Nextcloud logging reveals some errors, federation sharing only works 50%

Hey guys, I recently setup my own Nextcloud after I saw the great De-Google video from @wendell (Huge thanks!) on YT. So far everything works really good and I copied over everything from Dropbox etc. but I noticed some errors in the logs that Nextcloud provides which are:

file_get_contents(/proc/meminfo): failed to open stream: Operation not permitted at

file_get_contents(): open_basedir restriction in effect. File(/proc/meminfo) is not within the allowed path(s):

Should I add /proc/meminfo to my open_basedir as well because it didn't appear as a warning on the server settings page like /dev/urandom.

I also get the warning that I should activate HSTS on my server and I read about this in the docs from Nextcloud but I am still not sure where I can activate this. Is there a more detailed description for it?

Then I also added another friends cloud to my federation servers and he did the same with mine but so far the yellow light only indicates that they connected but shouldn't it be green instead? How can I make the server trying to exchange user lists with the other cloud server?

Thank you very much for your patience and help.

HSTS is HTTP Strict Transport Security, it essentially forces the site to only use HTTPS. You have to enable it in your web servers configuration files with your supplied SSL certificates, I use letsencrypt for my certificates and this page to set my SSL configuration: https://mozilla.github.io/server-side-tls/ssl-config-generator/. It lets you set the level of security you want (more security means older browsers/devices can't access your site) and I test it with SSL Labs.

1 Like

I am using Letsencrypt too but probably in a more easier way since I am running a server with Plesk on it. Where do I have to put the outcome of this SSL generator? I am still learning, thank you for your patience and help.

What web server are you using?

1 Like

It's a vserver running Ubuntu 14.04 with Plesk.^

//edit

SSL Labs gave my site an "A-". That sounds pretty good to me, they only had this complaint "he server does not support Forward Secrecy with the reference browsers."

A- is good, Does Plesk use a web ui or can you ssh into the server? Also does SSL Labs complain about not having HSTS (or does it say its enabled).

1 Like

Plesk is the web ui for the server but I can also use ssh. Due to limited knowlegde I only use it to update the server, create users or move, copy files and other simple stuff.

The only part where I could find something about HSTS on SSL Labs was this "HSTS Preloading Not in: Chrome Edge Firefox IE "

From the looks of it Plesk uses Apache and adding HSTS is one line in the Apache configuration file for the site.

Does it say anything above "HSTS Preloading Not in: Chrome Edge Firefox IE "? Mine says:

Strict Transport Security (HSTS) Yes
max-age=15768000

above HSTS Preloading Not in: Chrome Edge Firefox IE

1 Like

Oh, well it does. Didn't notice that one. It says "Strict Transport Security (HSTS) No"

You can add support for it the apache config file for the site (it should be in /etc/apache2/sites-enabled) by putting:

Header always set Strict-Transport-Security "max-age=15768000"

Below the SSL Certificates config. Also if you want to enable Forward Secrecy you have to make changes to the SSLCipherSuite config.

1 Like

I only have one file there called 000-default.conf

Would it be recommended to create a new file for the cloud?

I have separate files for each site but my assumption is that the nextcloud site will be inside the 000-default.conf file, you can also add multiple sites to a single file if you want and its fine so whatever works for you.

1 Like

It works! Thank you so much Michael! I am so happy right now!

Now I only have to find out why users are not synced across federation servers

1 Like

Happy I could help with it. I'm unfamiliar with federation sharing as I've never used it but hopefully somebody else can help with that.

1 Like