NextCloud Hardening & Optimization
Service: NextCloud Hub 25 (32.0.5)
Location: Ghost VPS (64.50.188.14)
Domain: downloads.firefrostgaming.com
Date: February 11, 2026
Performed By: Michael + Claude
Pre-Existing State
NextCloud was previously installed on Ghost VPS with full nginx config and SSL certificate. Discovery occurred during planned deployment — the installation survived a documentation loss from a crash a few days prior. 15 security/performance warnings were present in the admin panel.
Changes Applied
Round 1: PHP & Nginx Fixes
| Fix |
Before |
After |
| PHP memory_limit |
128M |
512M |
| OPcache interned_strings_buffer |
8 (commented out) |
16 (enabled) |
| .mjs MIME type |
Missing |
Added to /etc/nginx/mime.types |
| X-Robots-Tag header |
Missing |
noindex,nofollow |
| X-Permitted-Cross-Domain-Policies |
Missing |
none |
| Strict-Transport-Security (HSTS) |
Missing |
max-age=15552000; includeSubDomains |
| OCS provider location block |
Missing |
Added (cosmetic warning persists — Hub 25 known issue) |
| Database missing indices |
fs_storage_path_prefix, properties_name_path_user |
Added via occ db:add-missing-indices |
| Mimetype migrations |
Pending |
Completed via occ maintenance:repair --include-expensive |
| Maintenance window |
Not set |
7 UTC (1 AM CST) |
| PHP clear_env |
Commented out (;clear_env = no) |
Enabled (clear_env = no) |
Round 2: Redis & Memcache
| Fix |
Before |
After |
| Redis server |
Not installed |
redis-server 5:7.0.15 installed |
| PHP Redis extension |
Not installed |
php8.3-redis 5.3.7 installed |
| memcache.local |
Not configured |
\OC\Memcache\Redis |
| memcache.locking |
Not configured (database locking) |
\OC\Memcache\Redis |
| Redis connection |
N/A |
localhost:6379 |
Round 3: Cleanup
| Fix |
Before |
After |
| AppAPI app |
Enabled (warning about missing deploy daemon) |
Disabled via occ app:disable |
| Imagick SVG |
Missing |
libmagickcore-6.q16-7-extra installed |
| Log warnings |
3 old warnings from Feb 4 |
Log truncated, level set to Warning (2) |
Files Modified
/etc/php/8.3/fpm/php.ini — memory_limit, opcache.interned_strings_buffer/etc/php/8.3/fpm/pool.d/www.conf — clear_env/etc/nginx/mime.types — added .mjs/etc/nginx/sites-enabled/downloads.firefrostgaming.com — headers, OCS provider block/var/www/nextcloud/config/config.php — Redis memcache config
Packages Installed
- redis-server (5:7.0.15)
- php8.3-redis (5.3.7)
- php8.3-igbinary (3.2.13)
- libmagickcore-6.q16-7-extra (8:6.9.12.98)
Services Restarted
- php8.3-fpm (multiple times during config changes)
- nginx (reload after header/MIME changes)
Remaining Warnings (Intentional)
| Warning |
Reason for Skipping |
| OCS provider resolving |
Known Hub 25 cosmetic bug — request reaches PHP correctly (verified via curl), NextCloud returns 404 internally |
| Email test |
Deferred — requires Plesk migration discussion for proper email infrastructure |
Result
- Before: 15 warnings (including "errors regarding your setup")
- After: 2 warnings (both intentional skips, downgraded to "warnings regarding your setup")
- NextCloud status: Healthy, cached with Redis, optimized for performance
Revision History
| Version |
Date |
Changes |
| 1.0 |
2026-02-11 |
Initial hardening documentation |
