宝塔面板部署NextCloud(14.0.3)逐一解决后台安全

方才把NextCloud更新到14.0.3,后台又出现了一堆警告,也是够烦的。


 

之前写过 宝塔面板安装NextCloud一一搞定后台safe及设置警告,这个是基于Nextcloud 13.x的,因而就再补充记载一下搞定如下的警告。

 

Use of the the built in php mailer is no longer supported. Please update your email server settings
您的网页服务器未准确设置以解析“/.well-known/caldav”
您的网页服务器未准确设置以解析“/.well-known/carddav”
The database is missing some indexes. Due to the fact that adding indexes on big tables could take some time they were not added automatically. By running “occ db:add-missing-indices” those missing indexes could be added manually while the instance keeps running. Once the indexes are added queries to those tables are usually much faster.
在数据表 “oc_share” 中没法找到索引 “parent_index” .
在数据表 “oc_filecache” 中没法找到索引 “fs_mtime” .
HTTP的请求头 “Referrer-Policy” 未设置为 “no-referrer”, “no-referrer-when-downgrade”, “strict-origin” or “strict-origin-when-cross-origin”. 这会导致信息泄露. 请查阅 W3C 提议


 

1.Use of the the built in php mailer is no longer supported. Please update your email server settings

粗心就是php自带的mail组件不再被nextcloud支持,需要使用smtp方法发送邮件。


 

实则就是让你设置1个smtp服务器信息,便于发送邮件,关于SMTP这里不再详述。

 

2.您的网页服务器未准确设置以解析“/.well-known/caldav”及您的网页服务器未准确设置以解析“/.well-known/carddav”

这两个警告能一齐搞定,出现该提示一般是由于这两个路径的伪静态设置有问题,导致没法一般访问。


 

搞定方式就是增加两行重定向配置


 

rewrite /.well-known/carddav /remote.php/dav permanent;

rewrite /.well-known/caldav /remote.php/dav permanent;



 

3.The database is missing some indexes. Due to the fact that adding indexes on big tables could take some time they were not added automatically. By running “occ db:add-missing-indices” those missing indexes could be added manually while the instance keeps running. Once the indexes are added queries to those tables are usually much faster.

在数据表”oc_share” 中没法找到索引”parent_index”
在数据表”oc_filecache” 中没法找到索引”fs_mtime”


 

粗心是说,数据库的一些索引丧失了,需要使用OCC修复一下。OCC是owncloud的command行,而nextcloud又是基于owncloud开拓的,因而需要用到OCC来修复丧失的数据库索引。


 

修复command为:


 

php occ db:add-missing-indices

 

SSH进入服务器nextcloud的根目录,并执行修复command

 

出现如下错误


 

Console has to be executed with the user that owns the file config/config.php
Current user: root
Owner of config.php: www
Try adding ‘sudo -u www ‘ to the beginning of the command (without the single quotes)


 

好吧,需要使用www使用者权限来修正,再次执行


 

sudo -u www php occ db:add-missing-indices



 

修复成功!


 

4.HTTP的请求头 “Referrer-Policy” 未设置为 “no-referrer”, “no-referrer-when-downgrade”, “strict-origin” or “strict-origin-when-cross-origin”. 这会导致信息泄露

粗心是,需要设置1个Referrer-Policy请求头来提升safe性。Nginx配置文件里增加:


 

add_header Referrer-Policy "no-referrer";



 

======================================================


 

至此,Nextcloudupgrade到14.0.3后出现的一些新的警告提示已全部覆灭彻底

 

 

 

 

原文链接:https://host.fubi.hk/foreshadowinghost/zhishiku/20181025/8383.html

你可能感兴趣的:(宝塔面板部署NextCloud(14.0.3)逐一解决后台安全)