Nextcloud - gettin rid of errors ( Security & setup warnings)

What type of hardware are you using: VPS bought online
What YunoHost version are you running: 12.0.11
What app is this about: Nextcloud

Describe your issue

I am getting some backend errors in a fresh installation of nextcloud and like to get rid of them - but in most cases i dont know how to do that. Searchin myself did not get me a solution.

The errors:

Share relevant logs or error messages

There are some errors regarding your setup.

1
Your web server is not yet properly set up to allow file synchronisation, because the WebDAV interface seems to be broken. To allow this check to run you have to make sure that your Web server can connect to itself. Therefore it must be able to resolve and connect to at least one of itstrusted_domainsor theoverwrite.cli.url. This failure may be the result of a server-side DNS mismatch or outbound firewall rule.

2
Your webserver does not serve.mjsfiles using the JavaScript MIME type. This will break some apps by preventing browsers from executing the JavaScript files. You should configure your webserver to serve.mjsfiles with either thetext/javascriptorapplication/javascript MIME type.

3
The PHP memory limit is below the recommended value of 512 MB.

4

Your web server is not properly set up to resolve `.well-known` URLs, failed on: `/.well-known/webfinger` For more details see the documentation ↗.
191 errors in the logs since 23 January 2025, 11:43:37

5
Some headers are not set correctly on your instance - The X-Robots-TagHTTP header is not set tonoindex,nofollow. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly. - The Referrer-PolicyHTTP header is not set tono-referrer, no-referrer-when-downgrade, strict-origin, strict-origin-when-cross-originorsame-origin. This can leak referer information. See the W3C Recommendation. For more details see the documentation ↗.

6
There is an inactive LDAP configuration: s01

7
Integrity checker has been disabled. Integrity cannot be verified.

I also had the error:
One or more mimetype migrations are available. Occasionally new mimetypes are added to better handle certain file types. Migrating the mimetypes take a long time on larger instances so this is not done automatically during upgrades. Use the command occ maintenance:repair --include-expensive to perform the migrations.

but i already could solve this via entering the commend into nextcloud shell as described in the applications description.

same for:

`Your installation has no default phone region set. This is 
required to validate phone numbers in the profile settings without a 
country code. To allow numbers without a country code, please add 
"default_phone_region" with the respective ISO 3166-1 code of the region
 to your config file. For more details see the documentation ↗.`

where i entered my country code into the mentioned line of the config.php

1 Like

and what is your Nextcloud installed version?

Hi kaktux,

Regarding #6 on your list, have a look at a recent thread and its steps to resolve the issue in that case. Does it match your situation?

For #3 there is a suggestion over at the Nextcloud forum,

Is your Nextcloud at v30?

I too am befuddled by option 3. I don’t know how to modify Nextcloud’s install to address it - I can’t even login to root in the CLI (It defaults to a user called “nextcloud”, but I have no password set?)

Option 6 can be resolved by the thread linked wbk from what I can see.

result of > grep -R memory_lumit" /etc/php*/* gives:

nextcloud@yunohost:~$ grep -R “memory_limit” /etc/php*/*
/etc/php/8.3/fpm/php.ini:memory_limit = 128M
/etc/php/8.3/fpm/pool.d/www.conf:;php_admin_value[memory_limit] = 32M
grep: /etc/php/8.3/fpm/pool.d/nextcloud.conf: Permission denied
/etc/php/8.3/cli/php.ini:memory_limit = -1

(Nextcloud is 30.0.4)

2
Add this snipet to the NGINX config: /etc/nginx/ conf.d/nextcloud.domain.tld.d/nextcloud.conf

3
nano /etc/php/8.3/fpm/pool.d/nextcloud.conf
modify
php_admin_value[memory_limit] = 512M
and then
yunohost service restart php8.3-fpm

6
You can safely delete the s01 config with :
sudo -u nextcloud php8.3 --define apc.enable_cli=1 /var/www/nextcloud/occ ldap:delete-config s01

8
sudo -u nextcloud php8.3 --define apc.enable_cli=1 /var/www/nextcloud/occ maintenance:repair --include-expensive

2 Likes

Version is Nextcloud Hub 9 (30.0.4)

yes - v30.

grep -R “memory_limit” /etc/php*/*
gives

/etc/php/8.3/fpm/php.ini:memory_limit = 128M
/etc/php/8.3/fpm/pool.d/www.conf:;php_admin_value[memory_limit] = 32M
grep: /etc/php/8.3/fpm/pool.d/nextcloud.conf: Permission denied
/etc/php/8.3/cli/php.ini:memory_limit = -1

thx - that did get rid of some errors.

left are still

  • Error No 1.
    No solution yet.

  • Error No 2.
    for which i created the folder etc/nginx/ conf.d/nextcloud.domain.tld.d/
    and the file /etc/nginx/ conf.d/nextcloud.domain.tld.d/nextcloud.conf
    containing the code mentioned.

But the error still appears.

  • Error No.4
    no solution yet.

  • Error No. 5
    no solution yet

  • Error No.7
    no solution yet

thx for your help so far.

you mean in terminal?

i could do the changes as root → via sudo su

Error No 2.
for which i created the folder etc/nginx/ conf.d/nextcloud.domain.tld.d/
and the file /etc/nginx/ conf.d/nextcloud.domain.tld.d/nextcloud.conf
containing the code mentioned.

But the error still appears.

Nginx service must be restarted

i did restart nginx and entire yunohost server - but No2 -
Your webserver does not serve .mjsfiles using the JavaScript MIME type. This will break some apps by preventing browsers from executing the JavaScript files. You should configure your webserver to serve.mjsfiles with either thetext/javascriptorapplication/javascript MIME type.
still is shown in nextcloud backend.

I also just rechecked /etc/nginx/conf.d/nextcloud.domain.tld.d/nextcloud.conf - and it contains the 9 lines of code from above

Why? It should be there

nextcloud.domain.tld.d is to be replaced by your own Nextcloud domain.

Yes.

When trying to access super user via sudo su, Im prompted to enter in my password as expected. Neither my general Yunohost root password will take, or my specific Yunohost initial setup username/password. I am effectively locked out of root, it would seem.

I feel like the answer is staring me in the face and I feel silly for not being able to see it.

oh sorry - my bad :upside_down_face:
indeed this file already exists in /etc/nginx/conf.d/mynextclouddomain.com.d

But:
it already contains the lines

include mime.types;
types {
    text/javascript mjs;
}

i dont really see a difference to the option posted above.

Most of these warnings are false positives due to how yunohost handles permissions.
Try allowing access to your nextcloud instance to the Visitors group and you should see most of your remaining warnings disappear if not all.

My interpretation is that the tests Nextcloud performs require access to certain URLs which can be protected by Yunohost’s ssowat configuration.

Ideally you’d want finer permissioning, and I initially thought that was why we also had a separate “Nextcloud (api)” permission. But I couldn’t find what it translates to in ssowat. So, it’d be great to have some input from the team and maintainers here as to how to finely set permissions and then have that ship with the package :thinking:

1 Like