您的安装没有设置默认的电话区域。这对验证配置设定中没有国家代码的电话号码而言是必需的。要允许没有国家代码的电话号码,请添加带区域相应的 ISO 3166-1 code ↗ 的“默认_电话_区域”到你的配置文件中。
在网站配置文件中添加如下代码后保存即可
'default_phone_region' => 'CN',
您的网页服务器未正确设置以解析“/.well-known/webfinger”。更多信息请参见文档。
在网站 Nginx 配置中添加下述代码即可解决:
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
Nextcloud官方Nginx伪静态,直接添加到Nginx配置文件里(参考官方)
# 以下为伪静态配置(重要!!!)
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
# 以下两行很重要
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass unix:/tmp/php-cgi-74.sock; #此处为自己运行的PHP版本所生成的网络通信文件
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
伪静态的一些额外参数
# 开启隐藏.php后缀
fastcgi_param front_controller_active true; 作者:极客电玩 https://www.bilibili.com/read/cv12416305 出处:bilibili
此处需自行判断此处在宝塔面板下配置
使用的是PHP8.0 则👇:
fastcgi_pass unix:/tmp/php-cgi-80.sock;
PHP7.4 则👇:
fastcgi_pass unix:/tmp/php-cgi-74.sock;
若未使用宝塔面板的则需自行查找php.sock文件一般在
/var/run/php/php7.4-fpm.sock;
Nginx配置文件还需添加下述内容,包含了Gzip的启用等参数
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \.(?:css|js|svg|gif|png|jpg|ico)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
Nextcloud提示目录安全问题。在Nginx配置文件中修改、添加以下代码
#禁止访问的文件或目录
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console|\.user.ini|\.htaccess|\.git|\.svn|\.project|data|LICENSE|README.md)
{
return 404;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
针对问题
our data directory and files are probably accessible from the Internet. The .htaccess file is not working. It is strongly recommended that you configure your web server so that the data directory is no longer accessible, or move the data directory outside the web server document root.
上述解决的方法是添加location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
还有一种方法是替换上面那行插入下述内容
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
PHP 的设置似乎有问题, 无法获取系统环境变量. 使用 getenv(\”PATH\”) 测试时仅返回空结果.
在PHP-FPM配置文件:最后加上一句:
env[PATH] = /usr/local/bin:/usr/bin:/bin:/usr/local/php/bin
The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips.
解决方法还是修改nextcloud绑定的网站配置文件,添加一行header信息
add_header Strict-Transport-Security "max-age=63072000;";
HTTP的请求头 “Referrer-Policy” 未设置为 “no-referrer”, “no-referrer-when-downgrade”, “strict-origin” or “strict-origin-when-cross-origin”. 这会导致信息泄露
大意是,需要设置一个Referrer-Policy请求头来提高安全性。Nginx配置文件里添加:
add_header Referrer-Policy "no-referrer";
很久之前研究了官方文档,曾在某位博主下回复过一篇评论解决了一个我在谷歌百度等都没解决的问题
https://www.cnswiz.com/3376.html
老博客记录的内容
PHP要修改以下配置
FPM要添加此字段
env[PATH] = /usr/local/bin:/usr/bin:/bin:/usr/local/php/bin
; max_input_vars = 1000
这个要去掉;注释,并将“1000”改为“2000”
禁用函数添加
get_magic_quotes_gpc
输入、超时时间3600以上,文件大小512mb以上