new personal suse nextcloud server - mod_nss or mod_ssl?

am i right in thinking i could setup apache for https with a self signed cert using either mod_nss or mod_ssl?

and if it was a personal webserver and I didn’t care about outdated versions of SSL, it would make sense to simply opt for mod_nss?

p.s. if i setup nextcloud on leap 42.2, which version of PHP will it use by default (because 42.2 comes with both 5.5 and 7.0)?

many thanks

Because mod_nss is actively maintained and a derivative/fork of mod_ssl,
I’d say you can use either… whatever your preference.

https://fedorahosted.org/mod_nss/

Unless you decide to build nextcloud from source or want to build/modify any php content, I don’t know that any User should ordinarily care which version of php is used.

I guess the big question is how you intend to install nextcloud, I see that there are a number of builds available at software.opensuse.org

https://software.opensuse.org/package/nextcloud

TSU

thanks.

it seems that mod_ssl doesn’t support tls, where mod_nss only supports tls, which seems more secure for a home server…?

php7 is a lot faster, which is important when your server is running off a 15W chip.

I haven’t checked the two mods, but in general…

  • Although SSL and TLS started off as completely different, fairly recently I’ve noticed that a lot of apps seem to consider them different versions of the same. But yes, TLS is considered to be at least as strong as SSLv3 (no one should be using anything weaker although may be necessary if subject to import restrictions)
  • I don’t know if php7 is faster or should be faster. It would probably take some technical sleuthing to be certain beyond simple anecdotal evidence.

TSU

Am Sat, 21 Jan 2017 08:56:02 +0000 schrieb Jedibeeftrix:

> am i right in thinking i could setup apache for https with a self signed
> cert using either mod_nss or mod_ssl?
>
> and if it was a personal webserver and I didn’t care about outdated
> versions of SSL, it would make sense to simply opt for mod_nss?
>
> p.s. if i setup nextcloud on leap 42.2, which version of PHP will it use
> by default (because 42.2 comes with both 5.5 and 7.0)?

Use nextcloud from server:php:applications
This sould be run without errors and problems.

Regaards
Eric

i think you’re telling me to one-click install nextcloud…?
if so, this is not the problem. installing nextcloud is easy, getting it setup with https is the difficult bit.

p.s. i’ve found an excellent reason as to why i should care which version of PHP is used:

because Nexcloud now demands PHP 5.6 as a minimum requirement.

which is doubly amusing as opensuse 13.2 supplied 5.6, but all Leap versions reverted to 5.5… because that is what SLES 12 is packaged with!

using the one-click for PHP 7.0.7 did not appear to work either. having installed it, while i no longer get the apache warning message when navigating to 127.0.0.1/nexcloud, now i’m simply inviting to open a file with kate, rather than getting to the nextcloud first-run screen.

Am Sun, 26 Feb 2017 17:06:01 +0000 schrieb Jedibeeftrix:
>> > p.s. if i setup nextcloud on leap 42.2, which version of PHP will it
>> use
>> > by default (because 42.2 comes with both 5.5 and 7.0)?
>>
>> Use nextcloud from server:php:applications This sould be run without
>> errors and problems.
>
> i think you’re telling me to one-click install nextcloud…?
> if so, this is not the problem. installing nextcloud is easy, getting it
> setup with https is the difficult bit.

Yes. from above repo the nexcloud is ready and run.
And when you need https install certbot from devel:languages:python.
Read Docu in packages and so it runs all without problem.

Regards
Eric

That doesn’t really answer the problem, tho.

Leap took a regressive step in taking PHP 5.5 from SLES (when opensuse 13.2 already had PHP 5.6).

Nextcloud requires PHP 5.6 so it will not run on Leap 42.2, and the one-click PHP 7.0 package installs but has no effect on Nextcloud.

The PHP7 1-click most likely doesn’t active Apache’s PHP7 module.

sudo a2enmod php7 ; sudo systemctl restart apache2

cheers, will try.