Apache makes it easy to whitelist IP access to certain locations of your website and deny traffic to all other IP addresses. To use occ see Installing from Command Line.
Apache installed under Ubuntu comes already set-up with a simple self-signed certificate. Apache will also close the connection if the client takes more than 20 seconds to send its request body, but will allow the request to continue as long as the client sends more than bytes per second.You should specify one in the server configuration, as well as in the CommonName field of the certificate. Open a terminal and run: a2enmod ssl a2ensite default-ssl service apache2 reload Note Self-signed certificates have their drawbacks - especially when you plan to make your Nextcloud server publicly accessible. Be sure to remember your password as you will need it during Nextcloud database setup. A Slowloris attack is a form of DoS Denial of Service attack in which the Apache server is forced to wait on requests from malicious clients taking a long time to send traffic, thus forcing legitimate requests to time out or be ignored entirely. You might want to consider getting a certificate signed by a commercial signing authority. You will need to restart php5-fpm and your HTTP server in order for these changes to be applied. When you are using shared hosting or a control panel to manage your Nextcloud VM or server, the configuration files are almost certain to be located somewhere else, for security and flexibility reasons, so check your documentation for the correct locations. This article assumes you've installed and configured Apache on a Debian or Ubuntu instance: How to Configure Apache on DreamCompute Running Debian or Ubuntu Keep Apache updated Apache has a good security track record, and security bugs are seldom found within the web server itself. To use occ see Installing from Command Line. If you are planning on running additional apps, keep in mind that they might require additional packages. View the following article for more information:. RequestReadTimeout configurations can be complex, so it's recommended you review more information about this directive at the module documentation page. Example Installation on Ubuntu Then you can set in the config. Run as an unprivileged user In security, the principle of least privilege states that an entity should be given no more permission than necessary to accomplish its goals within a given system.
Please keep in mind that it is possible to create different settings for php-cli and php-fpm, and for different domains and Web sites. This module provides a directive that allows Apache to close the connection if it senses that the client is not sending data quickly enough.
You will need to restart php5-fpm and your HTTP server in order for these changes to be applied. You should specify one in the server configuration, as well as in the CommonName field of the certificate.
To use the graphical Installation Wizard see Installation Wizard. Preventing DoS attacks The default model in which Apache processes requests called prefork modeis subject to an attack known as a Slowloris attack.
If you are planning on running additional apps, keep in mind that they might require additional packages. Run the appropriate unpacking command for your archive type: tar -xjf nextcloud-x.
You might want to consider getting a certificate signed by a commercial signing authority. In the context of your web server, this means locking down Apache to run only with the permissions necessary to run.
Restrict Access by Password Access to certain locations can also be set via password-based credentials, using the htpasswd How do I password protect my site?