aboutsummaryrefslogtreecommitdiffstats
path: root/apps/settings/lib/SetupChecks
Commit message (Collapse)AuthorAgeFilesLines
* chore: apply new CSFixer rulesFerdinand Thiessen2025-07-013-6/+6
| | | | | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> # Conflicts: # apps/settings/lib/SetupChecks/PhpOpcacheSetup.php
* Merge pull request #53429 from nextcloud/enh/opcache-checksFerdinand Thiessen2025-07-011-14/+12
|\ | | | | feat(settings): simplify OPcache checks
| * feat(settings): simplify OPcache checksenh/opcache-checksMichaIng2025-06-251-14/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For the overall OPcache size check, we currently compare used memory with free memory. However, `opcache.memory_consumption` is split into `used_memory`, `free_memory` and `wasted_memory`. When cached files change on disk, old entries are not replaced or removed, but remain as wasted memory, until the cache is actually full, and if their percentage is above `opcache.max_wasted_percentage`, which is 5% by default. When this happens, the engine is restarted, resetting the cache completely, like a `opcache_reset()` call. As long as we do not consider wasted cache, recommendations based on free memory can be false. To solve this, we could count wasted memory as free memory, if it is above `opcache.max_wasted_percentage`, as the engine will be restarted as soon as needed, freeing up this wasted space. On the other hand, wasted memory below the threshold permanently blocks the OPcache, which supports counting it as used memory. Depending on the situation, instead of raising OPcache size, it could be also advised to reduce `opcache.max_wasted_percentage`. But too frequent cache resets break its purpose as well. In my opinion, the matter is too complex to consider wasted cache correctly, and do precise recommendations, but we should focus on reducing false positives instead. What we know for sure is: if the cache is full (`$status['cache_full'] === true`), and the limit for cached keys has not been reached, the OPcache was too small to maintain free space, with wasted memory below the configured threshold, where it consumes memory permanently. Recommending to raise the OPcache size in this case, is hence as accurate as it gets. Even if 5% wasted cache could be freed, 95% used memory is still above the previous threshold for the setup check warning. And if `opcache.max_wasted_percentage` is above 5%, then the admin must have decided to change the default, deciding that system memory consumption has lower priority than preventing OPcache engine restarts. `cache_full` can be true as well if the limit for cached keys has been reached, hence we need to merge both checks. In this case `num_cached_keys` equals `max_cached_keys` exactly, hence it is easy to differentiale whether `opcache.max_accelerated_files` or `opcache.memory_consumption` needs to be raised to address the `cache_full` state. In practice, this change relaxes the checks: the respective limit needs to be reached 100% instead of 90%, to trigger a warning, eliminating also false alarms if a large share of the cache is consumed by wasted memory, which would be automatically freed once cache is 100% full. Additionally, the recommendation for raising `opcache.max_accelerated_files` now says "a value higher than `max_cached_keys`", instead of "higher than `opcache.max_accelerated_files`". The actual limit, reflected by `max_cached_keys` from `opcache_get_status()`, [is a next higher value from a set of prime numbers](https://www.php.net/manual/en/opcache.configuration.php#ini.opcache.max-accelerated-files). E.g. if `opcache.max_accelerated_files` is set to 10,000 (PHP default), the effective limit is 16,229 OPcache keys. Recommending "higher than 10000" could hence lead to a settings change without effect. For an effective change, the new value needs to be "higher than 16229" instead, which is what the setup check will show in this situation, with this change applied. Signed-off-by: MichaIng <micha@dietpi.com>
* | Merge branch 'master' into remove-x-xss-protectionJoas Schilling2025-06-301-4/+1
|\ \
| * | fix(settings): use correct scope for translationsfix/settings-l10nFerdinand Thiessen2025-06-261-4/+1
| |/ | | | | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* / Fix: Remove X-XSS-Protection use, check and recommendationinvario2025-06-131-5/+0
|/ | | | | Co-authored-by: John Molakvoæ <skjnldsv@users.noreply.github.com> Signed-off-by: invario <67800603+invario@users.noreply.github.com>
* chore(18n): More natural english - fix plural typorakekniven-patch-2rakekniven2025-05-251-1/+1
| | | Signed-off-by: rakekniven <2069590+rakekniven@users.noreply.github.com>
* fix(l10n): Fix one more pluralJoas Schilling2025-05-231-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix: Correct translation method useMarcel Klehr2025-05-231-2/+2
| | | | Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* fix(SetupChecks): Update TaskProcessingPickupSpeedrakekniven2025-05-231-1/+1
| | | | Signed-off-by: rakekniven <2069590+rakekniven@users.noreply.github.com>
* chore(18n): More natural englishrakekniven2025-05-231-2/+2
| | | | | Reported at Transifex. Signed-off-by: rakekniven <2069590+rakekniven@users.noreply.github.com>
* feat(SetupChecks): Add check for TaskProcessing pickup speedfeat/setupcheck-task-pickup-speedMarcel Klehr2025-05-221-0/+63
| | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* fix(webauthn): do not require bcmath or gmp - not needed anymoreFerdinand Thiessen2025-03-191-3/+1
| | | | | | | | The extensions are not required anymore but only recommended for performance. See also: https://github.com/web-auth/webauthn-framework/issues/213 Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix: Change SQL query so that it is ansi safeJohan Bernhardsson2025-02-271-3/+3
| | | | Signed-off-by: Johan Bernhardsson <johan.bernhardsson@redpill-linpro.com>
* fix(l10n): Improve english source stringsJoas Schilling2025-02-262-2/+2
| | | | | | | - No leading/trailing whitespace - Use asci single quote Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(setupcheck): check logging level for validityfeat/setup-check-loggingFerdinand Thiessen2025-02-221-0/+55
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix(setupcheck): Update setup check for PHP version to be more accuratebugfix/noid/bump-php-dependency-update-versionsJoas Schilling2025-02-101-1/+12
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #50281 from ↵Andy Scherzinger2025-01-301-1/+3
|\ | | | | | | | | nextcloud/fix/fix-email-setupcheck-with-null-smtpmode fix(settings): Fix setup check when mail_smptmode is set to "null"
| * fix(settings): Fix setup check when mail_smptmode is set to "null"fix/fix-email-setupcheck-with-null-smtpmodeCôme Chilliet2025-01-201-1/+3
| | | | | | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* | fix(settings): Add some context to the PHP memory limit errorjtr-settings-memory-limit-detailsJosh2025-01-261-1/+1
| | | | | | Signed-off-by: Josh <josh.t.richards@gmail.com>
* | fix(SetupChecks): Pass webfinger if a handler is therefix-setupcheck-webfinger-400Josh2025-01-261-1/+1
|/ | | Signed-off-by: Josh <josh.t.richards@gmail.com>
* fix(setupchecks): Binary data can have problems with serializesetupChecksMoveFromBinaryGit'Fellow2025-01-091-2/+2
| | | | Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
* perf(settings): Speed up InternetConnectivity setup checkjtr-perf-checks-connectivity-https-protoJosh2025-01-071-10/+10
| | | | | Specify default protocol (https://) rather than let default handling test both http:// and https:// Signed-off-by: Josh <josh.t.richards@gmail.com>
* fix(setupcheck): Make the Memcache setupcheck use the cacheJoas Schilling2024-12-021-0/+37
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix(settings): psalm PhpMaxFileSize setup check warningbackport/49384/masterskjnldsv2024-11-191-6/+6
| | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* feat(settings): add big file upload setup checksfeat/php-setup-file-uploadskjnldsv2024-11-191-0/+80
| | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* feat: Update supported PostgreSQL versionsfeat/postgres-13-17Ferdinand Thiessen2024-11-131-2/+12
| | | | | | 12 is now EOL but 17 was released and should be supported and tested. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Merge pull request #48792 from nextcloud/chore/update_mysql_setup_check_i18nBenjamin Gaussorgues2024-11-051-4/+2
|\
| * chore(setupchecks): update translation for MySQL row format checkchore/update_mysql_setup_check_i18nBenjamin Gaussorgues2024-10-301-4/+2
| | | | | | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* | chore(i18n): Fix grammarrakekniven2024-11-031-1/+1
|/ | | | | Reported at Transifex Signed-off-by: rakekniven <2069590+rakekniven@users.noreply.github.com>
* Merge pull request #48547 from nextcloud/feat/row_format_checkBenjamin Gaussorgues2024-10-181-0/+72
|\
| * feat(setupchecks): add row format setup check for MySQL databasesfeat/row_format_checkBenjamin Gaussorgues2024-10-081-0/+72
| | | | | | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* | chore(apps): Apply new rector configuration to autouse classesCôme Chilliet2024-10-151-1/+2
|/ | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* chore(deps): Update nextcloud/coding-standard to v1.3.1provokateurin2024-09-198-17/+17
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* fix(setupChecks): Having transactional file locking disabled is not supportedfix-setupcheck-filelockingJosh Richards2024-09-191-3/+3
| | | | Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
* feat: Make `CheckServerResponseTrait` public and provide as ↵feat/make-setup-check-trait-publicFerdinand Thiessen2024-09-168-164/+12
| | | | | | | | | `OCP\SetupCheck\CheckServerResponseTrait` This trait is used by other apps for creating setup checks, so we should provide it instead apps using private API. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix(a11y): Add OTF font loading checkbugfix/noid/fix-otf-loadingJoas Schilling2024-09-161-6/+21
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* refactor(settings): `CheckServerResponseTrait` always expect absolute pathFerdinand Thiessen2024-09-133-32/+38
| | | | | | Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix(setup-checks): Ensure URL with webroot worksFerdinand Thiessen2024-09-133-25/+27
| | | | | | | | | | | We basically mock the way `URLGenerator::getAbsoluteURL` works, so we must make sure that the URL might already contain the webroot. Because `baseURL` and `cliURL` also contain the webroot we need to remove the webroot from the URL first. Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Daniel <mail@danielkesselberg.de> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix(setupchecks): Test overwrite.cli url first, then generated one, andCôme Chilliet2024-09-051-16/+30
| | | | | | trusted domains as last fallback. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: add option to remove the webroot for setup checks and don't check ↵Daniel Kesselberg2024-09-053-13/+38
| | | | | | | | | | trusted_domains. 1) The checks for well-known urls should always run against the root domain and therefore the option to remove the webroot. 2) For trusted domains, the available protocol is unknown, and thus some guesswork would be needed to make that work. I've decided for now to not consider them anymore to reduce false-positives. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* feat(settings): Add setup check for apcu cache expungeJulius Härtl2024-08-271-0/+70
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* style: update codestyle for coding-standard 1.2.3Daniel Kesselberg2024-08-255-10/+10
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* fix(SetupCheck): Properly check public access to data directoryFerdinand Thiessen2024-08-081-4/+12
| | | | | | | | | | | | | When checking for public (web) access to the data directory the status is not enough as you might have a webserver that forwards to e.g. a login page. So instead check that the content of the file matches. For this the `.ncdata` file (renamed from `.ocdata`¹) has minimal text content to allow checking. ¹The file was renamed from the legacy `.ocdata`, there is a repair step to remove the old one. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Merge pull request #46353 from nextcloud/skipOPcacheCLIGit'Fellow2024-08-011-0/+5
|\ | | | | fix(setupchecks): Skip checking for OPcache settings if running checks from CLI
| * fix: typoGit'Fellow2024-07-081-1/+1
| | | | | | Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
| * fix: check both CLI and valueGit'Fellow2024-07-081-1/+1
| | | | | | Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
| * fix(setupchecks): Skip checking for OPcache if running from CLIGit'Fellow2024-07-081-0/+5
| | | | | | Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
* | feat(security): Add public API to allow validating IP Ranges and checking ↵Joas Schilling2024-07-191-14/+11
| | | | | | | | | | | | | | for "in range" Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* | feat(security): restrict admin actions to IP rangesBenjamin Gaussorgues2024-07-191-0/+66
| | | | | | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-06 05:18:32 +0000