Outside of the installation script, you'll likely want to employee several, if not all, of the additional configuration parameters.
By default, the /var/www/html/nextcloud/config/config.php file contents look something like this:
<?php
$CONFIG = array (
'instanceid' => '*************',
'passwordsalt' => '******************************',
'secret' => '*******************************',
'trusted_domains' =>
array (
0 => '',
),
'datadirectory' => '/mnt/storage1/nc-data',
'dbtype' => 'mysql',
'version' => '22.1.1.2',
'overwrite.cli.url' => '',
'dbname' => 'nextcloud',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloud',
'dbpassword' => '************************',
'installed' => true,
'mail_domain' => 'example.com',
'mail_smtpmode' => 'smtp',
'mail_sendmailmode' => 'smtp',
'mail_from_address' => 'nextcloud',
'mail_smtpauthtype' => 'LOGIN',
'mail_smtpauth' => 1,
'mail_smtphost' => 'server.smtp.com',
'mail_smtpsecure' => 'tls',
'mail_smtpname' => 'username@example.com',
'mail_smtppassword' => '************************',
'mail_smtpport' => '587',
);I made the following modifications and additions:
I have a public facing FQDN and an internal FQDN, so I listed both of them here.
'trusted_domains' =>
array (
0 => 'nextcloud.int.example.com',
1 => 'nextcloud.example.com',
),I run NextCloud behind a proxy.
'trusted_proxies' =>
array (
0 => '10.1.0.34',
),
'overwritehost' => 'nextcloud.example.com',
'overwriteprotocol' => 'https',
'overwritewebroot' => '/',
'overwritecondaddr' => '^10.1.0.34$','default_phone_region' => 'US','redis' =>
array (
'host' => 'localhost',
'port' => 6379,
'timeout' => 0.0,
'read_timeout' => 0.0,
),
'memcache.local' => '\OC\Memcache\APCu',
'memcache.locking' => '\OC\Memcache\Redis',Set the following config in /etc/php/<version>/cli/php.ini
apc.enable_cli=1Use cron to run daily background jobs. Make sure to select ‘Cron’ in Administration settings → Basic settings
Use sudo to run the cron.php file as the www-data user
*/5 * * * * /bin/sudo -u www-data php -f /var/www/html/nextcloud/cron.phpIf you check the ‘Overview’ section in the NextCloud Settings, you may see several warnings that look like this:
Your web server is not properly set up to resolve "/.well-known/…
I used the following NGINX config on my reverse proxy
location /.well-known/carddav {return 301 $scheme://$host/remote.php/dav;}
location /.well-known/caldav {return 301 $scheme://$host/remote.php/dav;}
location /.well-known/webfinger {return 301 $scheme://$host/index.php/.well-known/webfinger;}
location /.well-known/nodeinfo {return 301 $scheme://$host/index.php/.well-known/nodeinfo;}HTTP Strict Transport Security
While redirecting all traffic to HTTPS is good, it may not completely prevent man-in-the-middle attacks. Thus administrators are encouraged to set the HTTP Strict Transport Security header, which instructs browsers to not allow any connection to the Nextcloud instance using HTTP, and it attempts to prevent site visitors from bypassing invalid certificate warnings.
I added this config to my Apache config. If you're using a reverse proxy, make sure to add it there too (see below).
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>