Updates


…update history

October, 17th 2018:
– added a downloadable file for nextclouds fail2ban configuration

October, 10th 2018: NGINX
– made smaller ammendments to the my.cnf regarding mysql logging

October, 7th 2018: NGINX
– more secure using a new header statement: add_header Feature-Policy “geolocation ‘self'”;
find out more about Feature-Policy

October, 05th 2018: NGINX
– cosmetical updates (version series) only

September, 21st 2018: NGINX
– ammendments to nginx.conf: resolver 208.67.222.222 valid=30s; resolver_timeout 5s;

September, 15th 2018: Apache2
– added security headers to <IfModule mod_headers.c>

September, 14th 2018: NGINX
– Disable auth.bruteforce.protection

September, 11th 2018: NGINX
– smaller amendments to external links (Nextcloud 14)
– declared two mountpoints as optional only:
sed -i ‘$atmpfs /tmp tmpfs defaults,noatime,nosuid,nodev,noexec,mode=1777 0 0’ /etc/fstab
sed -i ‘$atmpfs /var/tmp tmpfs defaults,noatime,nosuid,nodev,noexec,mode=1777 0 0’ /etc/fstab

September, 06th 2018: NGINX
Nextcloud 14 released

July, 31st 2018: NGINX
– added two occ statements for databse optimizations

July, 27th 2018: NGINX
– changes to the header.conf (add_header Referrer-Policy “no-referrer” always;)

July, 20th 2018: NGINX
– new MariaDB version (10.3.8) and MariaDB configuration

July, 19th 2018: NGINX
– minor amendments to the spamhaus-script

July, 10th 2018: NGINX
– added chapter 6.1 (thx to @ank0m): harden your Nextcloud using the spamhaus project

July, 8th 2018: NGINX
– MariaDB changes: transaction_isolation = READ-COMMITTED, binlog_format = ROW

June, 21st 2018: NGINX
– made changes to the renewal procedure regarding certbot

June, 14th 2018: NGINX
– made changes to the ssl.conf and to the procedure to obtain ssl-certificates from let’s encrypt

June, 13th 2018: NGINX
– updated the nginx.conf and added a “server security verification

June, 10th 2018: NGINX
– updated the ssl.conf: changed the ssl_cipher and ssl_ecdh_curve to become more compatible and gain 100% at Qualys SSL Labs

June, 6th 2018: NGINX
– updated to NGINX 1.15

June, 3rd 2018: NGINX
– Ammendmends to fail2ban (added [nginx-http-auth])

May, 27th 2018: NGINX
– change the NGINX repository from xenial to bionic

May, 17th 2018: NGINX
– ammendment to the renewal cronjob

May, 3rd 2018: NGINX
– added an optimize.sh to run a second Nextcloud cron

April, 30th 2018: NGINX
– Nextcloud silent installation
– modifications to the config.php

April, 17th, 2018: NGINX
– updated to nginx 1.14 stable

April, 10th 2018: NGINX
– added two statements regarding php sessionclean:
(“sed -i “s/09,39.*/# &/” /etc/cron.d/php” and “(crontab -l ; echo “09,39 * * * * /usr/lib/php/sessionclean 2>&1”) | crontab -u root -“)

April, 6th 2018: NGINX
– ammend a fail2ban regex regarding trusted domain errors

March 27th, 2018: NGINX
– ERROR FOUND regarding the APC changes fom March, 26th, 2018:
please create a new directory /usr/local/tmp/apc, ammend the setting in the php.ini from /tmp/apc to /usr/local/tmp/apc and add the new directory to your /etc/fstab

March 26th, 2018: NGINX
– created /tmp/apc and made further PHP performance tweaks regarding APCu Object Cache (thx to markus-blog.de)

March 25th, 2018: NGINX
– added vhost files including netdata (Nextcloud 13 advanced guide only!)
hint for Android users to decrease cipher strength and eliptic curve if troubles with e.g. CalDAV/CardDAV would occur.

March 23rd, 2018: NGINX
– made changes to the config.php: ‘oc’ to ‘oc_
– added an egrep statement for the origin params to be paste in the new config.php

March 21st, 2018: NGINX
– added ‘share_folder’ => ‘/Shares’, to the new ordered config.php

March 18th, 2018: NGINX
– Nextcloud download now points to the latest release

March 14th, 2018: NGINX
– made changes to the /etc/fstab

March 13th, 2018: NGINX
– security enhancements to redis and Nextclouds config.php

March 11th, 2018: NGINX
– added a second Nextcloud cronjobs to “cleanup” app-data

March 09th, 2018: NGINX
– added a second nextcloud.conf to run Nextcloud in a subdir of your webserver

Feb. 28th, 2018: NGINX
– mysql_secure_installation – added a description
– optimization.conf: added “fastcgi_read_timeout 3600;”

Feb. 26th, 2018: NGINX
– ammendments to the nextcloud.conf (“proxy_set_header Host $host;” and “location ~ \.(?:css|js|woff|svg|gif|png|html|ttf|ico|jpg|jpeg)$”)



Carsten Rieger