Custom open_basedir & PHP OPcache for Nextcloud with Froxlor

Nextcloud needs /dev/urandom, /proc/meminfo and a data folder outside of the web folder which has to be added to open_basedir in php.ini.

How to configure it with Froxlor?

In Froxlor, php.ini can’t be editet directly but can be setup as custom php.ini for each domain with the correct settings for Nextcloud.

Nextcloud on Debian 9 (Stretch) with Froxlor needs PHP 7.2 and Zend OPcache. Zend OPcache is shipped with PHP since PHP 5.5 but not enabled by default.

Zend OPcache

Add new php.ini

As admin, goto PHP Configurations | Create new settings

Create new PHP configuration

Fill in Short description, PHP Binary (= PHP 7.2) and umask (= 022)

Change PHP settings

Change php.ini settings:

short_open_tag = On
asp_tags = Off
precision = 14
output_buffering = 4096
allow_call_time_pass_reference = Off

open_basedir = "{OPEN_BASEDIR}:/dev/urandom:/proc/meminfo:/var/customers/webs/{CUSTOMER}/nextcloud-data/{DOMAIN}"
disable_functions = exec,passthru,shell_exec,system,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate
disable_classes =
expose_php = Off
max_execution_time = 300
max_input_time = 600
memory_limit = 256M
post_max_size = 128M
error_reporting = E_ALL & ~E_NOTICE
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = Off
variables_order = "GPCS"
register_globals = Off
register_argc_argv = Off
gpc_order = "GPC"

magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off

include_path = ".:{PEAR_DIR}"
enable_dl = Off

file_uploads = On
upload_tmp_dir = "{TMP_DIR}"
upload_max_filesize = 64M

allow_url_fopen = On
allow_url_include = Off

sendmail_path = "/usr/sbin/sendmail -t -f [email protected]{DOMAIN}"

session.save_handler = files
session.save_path = "{TMP_DIR}"
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.bug_compat_42 = 0
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 16
session.entropy_file = /dev/urandom
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0

suhosin.simulation = Off
suhosin.mail.protect = 1

mail.add_x_header = On
date.timezone = Europe/Vienna

opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

Assign the new php.ini to customer

Customers | Edit customer

Assign php.ini to customer

Finally assign php.ini to the domain

Domains | Edit domain | PHP Configuration

Edit PHP configuration

Check php.ini

Run phpinfo.php on the domain first to determine the loaded ini file.

Loaded php.ini

cat /var/www/php-fcgi-scripts/customer1/domain1.xx/php.ini | grep open_basedir

Nextcloud Monitoring Page

with /proc/meminfo in open_basedir

Nextcloud Memory Usage