search

danb35 / freenas-iocage-nextcloud

Script to create an iocage jail on FreeNAS for the latest Nextcloud 28 release, including Caddy, MariaDB or PostgreSQL, and Let's Encrypt
GNU General Public License v3.0
252 stars 71 forks source link

Caddyfile tweaks #129

Closed basilhendroff closed 3 years ago

basilhendroff commented 3 years ago
  1. max-age updated for the Nextcloud security warning to disappear.
  2. The php_fastcgi env switch did not get any endorsement in https://caddy.community/t/help-to-migrate-caddyfile-v1-to-v2-for-nextcloud/7647/30. It did not form part of the base solution. I tested Caddyfile without it and did not detect any visible difference. You may wish to consider removing it.
danb35 commented 3 years ago

max-age updated for the Nextcloud security warning to disappear.

The warning will disappear if you uncomment the line that's already in the Caddyfile. I have it commented out by default because it can lock you out of your installation if cert installation/renewal isn't working properly. I recommend in the README not uncommenting it until you have a trusted cert that's been through at least one renew cycle.

As to the length of time, longer is generally seen as better, within reason. Nextcloud wants to see a time of at least 6 months; the Caddyfile specifies one year (in seconds). Some (including the Mozilla SSL generator) recommend longer yet (Mozilla recommends 2 years).

php_fastcgi env switch

I'll need to try without it--the report in that thread stated it was needed for "pretty URLs" (i.e., without index.php in every URL).

basilhendroff commented 3 years ago

Thanks for the clarification.

danb35 commented 3 years ago

OK, tested. WIthout that directive in the Caddyfile, URLs look like https://cloud.domain/index.php/apps/files/. With that directive in place, the index.php/ isn't there. Fairly subtle difference, to be sure, but I prefer it with the shorter URLs.