…update history

July, 31st 2018:
– added two occ statements for databse optimizations

July, 27th 2018:
– changes to the header.conf (add_header Referrer-Policy “no-referrer” always;)

July, 20th 2018:
– new MariaDB version (10.3.8) and MariaDB configuration

July, 19th 2018:
– minor amendments to the spamhaus-script

July, 10th 2018:
– added chapter 6.1 (thx to @ank0m): harden your Nextcloud using the spamhaus project

July, 8th 2018:
– MariaDB changes: transaction_isolation = READ-COMMITTED, binlog_format = ROW

June, 21st 2018:
– made changes to the renewal procedure regarding certbot

June, 14th 2018:
– made changes to the ssl.conf and to the procedure to obtain ssl-certificates from let’s encrypt

June, 13th 2018:
– updated the nginx.conf and added a “server security verification

June, 10th 2018:
– updated the ssl.conf: changed the ssl_cipher and ssl_ecdh_curve to become more compatible and gain 100% at Qualys SSL Labs

June, 6th 2018:
– updated to NGINX 1.15

June, 3rd 2018:
– Ammendmends to fail2ban (added [nginx-http-auth])

May, 27th 2018:
– change the NGINX repository from xenial to bionic

May, 17th 2018:
– ammendment to the renewal cronjob

May, 3rd 2018:
– added an optimize.sh to run a second Nextcloud cron

April, 30th 2018:
– Nextcloud silent installation
– modifications to the config.php

April, 17th, 2018:
– updated to nginx 1.14 stable

April, 10th 2018:
– added two statements regarding php sessionclean:
(“sed -i “s/09,39.*/# &/” /etc/cron.d/php” and “(crontab -l ; echo “09,39 * * * * /usr/lib/php/sessionclean 2>&1”) | crontab -u root -“)

April, 6th 2018:
– ammend a fail2ban regex regarding trusted domain errors

March 27th, 2018:
– ERROR FOUND regarding the APC changes fom March, 26th, 2018:
please create a new directory /usr/local/tmp/apc, ammend the setting in the php.ini from /tmp/apc to /usr/local/tmp/apc and add the new directory to your /etc/fstab

March 26th, 2018:
– created /tmp/apc and made further PHP performance tweaks regarding APCu Object Cache (thx to markus-blog.de)

March 25th, 2018:
– added vhost files including netdata (Nextcloud 13 advanced guide only!)
hint for Android users to decrease cipher strength and eliptic curve if troubles with e.g. CalDAV/CardDAV would occur.

March 23rd, 2018:
– made changes to the config.php: ‘oc’ to ‘oc_
– added an egrep statement for the origin params to be paste in the new config.php

March 21st, 2018:
– added ‘share_folder’ => ‘/Shares’, to the new ordered config.php

March 18th, 2018:
– Nextcloud download now points to the latest release

March 14th, 2018:
– made changes to the /etc/fstab

March 13th, 2018:
– security enhancements to redis and Nextclouds config.php

March 11th, 2018:
– added a second Nextcloud cronjobs to “cleanup” app-data

March 09th, 2018:
– added a second nextcloud.conf to run Nextcloud in a subdir of your webserver

Feb. 28th, 2018:
– mysql_secure_installation – added a description
– optimization.conf: added “fastcgi_read_timeout 3600;”

Feb. 26th, 2018:
– ammendments to the nextcloud.conf (“proxy_set_header Host $host;” and “location ~ \.(?:css|js|woff|svg|gif|png|html|ttf|ico|jpg|jpeg)$”)

Carsten Rieger