firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity

Reorg: Move nextcloud hardening to docs/deployment/

Browse Source
This commit is contained in:
mkrause612
2026-02-12 00:59:36 -06:00
parent 163e22431d
commit c8de0beb5e
1 changed files with 0 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
docs/nextcloud-hardening.md
View File

@@ -1,102 +0,0 @@
# NextCloud Hardening & Optimization
**Service:** NextCloud Hub 25 (32.0.5)
**Location:** Ghost VPS (64.50.188.14)
**Domain:** downloads.firefrostgaming.com
**Date:** February 11, 2026
**Performed By:** Michael + Claude
---
## Pre-Existing State
NextCloud was previously installed on Ghost VPS with full nginx config and SSL certificate. Discovery occurred during planned deployment — the installation survived a documentation loss from a crash a few days prior. 15 security/performance warnings were present in the admin panel.
---
## Changes Applied
### Round 1: PHP & Nginx Fixes
| Fix | Before | After |
| :---- | :---- | :---- |
| PHP memory_limit | 128M | 512M |
| OPcache interned_strings_buffer | 8 (commented out) | 16 (enabled) |
| .mjs MIME type | Missing | Added to /etc/nginx/mime.types |
| X-Robots-Tag header | Missing | noindex,nofollow |
| X-Permitted-Cross-Domain-Policies | Missing | none |
| Strict-Transport-Security (HSTS) | Missing | max-age=15552000; includeSubDomains |
| OCS provider location block | Missing | Added (cosmetic warning persists — Hub 25 known issue) |
| Database missing indices | fs_storage_path_prefix, properties_name_path_user | Added via occ db:add-missing-indices |
| Mimetype migrations | Pending | Completed via occ maintenance:repair --include-expensive |
| Maintenance window | Not set | 7 UTC (1 AM CST) |
| PHP clear_env | Commented out (;clear_env = no) | Enabled (clear_env = no) |
### Round 2: Redis & Memcache
| Fix | Before | After |
| :---- | :---- | :---- |
| Redis server | Not installed | redis-server 5:7.0.15 installed |
| PHP Redis extension | Not installed | php8.3-redis 5.3.7 installed |
| memcache.local | Not configured | \OC\Memcache\Redis |
| memcache.locking | Not configured (database locking) | \OC\Memcache\Redis |
| Redis connection | N/A | localhost:6379 |
### Round 3: Cleanup
| Fix | Before | After |
| :---- | :---- | :---- |
| AppAPI app | Enabled (warning about missing deploy daemon) | Disabled via occ app:disable |
| Imagick SVG | Missing | libmagickcore-6.q16-7-extra installed |
| Log warnings | 3 old warnings from Feb 4 | Log truncated, level set to Warning (2) |
---
## Files Modified
- `/etc/php/8.3/fpm/php.ini` — memory_limit, opcache.interned_strings_buffer
- `/etc/php/8.3/fpm/pool.d/www.conf` — clear_env
- `/etc/nginx/mime.types` — added .mjs
- `/etc/nginx/sites-enabled/downloads.firefrostgaming.com` — headers, OCS provider block
- `/var/www/nextcloud/config/config.php` — Redis memcache config
---
## Packages Installed
- redis-server (5:7.0.15)
- php8.3-redis (5.3.7)
- php8.3-igbinary (3.2.13)
- libmagickcore-6.q16-7-extra (8:6.9.12.98)
---
## Services Restarted
- php8.3-fpm (multiple times during config changes)
- nginx (reload after header/MIME changes)
---
## Remaining Warnings (Intentional)
| Warning | Reason for Skipping |
| :---- | :---- |
| OCS provider resolving | Known Hub 25 cosmetic bug — request reaches PHP correctly (verified via curl), NextCloud returns 404 internally |
| Email test | Deferred — requires Plesk migration discussion for proper email infrastructure |
---
## Result
- **Before:** 15 warnings (including "errors regarding your setup")
- **After:** 2 warnings (both intentional skips, downgraded to "warnings regarding your setup")
- **NextCloud status:** Healthy, cached with Redis, optimized for performance
---
## Revision History
| Version | Date | Changes |
| :---- | :---- | :---- |
| 1.0 | 2026-02-11 | Initial hardening documentation |