?i»?
Your IP : 3.141.201.106
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Warnings on admin page — Nextcloud 13 Administration Manual 13 documentation</title>
<link rel="stylesheet" href="../_static/" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="../_static/main.min.css" type="text/css" />
<link rel="stylesheet" href="../_static/styles.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
VERSION: '13',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<script type="text/javascript" src="../_static/js/jquery-1.11.0.min.js"></script>
<script type="text/javascript" src="../_static/js/jquery-fix.js"></script>
<script type="text/javascript" src="../_static/bootstrap-3.1.0/js/bootstrap.min.js"></script>
<script type="text/javascript" src="../_static/bootstrap-sphinx.js"></script>
<link rel="top" title="Nextcloud 13 Administration Manual 13 documentation" href="../contents.html" />
<link rel="up" title="Server configuration" href="index.html" />
<link rel="next" title="Using the occ command" href="occ_command.html" />
<link rel="prev" title="Server configuration" href="index.html" />
<meta charset='utf-8'>
<meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="theme-color" content="#1d2d44">
</head>
<body role="document">
<div class="wrap container not-front">
<div class="content row">
<main class="main">
<div class="row">
<div class="col-md-3">
<div class="sidebar">
<h1>Nextcloud 13 Administration Manual</h1>
<div class="sidebar-search">
<form class="headersearch" action="../search.html" method="get">
<input type="text" value="" name="q" id="q" class="form-control" />
<button class="btn btn-default" type="submit" id="searchsubmit">Search</button>
</form>
</div>
<div class="menu-support-container">
<ul id="menu-support" class="menu">
<ul>
<li><a href="../contents.html">Table of Contents</a></li>
</ul>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../index.html">Introduction</a></li>
<li class="toctree-l1"><a class="reference internal" href="../release_notes.html">Release notes</a></li>
<li class="toctree-l1"><a class="reference internal" href="../installation/index.html">Installation</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html">Server configuration</a><ul class="current">
<li class="toctree-l2 current"><a class="current reference internal" href="">Warnings on admin page</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#cache-warnings">Cache warnings</a></li>
<li class="toctree-l3"><a class="reference internal" href="#transactional-file-locking-is-disabled">Transactional file locking is disabled</a></li>
<li class="toctree-l3"><a class="reference internal" href="#you-are-accessing-this-site-via-http">You are accessing this site via HTTP</a></li>
<li class="toctree-l3"><a class="reference internal" href="#the-test-with-getenv-path-only-returns-an-empty-response">The test with getenv(“PATH”) only returns an empty response</a></li>
<li class="toctree-l3"><a class="reference internal" href="#the-strict-transport-security-http-header-is-not-configured">The “Strict-Transport-Security” HTTP header is not configured</a></li>
<li class="toctree-l3"><a class="reference internal" href="#dev-urandom-is-not-readable-by-php">/dev/urandom is not readable by PHP</a></li>
<li class="toctree-l3"><a class="reference internal" href="#your-web-server-is-not-yet-set-up-properly-to-allow-file-synchronization">Your Web server is not yet set up properly to allow file synchronization</a></li>
<li class="toctree-l3"><a class="reference internal" href="#outdated-nss-openssl-version">Outdated NSS / OpenSSL version</a></li>
<li class="toctree-l3"><a class="reference internal" href="#your-web-server-is-not-set-up-properly-to-resolve-well-known-caldav-or-well-known-carddav">Your Web server is not set up properly to resolve /.well-known/caldav/ or /.well-known/carddav/</a></li>
<li class="toctree-l3"><a class="reference internal" href="#some-files-have-not-passed-the-integrity-check">Some files have not passed the integrity check</a></li>
<li class="toctree-l3"><a class="reference internal" href="#your-database-does-not-run-with-read-commited-transaction-isolation-level">Your database does not run with “READ COMMITED” transaction isolation level</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="occ_command.html">Using the occ command</a></li>
<li class="toctree-l2"><a class="reference internal" href="activity_configuration.html">Configuring the activity app</a></li>
<li class="toctree-l2"><a class="reference internal" href="caching_configuration.html">Configuring memory caching</a></li>
<li class="toctree-l2"><a class="reference internal" href="background_jobs_configuration.html">Defining background jobs</a></li>
<li class="toctree-l2"><a class="reference internal" href="config_sample_php_parameters.html">Config.php Parameters</a></li>
<li class="toctree-l2"><a class="reference internal" href="email_configuration.html">Email configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="external_sites.html">Linking external sites</a></li>
<li class="toctree-l2"><a class="reference internal" href="language_configuration.html">Language configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="logging_configuration.html">Logging configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="harden_server.html">Hardening and security guidance</a></li>
<li class="toctree-l2"><a class="reference internal" href="reverse_proxy_configuration.html">Reverse proxy configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="thirdparty_php_configuration.html">Using third party PHP components</a></li>
<li class="toctree-l2"><a class="reference internal" href="automatic_configuration.html">Automatic configuration setup</a></li>
<li class="toctree-l2"><a class="reference internal" href="server_tuning.html">Server tuning</a></li>
<li class="toctree-l2"><a class="reference internal" href="theming.html">Theming</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_user/index.html">User management</a></li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_files/index.html">File sharing and management</a></li>
<li class="toctree-l1"><a class="reference internal" href="../file_workflows/index.html">File workflows</a></li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_database/index.html">Database configuration</a></li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_mimetypes/index.html">Mimetypes management</a></li>
<li class="toctree-l1"><a class="reference internal" href="../maintenance/index.html">Maintenance</a></li>
<li class="toctree-l1"><a class="reference internal" href="../issues/index.html">Issues and troubleshooting</a></li>
</ul>
</ul>
</div>
</div>
</div>
<div class="col-md-9">
<div class="page-content">
<ul class="prevnext-title list-unstyled list-inline">
<li class="prev">
<a href="index.html" title="Previous Chapter: Server configuration"><span class="glyphicon glyphicon-chevron-left visible-sm"></span><span class="hidden-sm">« Server configuration</span>
</a>
</li>
<li class="next">
<a href="occ_command.html" title="Next Chapter: Using the occ command"><span class="glyphicon glyphicon-chevron-right visible-sm"></span><span class="hidden-sm">Using the occ command »</span>
</a>
</li>
</ul>
<div class="section" id="warnings-on-admin-page">
<h1>Warnings on admin page<a class="headerlink" href="#warnings-on-admin-page" title="Permalink to this headline">ΒΆ</a></h1>
<p>Your Nextcloud server has a built-in configuration checker, and it reports its
findings at the top of your Admin page. These are some of the warnings you
might see, and what to do about them.</p>
<div class="figure">
<img alt="../_images/security-setup-warning-1.png" src="../_images/security-setup-warning-1.png" />
</div>
<p>You can use the <a class="reference external" href="https://scan.nextcloud.com">Nextcloud Security Scan</a> to see
if your system is up to date and well secured. We have ran this scan over public
IP addresses in the past to try and reach out to <a class="reference external" href="https://nextcloud.com/blog/nextcloud-releases-security-scanner-to-help-protect-private-clouds/">extremely outdated systems</a>
and might again in the future. Please, protect your privacy and keep your server
up to date! Privacy means little without security.</p>
<div class="section" id="cache-warnings">
<h2>Cache warnings<a class="headerlink" href="#cache-warnings" title="Permalink to this headline">ΒΆ</a></h2>
<p>“No memory cache has been configured. To enhance your performance please
configure a memcache if available.” Nextcloud supports multiple php caching
extensions:</p>
<ul class="simple">
<li>APCu (minimum required PHP extension version 4.0.6)</li>
<li>Memcached</li>
<li>Redis (minimum required PHP extension version: 2.2.6)</li>
</ul>
<p>You will see this warning if you have no caches installed and enabled, or if
your cache does not have the required minimum version installed; older versions
are disabled because of performance problems.</p>
<p>If you see “<em>{Cache}</em> below version <em>{Version}</em> is installed. for stability and
performance reasons we recommend to update to a newer <em>{Cache}</em> version” then
you need to upgrade, or, if you’re not using it, remove it.</p>
<p>You are not required to use any caches, but caches improve server performance.
See <a class="reference internal" href="caching_configuration.html"><em>Configuring memory caching</em></a>.</p>
</div>
<div class="section" id="transactional-file-locking-is-disabled">
<h2>Transactional file locking is disabled<a class="headerlink" href="#transactional-file-locking-is-disabled" title="Permalink to this headline">ΒΆ</a></h2>
<p>“Transactional file locking is disabled, this might lead to issues with race
conditions.”</p>
<p>Please see <a class="reference internal" href="../configuration_files/files_locking_transactional.html"><em>Transactional file locking</em></a> on how
to correctly configure your environment for transactional file locking.</p>
</div>
<div class="section" id="you-are-accessing-this-site-via-http">
<h2>You are accessing this site via HTTP<a class="headerlink" href="#you-are-accessing-this-site-via-http" title="Permalink to this headline">ΒΆ</a></h2>
<p>“You are accessing this site via HTTP. We strongly suggest you configure your
server to require using HTTPS instead.” Please take this warning seriously;
using HTTPS is a fundamental security measure. You must configure your Web
server to support it, and then there are some settings in the <strong>Security</strong>
section of your Nextcloud Admin page to enable. The following pages
describe how to enable HTTPS on the Apache and Nginx Web servers.</p>
<p><a class="reference internal" href="../installation/source_installation.html#enabling-ssl-label"><span>Enabling SSL</span></a> (on Apache)</p>
<p><a class="reference internal" href="harden_server.html#use-https-label"><span>Use HTTPS</span></a></p>
<p><a class="reference internal" href="../installation/nginx.html"><em>Nginx configuration</em></a></p>
</div>
<div class="section" id="the-test-with-getenv-path-only-returns-an-empty-response">
<h2>The test with getenv(“PATH”) only returns an empty response<a class="headerlink" href="#the-test-with-getenv-path-only-returns-an-empty-response" title="Permalink to this headline">ΒΆ</a></h2>
<p>Some environments are not passing a valid PATH variable to Nextcloud. The
<a class="reference internal" href="../installation/source_installation.html#php-fpm-tips-label"><span>php-fpm configuration notes</span></a> provides the information about how to configure your
environment.</p>
</div>
<div class="section" id="the-strict-transport-security-http-header-is-not-configured">
<h2>The “Strict-Transport-Security” HTTP header is not configured<a class="headerlink" href="#the-strict-transport-security-http-header-is-not-configured" title="Permalink to this headline">ΒΆ</a></h2>
<p>“The “Strict-Transport-Security” HTTP header is not configured to least “15552000” seconds.
For enhanced security we recommend enabling HSTS as described in our security tips.”</p>
<p>The HSTS header needs to be configured within your Web server by following the
<a class="reference internal" href="harden_server.html#enable-hsts-label"><span>Enable HTTP Strict Transport Security</span></a> documentation</p>
</div>
<div class="section" id="dev-urandom-is-not-readable-by-php">
<h2>/dev/urandom is not readable by PHP<a class="headerlink" href="#dev-urandom-is-not-readable-by-php" title="Permalink to this headline">ΒΆ</a></h2>
<p>“/dev/urandom is not readable by PHP which is highly discouraged for security reasons.
Further information can be found in our documentation.”</p>
<p>This message is another one which needs to be taken seriously. Please have a look
at the <a class="reference internal" href="harden_server.html#dev-urandom-label"><span>Give PHP read access to /dev/urandom</span></a> documentation.</p>
</div>
<div class="section" id="your-web-server-is-not-yet-set-up-properly-to-allow-file-synchronization">
<h2>Your Web server is not yet set up properly to allow file synchronization<a class="headerlink" href="#your-web-server-is-not-yet-set-up-properly-to-allow-file-synchronization" title="Permalink to this headline">ΒΆ</a></h2>
<p>“Your web server is not yet set up properly to allow file synchronization because
the WebDAV interface seems to be broken.”</p>
<p>At the ownCloud community forums a larger <a class="reference external" href="https://forum.owncloud.org/viewtopic.php?f=17&t=7536">FAQ</a>
is maintained containing various information and debugging hints.</p>
</div>
<div class="section" id="outdated-nss-openssl-version">
<h2>Outdated NSS / OpenSSL version<a class="headerlink" href="#outdated-nss-openssl-version" title="Permalink to this headline">ΒΆ</a></h2>
<p>“cURL is using an outdated OpenSSL version (OpenSSL/$version). Please update your
operating system or features such as installing and updating apps via the app store
or Federated Cloud Sharing will not work reliably.”</p>
<p>“cURL is using an outdated NSS version (NSS/$version). Please update your operating
system or features such as installing and updating apps via the app store or Federated
Cloud Sharing will not work reliably.”</p>
<p>There are known bugs in older OpenSSL and NSS versions leading to misbehavior in
combination with remote hosts using SNI. A technology used by most of the HTTPS
websites. To ensure that Nextcloud will work properly you need to update OpenSSL
to at least 1.0.2b or 1.0.1d. For NSS the patch version depends on your distribution
and an heuristic is running the test which actually reproduces the bug. There
are distributions such as RHEL/CentOS which have this backport still <a class="reference external" href="https://bugzilla.redhat.com/show_bug.cgi?id=1241172">pending</a>.</p>
</div>
<div class="section" id="your-web-server-is-not-set-up-properly-to-resolve-well-known-caldav-or-well-known-carddav">
<h2>Your Web server is not set up properly to resolve /.well-known/caldav/ or /.well-known/carddav/<a class="headerlink" href="#your-web-server-is-not-set-up-properly-to-resolve-well-known-caldav-or-well-known-carddav" title="Permalink to this headline">ΒΆ</a></h2>
<p>Both URLs need to be correctly redirected to the DAV endpoint of Nextcloud. Please
refer to <a class="reference internal" href="../issues/general_troubleshooting.html#service-discovery-label"><span>Service discovery</span></a> for more info.</p>
</div>
<div class="section" id="some-files-have-not-passed-the-integrity-check">
<h2>Some files have not passed the integrity check<a class="headerlink" href="#some-files-have-not-passed-the-integrity-check" title="Permalink to this headline">ΒΆ</a></h2>
<p>Please refer to the <a class="reference internal" href="../issues/code_signing.html#code-signing-fix-warning-label"><span>Fixing invalid code integrity messages</span></a> documentation how to debug this issue.</p>
</div>
<div class="section" id="your-database-does-not-run-with-read-commited-transaction-isolation-level">
<h2>Your database does not run with “READ COMMITED” transaction isolation level<a class="headerlink" href="#your-database-does-not-run-with-read-commited-transaction-isolation-level" title="Permalink to this headline">ΒΆ</a></h2>
<p>“Your database does not run with “READ COMMITED” transaction isolation level.
This can cause problems when multiple actions are executed in parallel.”</p>
<p>Please refer to <a class="reference internal" href="../configuration_database/linux_database_configuration.html#db-transaction-label"><span>Database “READ COMMITTED” transaction isolation level</span></a> how to configure your database for this requirement.</p>
</div>
</div>
<ul class="prevnext-title list-unstyled list-inline">
<li class="prev">
<a href="index.html" title="Previous Chapter: Server configuration"><span class="glyphicon glyphicon-chevron-left visible-sm"></span><span class="hidden-sm">« Server configuration</span>
</a>
</li>
<li class="next">
<a href="occ_command.html" title="Next Chapter: Using the occ command"><span class="glyphicon glyphicon-chevron-right visible-sm"></span><span class="hidden-sm">Using the occ command »</span>
</a>
</li>
</ul>
</div>
</div>
</div>
</main>
</div>
</div>
</body>
</html>