Ma procédure :

Etape 1 : Ajouter les bons packages :

$ apt-get update && apt-get install certbot python-certbot-apache

Etape 2 : Demande du certificat :

$ certbot --apache -w /var/www/html/nextcloud/ -d my.cyber-neurones.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for my.cyber-neurones.org
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/nextcloud-le-ssl.conf
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/nextcloud-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/nextcloud-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://my.cyber-neurones.org

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=my.cyber-neurones.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/my.cyber-neurones.org/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/my.cyber-neurones.org/privkey.pem
   Your cert will expire on 2021-01-31. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Etape 3 : Restart de apache :

$ /etc/init.d/apache2 restart
[ ok ] Restarting apache2 (via systemctl): apache2.service

Rien de plus simple …

Je viens de voir qu’il y avait quelques problèmes sur mon installation :

1- Manque d’un index :

# sudo -u www-data php /usr/share/nginx/nextcloud/occ db:add-missing-indices
Check indices of the share table.
Check indices of the filecache table.
Check indices of the twofactor_providers table.
Check indices of the login_flow_v2 table.
Check indices of the whats_new table.
Check indices of the cards table.
Check indices of the cards_properties table.
Check indices of the calendarobjects_props table.
Check indices of the schedulingobjects table.
Check indices of the oc_properties table.
Adding properties_path_index index to the oc_properties table, this can take some time...
oc_properties table updated successfully.

2- Manque d’une colonne :

sudo -u www-data php /usr/share/nginx/nextcloud/occ db:add-missing-columns
Check columns of the comments table.
Adding additional reference_id column to the comments table, this can take some time...
Comments table updated successfully.

3- Passage de PHP 7.2 en PHP 7.3 :

# sudo add-apt-repository ppa:ondrej/php
...
# sudo apt-get update
...
# sudo apt install php7.3
....
Les paquets supplémentaires suivants seront installés : 
libapache2-mod-php7.3 libpcre2-8-0 php-common php7.3-cli php7.3-common php7.3-json php7.3-opcache
php7.3-readline
Paquets suggérés :
php-pear
Les NOUVEAUX paquets suivants seront installés :
libapache2-mod-php7.3 libpcre2-8-0 php7.3 php7.3-cli php7.3-common php7.3-json php7.3-opcache
php7.3-readline
...
# sudo apt install php7.3-common php7.3-cli php7.3-bcmath php7.3-bz2 php7.3-curl php7.3-gd php7.3-intl php7.3-json php7.3-mbstring php7.3-readline php7.3-xml php7.3-zip php7.3-fpm
...
NOTICE: Not enabling PHP 7.3 FPM by default.
NOTICE: To enable PHP 7.3 FPM in Apache2 do:
NOTICE: a2enmod proxy_fcgi setenvif
NOTICE: a2enconf php7.3-fpm
NOTICE: You are seeing this message because you have apache2 package installed.

# sudo apt-get install php7.3-mysql php7.3-imagick php7.3-recode php7.3-tidy php7.3-xmlrpc

# sudo a2dismod php7.2
Module php7.2 disabled.
To activate the new configuration, you need to run:
systemctl restart apache2
# sudo a2enmod php7.3
Considering dependency mpm_prefork for php7.3:
Considering conflict mpm_event for mpm_prefork:
Considering conflict mpm_worker for mpm_prefork:
Module mpm_prefork already enabled
Considering conflict php5 for php7.3:
Enabling module php7.3.
To activate the new configuration, you need to run:
systemctl restart apache2
# sudo systemctl restart apache2
# sudo a2enmod proxy_fcgi setenvif
Considering dependency proxy for proxy_fcgi:
Enabling module proxy.
Enabling module proxy_fcgi.
Module setenvif already enabled
To activate the new configuration, you need to run:
systemctl restart apache2
$ sudo a2enconf php7.3-fpm
Enabling conf php7.3-fpm.
To activate the new configuration, you need to run:
systemctl reload apache2
$ php -v
PHP 7.3.21-1+ubuntu18.04.1+deb.sury.org+1 (cli) (built: Aug 7 2020 14:44:10) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.21, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.3.21-1+ubuntu18.04.1+deb.sury.org+1, Copyright (c) 1999-2018, by Zend Technologies

4- Ajout du module PHP bcmath :

# sudo apt install php7.3-bcmath

5 – Ajout du module PHP gmp :

# sudo apt install php7.3-gm

6 – Check et start de php7.3-fpm :

# ls -l /run/php/php7.*
-rw-r--r-- 1 root     root     4 août  24 13:07 /run/php/php7.2-fpm.pid
srw-rw---- 1 www-data www-data 0 août  24 13:07 /run/php/php7.2-fpm.sock
-rw-r--r-- 1 root     root     5 août  31 11:26 /run/php/php7.3-fpm.pid
srw-rw---- 1 www-data www-data 0 août  31 11:26 /run/php/php7.3-fpm.sock

#  sudo systemctl start php7.3-fpm

#  sudo systemctl enable php7.3-fpm

# diff /etc/php/7.3/fpm/php.ini /etc/php/7.2/fpm/php.ini  | grep -v "< ;" | grep -v "> ;" | grep -v "\-\-\-"
...
< output_buffering = 4096 > output_buffering = 8192
...
< max_execution_time = 30 > max_execution_time = 600
...
< max_input_time = 60 > max_input_time = 600
...
< memory_limit = 128M > memory_limit = 2048M
...
< display_errors = Off > display_errors = On
...
< display_startup_errors = Off > display_startup_errors = On
...
< log_errors_max_len = 1024 > log_errors_max_len = 4024
...
< ignore_repeated_errors = Off > ignore_repeated_errors = On
...
< post_max_size = 8M > post_max_size = 20M
...
< upload_max_filesize = 2M > upload_max_filesize = 40M
...
< max_file_uploads = 20 > max_file_uploads = 100
...
< default_socket_timeout = 60 > default_socket_timeout = 600
...
< session.cache_expire = 180 > session.cache_expire = 320

7 – Modification dans NextCloud :

Fichier /etc/nginx/conf.d/nextcloud-local.conf et /etc/nginx/conf.d/nextcloud.conf :

       #fastcgi_pass unix:/run/php/php7.2-fpm.sock;
       fastcgi_pass unix:/run/php/php7.3-fpm.sock;

J’ai eu l’erreur : « server reached pm.max_children setting (5), consider raising it » dans les fichiers de logs /var/log/php7.2-fpm.log.

Mes fichiers de logs pour Nextcloud ( configuration via NGinx ) :

– /var/log/php7.2-fpm.log : PHP .
– /var/log/nginx/nextcloud.error & /var/log/nginx/nextcloud.access : NGINX .
– /var/log/nextcloud.log : Nextcloud.
– /usr/share/nginx/nextcloud/data/nextcloud.log : Nextcloud.
– /usr/share/nginx/nextcloud/data/audit.log : Nextcloud.
– /usr/share/nginx/nextcloud/data/updater.log : Nextcloud.

Pour supprimer l’erreur j’ai modifié le fichier de configuration :

# cat /etc/php/7.2/fpm/pool.d/www.conf | grep -v "^;" | grep -v "^$"
[www]
user = www-data
group = www-data
listen = /run/php/php7.2-fpm.sock
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 50 
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 10
env[PATH] = /usr/local/bin:/usr/bin:/bin

Je suis donc passé de 5 à 50 … je pense que le problème ne devrait plus apparaitre.

A noter aussi que j’ai modifié le système de cron afin que cela soit plus performant :

$ crontab -u www-data -l
*/5  *  *  *  * php -f /usr/share/nginx/nextcloud/cron.php

Pour supprimer ce type d’erreur :

[error] 2239#2239: *454376 access forbidden by rule, client: 127.0.0.1, server: 127.0.0.1, request: "GET /data/.ocdata?t=1591823240128 HTTP/1.1", host: "127.0.0.1"

J’ai modifié la configuration de NGINX.
Sur les fichiers /etc/nginx/conf.d/nextcloud-local.conf & /etc/nginx/conf.d/nextcloud.conf . J’ai ajouté :

    location = /data/htaccesstest.txt {
    allow all;
    log_not_found off;
    access_log off;
    }
    location = /data/\.ocdata {
    access_log off;
    }

Pour relancer :

systemctl restart nginx.service