13. Dezember 2019: Anpassungen an der my.cnf
– expire_logs_days = 7 um das Volumen der bin-logs zu reduzieren
– Hinweis auf Weihnachtsurlaub (19.12.- 02.1.2020) hinzugefügt
09. Dezember 2019: Hinweis zu Portfreigaben ergänzt
– Port 80/TCP und 443/TCP müssen von außen erreichbar sein
06. Dezember 2019: PHP Anpassung
– sed -i ‚$aapc.enable_cli=1‘ /etc/php/7.3/mods-available/apcu.ini
(PHP muss im Anschluß an diesen Befehl neu gestartet werden (service php7.3-fpm restart))
November, 21st, 2019: changes to the Nextcloud config.php <-> ‘dbhost’ on both: Ubuntu and Debian,
– sudo -u www-data sed -i “s/.*dbhost.*/\’dbhost\’ \=\>\ \’localhost\:\/var\/run\/mysqld\/mysqld\.sock\’\,/g” /var/www/nextcloud/config/config.php
October, 24th, 2019: Ubuntu, Debian, NGINX, PHP
– Urgent security issue in NGINX/php-fpm (more)
September, 30th, 2019: Ubuntu, Debian, NGINX
– Nextcloud 17: added “add_header X-Frame-Options “SAMEORIGIN”;” to the header.conf
October, 03rd, 2019: Ubuntu, Debian, NGINX
– Nextcloud 17: fix for fail2ban (filter.d/nextcloud.conf)
September, 30th, 2019: Ubuntu, Debian, NGINX
– Nextcloud 17: added “add_header X-Frame-Options “SAMEORIGIN”;” to the header.conf
September, 03rd, 2019: Ubuntu, Debian
– create a technical user (acmeuser) to request your ssl certificates from let’s encrypt using acme
August, 07th, 2019: Ubuntu, Debian
– make sure Apache is stopped and disabled to install and start nginx
August, 02nd, 2019: Ubuntu, Debian, GitHub
– Made amendments to the vhost (nextcloud.conf) and added the backup.sh (example) to GitHub
– Changed to ngionx mainline ion GitHub either
July, 14th, 2019: Ubuntu and Debian
– Made amendments to the subdirectory (subfolder) configuration if you want to provide Nextcloud e.g. at https://your.dedyn.io/nextcloud
July, 12th, 2019: Debian
– The guide is now compatible with Debian 9 Stretch and Debian 10 Buster
July, 11th, 2019: MariaDB 10.4
– switched to MariaDB 10.4
June, 24th, 2019: NGINX, Apache2, Debian, Ubuntu
– updates to the nginx.conf, optimization.conf and nextcloud.conf were applied
– all the php configuration settings were renewed/reviewed
May 16th, 2019: NGINX, Debian, Ubuntu
– Nextcloud 16.0.1 and beeing more compatible using “ssl_ecdh_curve X448:secp521r1:secp384r1:prime256v1;” in the /etc/nginx/ssl.conf
May 13th, 2019: NGINX, Debian, Ubuntu
– enhanced the msmtp configuration (logrotate and php)
May 10th, 2019: NGINX, Debian, Ubuntu
– switched from postfix to msmtp
May 03rd, 2019: Apache2, NGINX, Debian, Ubuntu
– New cipher (ssl_ecdh_curve X448:secp521r1:secp384r1) – uncaught ImagickException: sed -i “s/rights\=\”none\” pattern\=\”PDF\”/rights\=\”read\|write\” pattern\=\”PDF\”/” /etc/ImageMagick-6/policy.xml
April 28th, 2019: NGINX, Debian, Ubuntu
– Nextcloud 16 and Pre-defined DHE group (https://wiki.mozilla.org/Security/Server_Side_TLS#ffdhe4096)
April 13th, 2019: NGINX, Debian, Ubuntu
– set resolver to 127.0.0.1 (link), thx to Dmitriy
April 11th, 2019: NGINX, Debian, Ubuntu
– check if file exists before moving it (default.conf)
March 18th, 2019: NGINX, Debian, Ubuntu
– acme is used to request and renew ssl certificates from let’s encrypt
March 17th, 2019: NGINX, Debian, Ubuntu
– TLS v. 1.3 per default
March 08th, 2019: NGINX
– changes to ssl.conf
February 27th, 2019: NGINX
– added *.sh to the Nextcloud optimization chapter
February 26th, 2019: NGINX
– updated to NGINX 1.15.9
February 14th, 2019: NGINX
– added 127.0.0.1 to the geoip section
February 01st, 2019: NGINX
– added geoip to nginx to protect your server by verifying the origin-ip
January 31th, 2019:
– mount additional storage to your Nextcloud using the external storage app
January 30th, 2019:
– removed /upload_tmp from PHP to prevent Nextcloud errors
January 25th, 2019:
– removed duplicate entry from my.cnf and sorted alphabetically
January 21st, 2019:
– added logwatch
– DEBIAN: added backports for certbot (Certbot / Let’s Encrypt: February, 13th 2019 end of life for all tls sni 01 validation-support)
January, 17th, 2019: NGINX, APACHE2, GITHUB
– made changes to the header feature policy in the header.conf
January, 11th, 2019: NGINX
– updated nextcloud.conf (woff2?) required from Nextcloud 15.0.1
January, 08th, 2019: NGINX
– updated to PHP 7.3
– smaller ammendments to my.cnf (innodb_buffer_pool_size=1024M and innodb_io_capacity=4000)
December 21st, 2018: NGINX
– monitor your server using netdata
– mount additional storage to your Nextcloud server
– install postfix and configure system notification mails
– a second factor for ssh (2fa)
December 15th, 2018: APACHE2
– updated headers for Nextcloud 15
December, 12th 2018: NGINX
– ammendmend for the new SOCIAL app in the nextcloud.conf for Nextcloud 15
December, 10th 2018: NGINX, APACHE2
– updated to Nextcloud 15
October, 25th 2018: NGINX
– added ssl early data directive to both: ssl.conf and proxy.conf
October, 17th 2018:
– added downloadable files for nextclouds fail2ban configuration
October, 10th 2018: NGINX
– made smaller ammendments to the my.cnf regarding mysql logging
October, 7th 2018: NGINX
– more secure using a new header statement: add_header Feature-Policy “geolocation ‘self’”;
find out more about Feature-Policy
October, 05th 2018: NGINX
– cosmetical updates (version series) only
September, 21st 2018: NGINX
– ammendments to nginx.conf: resolver 208.67.222.222 valid=30s; resolver_timeout 5s;
September, 15th 2018: Apache2
– added security headers to <IfModule mod_headers.c>
September, 14th 2018: NGINX
– Disable auth.bruteforce.protection
September, 11th 2018: NGINX
– smaller amendments to external links (Nextcloud 14)
– declared two mountpoints as optional only:
sed -i ‘$atmpfs /tmp tmpfs defaults,noatime,nosuid,nodev,noexec,mode=1777 0 0’ /etc/fstab
sed -i ‘$atmpfs /var/tmp tmpfs defaults,noatime,nosuid,nodev,noexec,mode=1777 0 0’ /etc/fstab
September, 06th 2018: NGINX
– Nextcloud 14 released
July, 31st 2018: NGINX
– added two occ statements for databse optimizations
July, 27th 2018: NGINX
– changes to the header.conf (add_header Referrer-Policy “no-referrer” always;)
July, 20th 2018: NGINX
– new MariaDB version (10.3.8) and MariaDB configuration
July, 19th 2018: NGINX
– minor amendments to the spamhaus-script
July, 10th 2018: NGINX
– added chapter 6.1 (thx to @ank0m): harden your Nextcloud using the spamhaus project
July, 8th 2018: NGINX
– MariaDB changes: transaction_isolation = READ-COMMITTED, binlog_format = ROW
June, 21st 2018: NGINX
– made changes to the renewal procedure regarding certbot
June, 14th 2018: NGINX
– made changes to the ssl.conf and to the procedure to obtain ssl-certificates from let’s encrypt
June, 13th 2018: NGINX
– updated the nginx.conf and added a “server security verification”
June, 10th 2018: NGINX
– updated the ssl.conf: changed the ssl_cipher and ssl_ecdh_curve to become more compatible and gain 100% at Qualys SSL Labs
June, 6th 2018: NGINX
– updated to NGINX 1.15
June, 3rd 2018: NGINX
– Ammendmends to fail2ban (added [nginx-http-auth])
May, 27th 2018: NGINX
– change the NGINX repository from xenial to bionic
May, 17th 2018: NGINX
– ammendment to the renewal cronjob
May, 3rd 2018: NGINX
– added an optimize.sh to run a second Nextcloud cron
April, 30th 2018: NGINX
– Nextcloud silent installation
– modifications to the config.php
April, 17th, 2018: NGINX
– updated to nginx 1.14 stable
April, 10th 2018: NGINX
– added two statements regarding php sessionclean:
(“sed -i “s/09,39.*/# &/” /etc/cron.d/php” and “(crontab -l ; echo “09,39 * * * * /usr/lib/php/sessionclean 2>&1”) | crontab -u root -“)
April, 6th 2018: NGINX
– ammend a fail2ban regex regarding trusted domain errors
March 27th, 2018: NGINX
– ERROR FOUND regarding the APC changes fom March, 26th, 2018:
please create a new directory /usr/local/tmp/apc, ammend the setting in the php.ini from /tmp/apc to /usr/local/tmp/apc and add the new directory to your /etc/fstab
March 26th, 2018: NGINX
– created /tmp/apc and made further PHP performance tweaks regarding APCu Object Cache (thx to markus-blog.de)
March 25th, 2018: NGINX
– added vhost files including netdata (Nextcloud 13 advanced guide only!)
– hint for Android users to decrease cipher strength and eliptic curve if troubles with e.g. CalDAV/CardDAV would occur.
March 23rd, 2018: NGINX
– made changes to the config.php: ‘oc’ to ‘oc_‘
– added an egrep statement for the origin params to be paste in the new config.php
March 21st, 2018: NGINX
– added ‘share_folder’ => ‘/Shares’, to the new ordered config.php
March 18th, 2018: NGINX
– Nextcloud download now points to the latest release
March 14th, 2018: NGINX
– made changes to the /etc/fstab
March 13th, 2018: NGINX
– security enhancements to redis and Nextclouds config.php
March 11th, 2018: NGINX
– added a second Nextcloud cronjobs to “cleanup” app-data
March 09th, 2018: NGINX
– added a second nextcloud.conf to run Nextcloud in a subdir of your webserver
Feb. 28th, 2018: NGINX
– mysql_secure_installation – added a description
– optimization.conf: added “fastcgi_read_timeout 3600;”
Feb. 26th, 2018: NGINX
– ammendments to the nextcloud.conf (“proxy_set_header Host $host;” and “location ~ \.(?:css|js|woff|svg|gif|png|html|ttf|ico|jpg|jpeg)$”)
