/php/sessionclean 2>&1") | crontab -u root -

cp /etc/ImageMagick-6/policy.xml /etc/ImageMagick-6/policy.xml.bak
sed -i "s/rights\=\"none\" pattern\=\"PS\"/rights\=\"read\|write\" pattern\=\"PS\"/" /etc/ImageMagick-6/policy.xml
sed -i "s/rights\=\"none\" pattern\=\"EPI\"/rights\=\"read\|write\" pattern\=\"EPI\"/" /etc/ImageMagick-6/policy.xml
sed -i "s/rights\=\"none\" pattern\=\"PDF\"/rights\=\"read\|write\" pattern\=\"PDF\"/" /etc/ImageMagick-6/policy.xml
sed -i "s/rights\=\"none\" pattern\=\"XPS\"/rights\=\"read\|write\" pattern\=\"XPS\"/" /etc/ImageMagick-6/policy.xml

Redémarrez les deux, PHP et NGINX

systemctl restart php7.3-fpm nginx

MariaDB - configuration

mariaDB installé, motde passe /etc/mysql/mdp

Vérifiez la version de votre serveur de base de données:

mysql --version

mysql Ver 15.1 Distrib 10.3.22-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

Configurer “my.cnf” MariaDB

service mysql stop
mv /etc/mysql/my.cnf /etc/mysql/my.cnf.bak && nano /etc/mysql/my.cnf

Collez les lignes suivantes:

[client-server]

# Import all .cnf files from configuration directory
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mariadb.conf.d/

[mysqld]
transaction_isolation = READ-COMMITTED

Redémarrer MariaDB

service mysql restart 

MariaDB - création base nextcloud

Générer un mot de passe pour nextcloud

echo $(head -c 12 /dev/urandom | openssl enc -base64) > /etc/mysql/nextcloud

Créer la base “nextcloud”

mysql -uroot -p$(cat /etc/mysql/mdp) -e "CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; CREATE USER nextcloud@localhost identified by '$(cat /etc/mysql/nextcloud)'; GRANT ALL PRIVILEGES on nextcloud.* to nextcloud@localhost; FLUSH privileges;"

Vérifiez que le niveau d’isolement de la transaction a été défini sur READ_Commit et que le classement a été défini sur UTF8MB4 correctement:

mysql -h localhost -uroot -p$(cat /etc/mysql/mdp) -e "SELECT @@TX_ISOLATION; SELECT SCHEMA_NAME 'database', default_character_set_name 'charset', DEFAULT_COLLATION_NAME 'collation' FROM information_schema.SCHEMATA WHERE SCHEMA_NAME='nextcloud'"
+----------------+
| @@TX_ISOLATION |
+----------------+
| READ-COMMITTED |
+----------------+
+-----------+---------+--------------------+
| database  | charset | collation          |
+-----------+---------+--------------------+
| nextcloud | utf8mb4 | utf8mb4_general_ci |
+-----------+---------+--------------------+

Si le résultat est “READ-COMMITTED” et “utf8mb4_general_ci” comme indiqué, poursuivez l’installation de redis.

Redis

Redis, qui signifie Remote Dictionary Server (Serveur de dictionnaire à distance), est un système de stockage de données clé-valeur en mémoire, open source et rapide, pour une utilisation en tant que base de données, de cache, de courtier de messages et de file d’attente. Le projet a démarré lorsque Salvatore Sanfilippo, le développeur initial de Redis, a essayé d’améliorer la scalabilité de sa startup italienne. Redis offre désormais des temps de réponse inférieurs à la milliseconde permettant des millions de demandes par seconde pour des applications en temps réel dans les domaines du jeu, de la technologie publicitaire, des services financiers, des soins de santé et de l’Internet des objets. Redis est un choix populaire pour la mise en cache, la gestion de session, les jeux, les classements, l’analyse en temps réel, le géospatial, l’appel de voiture avec chauffeur, le chat/la messagerie, le streaming multimédia et les applications pub/sub.

Installation

apt update && apt install redis-server php-redis -y

Changer la configuration et l’appartenance à un groupe

cp /etc/redis/redis.conf /etc/redis/redis.conf.bak
sed -i "s/port 6379/port 0/" /etc/redis/redis.conf
sed -i s/\#\ unixsocket/\unixsocket/g /etc/redis/redis.conf
sed -i "s/unixsocketperm 700/unixsocketperm 770/" /etc/redis/redis.conf
sed -i "s/# maxclients 10000/maxclients 512/" /etc/redis/redis.conf
sed -i "s/supervised no/supervised systemd/" /etc/redis/redis.conf
usermod -a -G redis www-data

cp /etc/sysctl.conf /etc/sysctl.conf.bak
sed -i '$avm.overcommit_memory = 1' /etc/sysctl.conf

Il est recommandé de redémarrer votre serveur une fois:

systemctl reboot  # ou shutdown -r now 

Nginx - optimization_params

Créer optimization_params

nano /etc/nginx/optimization_params 

Coller les lignes suivantes

fastcgi_hide_header X-Powered-By;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_connect_timeout 3600;
fastcgi_buffers 64 64K;
fastcgi_buffer_size 256k;
fastcgi_busy_buffers_size 3840K;
fastcgi_cache_key $http_cookie$request_method$host$request_uri;
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
gzip_disable "MSIE [1-6]\.";

Nginx - php_optimization_params

Créez le php_optimization_params

nano /etc/nginx/php_optimization_params 

Coller les lignes suivantes

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_cache_valid 404 1m;
fastcgi_cache_valid any 1h;
fastcgi_cache_methods GET HEAD;

Améliorer la sécurité (créer à linstallation du serveur)

openssl dhparam -out /etc/ssl/private/dh2048.pem 2048

S’il vous plaît soyez patient, cela prendra un certain temps en fonction de votre matériel.

Nginx - nc.cinay.eu.conf

Créez les fichiers de configuration /etc/nginx/conf.d/nc.cinay.eu.conf

nano /etc/nginx/conf.d/nc.cinay.eu.conf
server {
		listen 80;
		listen [::]:80;
		# Let's encrypt par http
		# location ^~ /.well-known/acme-challenge {
		#	proxy_pass http://127.0.0.1:81;
		#	proxy_set_header Host $host;
		# }
		server_name nc.cinay.eu;
		location / {
		 return 301 https://$host$request_uri;
		}
}
server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name nc.cinay.eu;

    include ssl_dh_headers_ocsp;

	root /var/www/nextcloud/;
		location = /robots.txt {
			allow all;
			log_not_found off;
			access_log off;
		}
		location = /.well-known/carddav {
			return 301 $scheme://$host/remote.php/dav;
		}
		location = /.well-known/caldav {
			return 301 $scheme://$host/remote.php/dav;
		}
	#SOCIAL app enabled? Please uncomment the following row
	#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
	#WEBFINGER app enabled? Please uncomment the following two rows.
	#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
	#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
	client_max_body_size 10240M;
		location / {
			rewrite ^ /index.php;
		}
		location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
			deny all;
		}
		location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
			deny all;
		}
		location ^~ /apps/rainloop/app/data {
			deny all;
		}
		location ~ \.(?:flv|mp4|mov|m4a)$ {
			mp4;
			mp4_buffer_size 100M;
			mp4_max_buffer_size 1024M;
			fastcgi_split_path_info ^(.+?.php)(\/.*|)$;
			include fastcgi_params;
			include php_optimization_params;
			fastcgi_pass php-handler;
			fastcgi_param HTTPS on;
		}
		location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+).php(?:$|\/) {
			fastcgi_split_path_info ^(.+?.php)(\/.*|)$;
			try_files $fastcgi_script_name =404;
			include fastcgi_params;
			include php_optimization_params;
			fastcgi_pass php-handler;
			fastcgi_param HTTPS on;
		}
		location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
			try_files $uri/ =404;
			index index.php;
		}
		location ~ .(?:css|js|woff2?|svg|gif|map|png|html|ttf|ico|jpg|jpeg)$ {
			try_files $uri /index.php$request_uri;
			access_log off;
			expires 360d;
		}
}

Redémarrez NGINX

service nginx restart 

Créer des dossiers et appliquer des autorisations

mkdir -p /var/nc_data 
chown -R www-data:www-data /var/nc_data 

Nextcloud - installation

Méthode A
Télécharger la dernière version

sudo -s
wget https://download.nextcloud.com/server/releases/nextcloud-18.0.0.zip
unzip nextcloud-18.0.0.zip
mv nextcloud /var/www/
chown -R www-data.www-data /var/www/nextcloud
rm nextcloud-18.0.0.zip

Ouvrir le lien https://nc.cinay.eu

Des applications par défaut sont installés

Méthode B
cd /usr/local/src wget https://download.nextcloud.com/server/releases/latest.tar.bz2 tar -xjf latest.tar.bz2 -C /var/www && chown -R www-data:www-data /var/www/ && rm -f latest.tar.bz2

Infos Nextcloud

  • –database-name “nextcloud”: comme défini ci-dessus lors de la création de la base de données
  • –database-user “nextcloud”: comme défini ci-dessus lors de la création de l’utilisateur de la base de données
  • –database-pass “xxxxxxxxx”: comme défini ci-dessus lors de la création du mot de passe nextcloud
  • –admin-pass “Mot_de_passe_ncadmin” : à définir

Installez Nextcloud en mode silencieux

su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ maintenance:install --database "mysql" --database-name "nextcloud" --database-user "nextcloud" --database-pass "nextcloud" --admin-user "ncadmin" --admin-pass "Mot_de_passe_ncadmin" --data-dir "/var/nc_data"'

Configuration domaine

su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ config:system:set trusted_domains 0 --value=nc.cinay.eu'
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value=https://nc.cinay.eu'
cp /var/www/nextcloud/config/config.php /var/www/nextcloud/config/config.php.bak

Développez votre fichier Nextcloud config.php:

sed -i 's/^[ ]*//' /var/www/nextcloud/config/config.php
sed -i '/);/d' /var/www/nextcloud/config/config.php

cat <<EOF >>/var/www/nextcloud/config/config.php
'activity_expire_days' => 14,
'auth.bruteforce.protection.enabled' => true,
'blacklisted_files' => 
array (
0 => '.htaccess',
1 => 'Thumbs.db',
2 => 'thumbs.db',
),
'cron_log' => true,
'enable_previews' => true,
'enabledPreviewProviders' => 
array (
0 => 'OC\\Preview\\PNG',
1 => 'OC\\Preview\\JPEG',
2 => 'OC\\Preview\\GIF',
3 => 'OC\\Preview\\BMP',
4 => 'OC\\Preview\\XBitmap',
5 => 'OC\\Preview\\Movie',
6 => 'OC\\Preview\\PDF',
7 => 'OC\\Preview\\MP3',
8 => 'OC\\Preview\\TXT',
9 => 'OC\\Preview\\MarkDown',
),
'filesystem_check_changes' => 0,
'filelocking.enabled' => 'true',
'htaccess.RewriteBase' => '/',
'integrity.check.disabled' => false,
'knowledgebaseenabled' => false,
'logfile' => '/var/nc_data/nextcloud.log',
'loglevel' => 2,
'logtimezone' => 'Europe/Paris',
'log_rotate_size' => 104857600,
'maintenance' => false,
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'overwriteprotocol' => 'https',
'preview_max_x' => 1024,
'preview_max_y' => 768,
'preview_max_scale_factor' => 1,
'redis' => 
array (
'host' => '/var/run/redis/redis-server.sock',
'port' => 0,
'timeout' => 0.0,
),
'quota_include_external_storage' => false,
'share_folder' => '/Shares',
'skeletondirectory' => '',
'theme' => '',
'trashbin_retention_obligation' => 'auto, 7',
'updater.release.channel' => 'stable',
);
EOF

La base mysql “nextcloud”

sudo -u www-data sed -i "s/.*dbhost.*/\'dbhost\' \=\>\ \'localhost\:\/var\/run\/mysqld\/mysqld\.sock\'\,/g" /var/www/nextcloud/config/config.php

Nextcloud - /var/www/nextcloud/.user.ini

sudo -u www-data sed -i "s/output_buffering=.*/output_buffering='Off'/" /var/www/nextcloud/.user.ini
service php7.3-fpm restart && service redis-server restart && service nginx restart

Nextcloud - Ajuster les applications

su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ app:disable survey_client'
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ app:disable firstrunwizard'
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ app:enable admin_audit'
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ app:enable files_pdfviewer'

Nextcloud - Optimisation avec deux scripts shell

1-mettre à jour votre environnement périodiquement

nano /root/upgrade.sh
# Debian 9.x 10.x
#!/bin/bash
/usr/sbin/service nginx stop
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/updater/updater.phar'
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ status'
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ -V'
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ db:add-missing-indices'
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ db:convert-filecache-bigint'
sed -i "s/output_buffering=.*/output_buffering='Off'/" /var/www/nextcloud/.user.ini
chown -R www-data:www-data /var/www/nextcloud
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ app:update --all'
/usr/sbin/service php7.3-fpm restart
/usr/sbin/service nginx restart
exit 0

(infos: BigInt , indices manquants )

2-optimisez périodiquement votre Nextcloud

nano /root/optimize.sh
####
# Optimize your Nextcloud instance
# create a daily cronjob, e.g.:
# crontab -e
# 5 1 * * *  /usr/local/src/install-nextcloud/optimize.sh 2>&1
####
#!/bin/bash
redis-cli -s /var/run/redis/redis-server.sock <<EOF
FLUSHALL
quit
EOF
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ files:scan --all'
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ files:scan-app-data'
exit 0

Sauvegarder les deux scripts et les marquer comme exécutables

chmod +x /root/*.sh 

Exécuter les deux scripts

/root/upgrade.sh && /root/optimize.sh
Nextcloud Updater - version: v16.0.3-3-ga0c2b25 dirty

Current version is 18.0.0.

No update available.

Nothing to do.
  - installed: true
  - version: 18.0.0.10
  - versionstring: 18.0.0
  - edition: 
Nextcloud 18.0.0
Check indices of the share table.
Check indices of the filecache table.
Check indices of the twofactor_providers table.
Check indices of the login_flow_v2 table.
Check indices of the whats_new table.
Check indices of the cards table.
Check indices of the cards_properties table.
Check indices of the calendarobjects_props table.
Adding calendarobject_calid_index index to the calendarobjects_props table, this can take some time...
calendarobjects_props table updated successfully.
Check indices of the schedulingobjects table.
Adding schedulobj_principuri_index index to the schedulingobjects table, this can take some time...
schedulingobjects table updated successfully.
Following columns will be updated:

* mounts.storage_id
* mounts.root_id
* mounts.mount_id

This can take up to hours, depending on the number of files in your instance!
Continue with the conversion (y/n)? [n] y
OK
Starting scan for user 1 out of 1 (yann)
+---------+-------+--------------+
| Folders | Files | Elapsed time |
+---------+-------+--------------+
| 4       | 16    | 00:00:00     |
+---------+-------+--------------+

Scanning AppData for files

+---------+-------+--------------+
| Folders | Files | Elapsed time |
+---------+-------+--------------+
| 26      | 53    | 00:00:00     |
+---------+-------+--------------+

Ajouter des tâches cron pour Nextcloud pour www-data et root

Pour www-data :

crontab -u www-data -e

*/5 * * * * php -f /var/www/nextcloud/cron.php > /dev/null 2>&1

Pour root :

crontab -e 

5 1 * * * /root/optimize.sh 2>&1

Nextcloud - Bascule pour utiliser cron.php

su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ background:cron'

Set mode for background jobs to ‘cron’

Redémarrer tous les services

service mysql restart && service php7.3-fpm restart && service redis-server restart && service nginx restart

Nextcloud - Connexion nc.cinay.eu

Connexion en administrateur et vérification sécurité Clic sur “Roue dentelée” → Paramètres → Vue d’ensemble

Mozilla Observatory

https://observatory.mozilla.org/analyze/nc.cinay.eu