OwnCloud 8.1 Security & Setup warnings

Posted on August 1, 2015 by Brian Agrawal Goodacre

In the Admin console, you might see Security and Setup Warnings after upgrading to OwnCloud 8.1. Here is how I removed the two I saw.

Strict-Transport-Securty HTTP Header

The “Strict-Transport-Security” HTTP header is not configured to least “15768000” seconds. For enhanced security we recommend enabling HSTS as described in our security tips.

The instructions provided in their Harden Security Documentation is good but here is a little more.

Add the following snippet of code to the file /etc/apache2/sites-available/owncloud-ssl.conf within this bracket <VirtualHost your.domain:443>

  • Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

Restart your apache2 server. If you get a parsing error, you need to enable Headers. Run the following in a command line:

  • a2enmod headers

 Memory Cache #1

No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our documentation.

According to the documentation, you need to install APCu and enable it. Funny thing is that getting the correct version of APCu was confusing. You need to uninstall the old version and then install the newer version. Follow the instruction on this github issue. As of now, you should use the 4.0.6 version of APCu.

Following the OwnCloud documentation now, add to /var/www/owncloud/config/config.php the follow option:

  • 'memcache.local' => '\OC\Memcache\APCu',

Restart apache2 and you are good to go with no more warnings!

Memory Cache #2

APCu below version 4.0.6 is installed, for stability and performance reasons we recommend to update to a newer APCu version.

This means you need to follow the instructions in Memory Cache #1. Uninstall the older version of APCu and install version 4.0.6 or newer.

Sources

This entry was posted in How-To, Nextcloud/OwnCloud and tagged , , , , , , . Bookmark the permalink.

6 Responses to OwnCloud 8.1 Security & Setup warnings

  1. Paul says:
    August 6, 2015 at 5:25 pm

    Very helpful! I’m tackling installing ownCloud on a KVM VPS and your post helped a lot.

    Reply
  2. Martin says:
    September 17, 2015 at 2:36 pm

    Thanks man. this is VERY clear

    Reply

  3. Pingback: OwnCloud Upgrade to 8.1.4 | Man and Keyboard

  4. Ronald Moody says:
    December 27, 2015 at 3:58 pm

    The file you state to edit does not exist. /etc/apache2/sites-available/owncloud-ssl.conf

    Reply
    • briangoodacre says:
      December 28, 2015 at 1:51 pm

      Are you using an Apache server? Are you using SSL? You can create owncloud-ssl.conf and then enable it using a2enmod.

      Reply
  5. Miguel says:
    March 14, 2016 at 1:04 pm

    Great info thank you!!!

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s