Bitnesia
How to Fix Nextcloud Security & Setup Warnings

How to Fix Nextcloud Security & Setup Warnings

Bitnesia Infrastructure Apr 11, 2026 226 ID

Refining the configuration via the Administration settings → Overview menu is a mandatory step after completing the Nextcloud installation with Nginx on Ubuntu 24.04. While the previous article covered the basic installation process, resolving security & setup warnings is crucial to ensure the server runs securely and optimally. This guide will explain how to address each warning so your system achieves the highest security status.

Maintenance window start

This warning appears because Nextcloud does not know when your server experiences "low-traffic" periods. As a result, resource-intensive tasks such as trash file cleanup, thumbnail generation, or integrity checks might run during peak usage times, causing the server to feel slow. You need to define a maintenance window (typically early morning) so these tasks execute when the workload is low.

Open the Nextcloud configuration file:

sudo nano /var/www/nextcloud/config/config.php

Add the following line before the closing );:

'maintenance_window_start' => 1,
  • The value 1 means 01:00 AM (UTC).
  • If your server uses WIB (UTC+7) and you want maintenance to run at 02:00 AM local time, set it to 19 (because 19:00 UTC = 02:00 WIB).

Mimetype migrations available

This warning appears because Nextcloud wants to update its MIME types list (file format recognition) to handle new file types more effectively (for example, modern video or image files to ensure proper icons/thumbnails are displayed).

Run the following command:

sudo -u www-data php /var/www/nextcloud/occ maintenance:repair --include-expensive

HTTP Headers 'HSTS'

This message appears because HSTS (HTTP Strict Transport Security) is not yet enabled. HSTS is critical for security as it forces browsers to communicate with Nextcloud exclusively via secure HTTPS connections, not standard HTTP.

Open the Nginx configuration file:

sudo nano /etc/nginx/sites-enabled/nextcloud.conf

Locate the server { ... } block handling SSL (port 443). Add the following line inside that block:

add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always;

Save the changes and run these commands:

# Check for syntax errors
sudo nginx -t

# If "syntax is ok" appears, restart nginx
sudo systemctl restart nginx

Database missing indices

This issue commonly occurs after updating the Nextcloud application, particularly the Mail app. Missing database indices cause email search and synchronization to become slow.

Run this command as the web server user:

sudo -u www-data php /var/www/nextcloud/occ db:add-missing-indices

PHP getenv

This warning typically appears due to PHP-FPM configuration restrictions that limit PHP's access to system environment variables for security reasons.

Open the PHP-FPM v8.3 pool configuration file:

sudo nano /etc/php/8.3/fpm/pool.d/www.conf

Find the line ;clear_env = no. Remove the semicolon (;) at the beginning so it becomes:

clear_env = no

Restart the PHP-FPM and NGINX services:

sudo systemctl restart php8.3-fpm
sudo systemctl restart nginx

Client Push

This warning appears because your Nextcloud instance is not using the Notify Push (Client Push) feature. Without this feature, desktop/mobile apps must continuously "poll" the server to check for file changes, which can strain server resources and drain your device's battery.

Open the Nextcloud dashboard:

  1. Open the Apps menu
  2. Search for Client Push
  3. Click Download and enable

Create the service file:

sudo nano /etc/systemd/system/notify_push.service

Insert the following configuration:

[Unit]
Description=Push daemon for Nextcloud

[Service]
Environment=PORT=7867
Environment=NEXTCLOUD_URL=https://nextcloud.example.com
ExecStart=/var/www/nextcloud/apps/notify_push/bin/x86_64/notify_push /var/www/nextcloud/config/config.php
User=www-data
Restart=always

[Install]
WantedBy=multi-user.target

Enable the service:

sudo systemctl daemon-reload
sudo systemctl enable --now notify_push
sudo systemctl status notify_push

Open the Nextcloud Nginx configuration file:

sudo nano /etc/nginx/sites-enabled/nextcloud.conf

Insert the following block inside the server { ... } block:

location ^~ /push/ {
  proxy_pass http://127.0.0.1:7867/;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Test and restart Nginx:

sudo nginx -t
sudo systemctl restart nginx
sudo systemctl status nginx

Open the Nextcloud configuration file:

sudo nano /var/www/nextcloud/config/config.php

Add the following configuration. Replace SERVER_IP with your server's IP address.

'trusted_proxies' => [
    '127.0.0.1',
    'SERVER_IP',
],

Run this command to inform Nextcloud that the push server is ready:

sudo -u www-data php /var/www/nextcloud/occ notify_push:setup https://nextcloud.example.com/push

Example output:

✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
✓ push server is a trusted proxy
✓ push server is running the same version as the app
  configuration saved

AppAPI deploy daemon

This message appears because Nextcloud now supports External Apps (Ex-Apps) that run outside the main server (using Docker). To install these types of applications, Nextcloud requires a "Deploy Daemon" (typically named AppAPI) to manage their containers.

If You Want to Use the External Apps Feature

Installing and configuring AppAPI:

  1. Open the Apps menu in Nextcloud.
  2. Search for and install the application named AppAPI.
  3. Open Administration settings -> AppAPI.
  4. Register a "Deploy Daemon". This usually involves connecting to the Docker Socket (e.g., unix:///var/run/docker.sock) so Nextcloud can run external application containers.

If You Do Not Need External Apps

If you only use standard Nextcloud applications and do not plan to run Docker-based external apps, you can disable or remove the AppAPI application to clear the warning.

  1. Open the Apps menu -> Active apps.
  2. Search for AppAPI.
  3. Click Disable.

Default phone region

This message appears because Nextcloud needs to know which country code to use by default when someone enters a phone number without a country code (like +62) in their profile.

Open the config.php file:

sudo nano /var/www/nextcloud/config/config.php

Add the following line within the configuration array. If you are in Indonesia, use the code 'ID':

'default_phone_region' => 'ID',

PHP Imagick module

This message appears because the PHP Imagick module is installed on your server but lacks additional libraries to read vector-based image files (SVG). This is important for Nextcloud to display previews or thumbnails for SVG files.

Run the following command:

sudo apt install libmagickcore-6.q16-6-extra -y

Conclusion

Aligning the configuration between Nginx, PHP-FPM, and the database is essential to ensure Nextcloud's security and stability. Technical steps such as fixing HSTS headers, installing PHP modules, and updating database indices via occ effectively eliminate performance bottlenecks. Implementing these settings creates a more responsive and secure system for all users.

Did this solve your problem? Consider leaving a tip to show your appreciation!

Say Thanks with a Tip
Tags: #cloudstorage #nextcloud #opensource #selfhosted

Share

Related Posts

Proxmox Virtual Environment Installation Guide

Proxmox Virtual Environment Installation Guide

May 30, 2026

How to Install Seafile CE Self-Hosted Cloud Storage

How to Install Seafile CE Self-Hosted Cloud Storage

May 12, 2026

What is LXD? A Lightweight and Efficient Server Virtualization Solution

What is LXD? A Lightweight and Efficient Server Virtualization Solution

May 2, 2026