OwnCloud 8.1 Security & Setup warnings

In the Admin console, you might see Security and Setup Warnings after upgrading to OwnCloud 8.1. Here is how I removed the two I saw.

Strict-Transport-Securty HTTP Header

The “Strict-Transport-Security” HTTP header is not configured to least “15768000” seconds. For enhanced security we recommend enabling HSTS as described in our security tips.

The instructions provided in their Harden Security Documentation is good but here is a little more.

Add the following snippet of code to the file /etc/apache2/sites-available/owncloud-ssl.conf within this bracket <VirtualHost your.domain:443>

  • Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

Restart your apache2 server. If you get a parsing error, you need to enable Headers. Run the following in a command line:

  • a2enmod headers

 Memory Cache #1

No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our documentation.

According to the documentation, you need to install APCu and enable it. Funny thing is that getting the correct version of APCu was confusing. You need to uninstall the old version and then install the newer version. Follow the instruction on this github issue. As of now, you should use the 4.0.6 version of APCu.

Following the OwnCloud documentation now, add to /var/www/owncloud/config/config.php the follow option:

  • 'memcache.local' => '\OC\Memcache\APCu',

Restart apache2 and you are good to go with no more warnings!

Memory Cache #2

APCu below version 4.0.6 is installed, for stability and performance reasons we recommend to update to a newer APCu version.

This means you need to follow the instructions in Memory Cache #1. Uninstall the older version of APCu and install version 4.0.6 or newer.


This entry was posted in How-To, Nextcloud/OwnCloud and tagged , , , , , , . Bookmark the permalink.

6 Responses to OwnCloud 8.1 Security & Setup warnings

  1. Paul says:

    Very helpful! I’m tackling installing ownCloud on a KVM VPS and your post helped a lot.

  2. Martin says:

    Thanks man. this is VERY clear

  3. Pingback: OwnCloud Upgrade to 8.1.4 | Man and Keyboard

  4. Ronald Moody says:

    The file you state to edit does not exist. /etc/apache2/sites-available/owncloud-ssl.conf

    • briangoodacre says:

      Are you using an Apache server? Are you using SSL? You can create owncloud-ssl.conf and then enable it using a2enmod.

  5. Miguel says:

    Great info thank you!!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s