Nextcloud-Anleitung angepasst

nextcloud.md

@@ -62,7 +62,7 @@ upstream php-handler {
 server {
     listen 80;
     server_name IP-Adresse oder dynamische DNS;
-    # Enforce HTTPS
+    # enforce https
     return 301 https://$server_name$request_uri;
 }
 
@@ -76,20 +76,17 @@ server {
     # Security Headers
     add_header Strict-Transport-Security "max-age=15768000";
     add_header X-Content-Type-Options nosniff;
-    add_header X-Frame-Options "SAMEORIGIN";
     add_header X-XSS-Protection "1; mode=block";
     add_header X-Robots-Tag none;
     add_header X-Download-Options noopen;
     add_header X-Permitted-Cross-Domain-Policies none;
 
-
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
     ssl_prefer_server_ciphers on;
-    ssl_dhparam /path/to/dh-params
+    ssl_dhparam /path/to/dhparams.pem;
     ssl_session_cache shared:ssl_session_cache:10m;
 
-
     # Path to the root of your installation
     root /var/www;
 
@@ -99,18 +96,28 @@ server {
         access_log off;
     }
 
-    location = /.well-known/carddav {
-      return 301 $scheme://$host/nextcloud/remote.php/dav;
+    location ~ \.php(?:$|/) {
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+        fastcgi_param HTTPS on;
+        fastcgi_param modHeadersAvailable true;
+        fastcgi_param front_controller_active true;
+        fastcgi_pass php-handler;
+        fastcgi_intercept_errors on;
     }
+
+    location = /.well-known/carddav {
+        return 301 $scheme://$host/nextcloud/remote.php/dav;
+    }
+
     location = /.well-known/caldav {
-      return 301 $scheme://$host/nextcloud/remote.php/dav;
+        return 301 $scheme://$host/nextcloud/remote.php/dav;
     }
 
     location /.well-known/acme-challenge { }
 
     location ^~ /nextcloud {
-        # set max upload size
-        client_max_body_size 20148M;
         fastcgi_buffers 64 4K;
 
         # Disable gzip to avoid the removal of the ETag header
@@ -126,6 +133,7 @@ server {
         location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
             deny all;
         }
+
         location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
             deny all;
         }
@@ -136,12 +144,10 @@ server {
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             fastcgi_param PATH_INFO $fastcgi_path_info;
             fastcgi_param HTTPS on;
-            #Avoid sending the security headers twice
             fastcgi_param modHeadersAvailable true;
             fastcgi_param front_controller_active true;
             fastcgi_pass php-handler;
             fastcgi_intercept_errors on;
-#           fastcgi_request_buffering off;
         }
 
         location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {
@@ -154,19 +160,12 @@ server {
         location ~* \.(?:css|js|woff|svg|gif)$ {
             try_files $uri /nextcloud/index.php$uri$is_args$args;
             add_header Cache-Control "public, max-age=7200";
-            # Add headers to serve security related headers  (It is intended
-            # to have those duplicated to the ones above)
-            # Before enabling Strict-Transport-Security headers please read
-            # into this topic first.
-            # add_header Strict-Transport-Security "max-age=15768000;
-            # includeSubDomains; preload;";
             add_header X-Content-Type-Options nosniff;
             add_header X-Frame-Options "SAMEORIGIN";
             add_header X-XSS-Protection "1; mode=block";
             add_header X-Robots-Tag none;
             add_header X-Download-Options noopen;
             add_header X-Permitted-Cross-Domain-Policies none;
-            # Optional: Don't log access to assets
             access_log off;
         }
 
@@ -179,6 +178,18 @@ server {
 }
 ```
 
+**Nginx-Dateilimits für Upoads anheben**
+
+```xml
+sudo nano /etc/nginx/nginx.conf
+```
+
+-> Dort im "http"-Abschnitt einfügen (oder verändern, wenn bereits vorhanden)
+
+```xml
+client_max_body_size 2048M;
+```
+
 **PHP-conf bearbeiten**  
 
 ```xml
@@ -208,16 +219,10 @@ sudo reboot
 sudo -s
 ```
 
-**Ordner erstellen**  
-
-```xml
-mkdir -p /var/www/nextcloud
-```
-
 **Verzeichnis wechseln**
 
 ```xml
-cd /var/www/
+cd /var/www
 ```
 
 **Nextcloud laden** 
@@ -328,13 +333,30 @@ exit
 
 
 ## Anpassungen
-**Cache konfigurieren**
+**Caches konfigurieren**
 
 ```xml
 sudo nano /var/www/nextcloud/config/config.php
 ```
 
--> Unten einfügen: 'memcache.local' => '\OC\Memcache\APC',
+-> Unten einfügen: 'memcache.local' => '\OC\Memcache\APCu',
+
+```xml
+sudo nano /etc/php5/mods-available/opcache.ini
+```
+
+-> Dort hinzufügen:
+
+```xml
+opcache.enable=1
+opcache.enable_cli=1
+opcache.interned_strings_buffer=8
+opcache.max_accelerated_files=10000
+opcache.memory_consumption=128
+opcache.save_comments=1
+opcache.revalidate_freq=1
+zend_extension=opcache.so
+```
 
 **PHP-Path Variablen**