Persistent OPcache warning message
m0rph84 opened this issue · 3 comments
m0rph84 commented
Behaviour
Nextcloud still report a warning about OPcache even though I already have added the suggested configuration inside php.ini and opcache.ini
Probably is just some misconfiguration at my hand but I can't find a way to fix it.
The PHP OPcache is not properly configured. For better performance it is recommended to use the following settings in the php.ini:
opcache.enable=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
Steps to reproduce this issue
- Brand new Nextcloud docker image installation with SSL enabled
- Add the suggested configuration to php.ini and opcache.ini inside the nextcloud container
- Restart all nextcloud containers or reload php config with kill -USR2 1 command.
- Open the admin page under the Security & setup warnings section.
Expected behaviour
The warning message should be gone.
Actual behaviour
Still see the warning.
Configuration
-
Docker version: 19.03.2
-
Platform: GNU/Linux CentOS 7
-
/etc/php7/conf.d/opcache.ini
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=256M
opcache.save_comments=1
opcache.revalidate_freq=1
- /etc/php7/php.ini
....
....
[opcache]
; Determines if Zend OPCache is enabled
opcache.enable=1
; Determines if Zend OPCache is enabled for the CLI version of PHP
;opcache.enable_cli=1
; The OPcache shared memory storage size.
opcache.memory_consumption=128
; The amount of memory for interned strings in Mbytes.
opcache.interned_strings_buffer=8
; The maximum number of keys (scripts) in the OPcache hash table.
; Only numbers between 200 and 1000000 are allowed.
opcache.max_accelerated_files=10000
; The maximum percentage of "wasted" memory until a restart is scheduled.
;opcache.max_wasted_percentage=5
; When this directive is enabled, the OPcache appends the current working
; directory to the script key, thus eliminating possible collisions between
; files with the same name (basename). Disabling the directive improves
; performance, but may break existing applications.
;opcache.use_cwd=1
; When disabled, you must reset the OPcache manually or restart the
; webserver for changes to the filesystem to take effect.
;opcache.validate_timestamps=1
; How often (in seconds) to check file timestamps for changes to the shared
; memory storage allocation. ("1" means validate once per second, but only
; once per request. "0" means always validate)
opcache.revalidate_freq=1
; Enables or disables file search in include_path optimization
;opcache.revalidate_path=0
; If disabled, all PHPDoc comments are dropped from the code to reduce the
; size of the optimized code.
opcache.save_comments=1
; Allow file existence override (file_exists, etc.) performance feature.
;opcache.enable_file_override=0
; A bitmask, where each bit enables or disables the appropriate OPcache
; passes
;opcache.optimization_level=0x7FFFBFFF
;opcache.dups_fix=0
; The location of the OPcache blacklist file (wildcards allowed).
; Each OPcache blacklist file is a text file that holds the names of files
; that should not be accelerated. The file format is to add each filename
; to a new line. The filename may be a full path or just a file prefix
; (i.e., /var/www/x blacklists all the files and directories in /var/www
; that start with 'x'). Line starting with a ; are ignored (comments).
;opcache.blacklist_filename=
; Allows exclusion of large files from being cached. By default all files
; are cached.
;opcache.max_file_size=0
; Check the cache checksum each N requests.
; The default value of "0" means that the checks are disabled.
;opcache.consistency_checks=0
; How long to wait (in seconds) for a scheduled restart to begin if the cache
; is not being accessed.
;opcache.force_restart_timeout=180
; OPcache error_log file name. Empty string assumes "stderr".
;opcache.error_log=
; All OPcache errors go to the Web server log.
; By default, only fatal errors (level 0) or errors (level 1) are logged.
; You can also enable warnings (level 2), info messages (level 3) or
; debug messages (level 4).
;opcache.log_verbosity_level=1
; Preferred Shared Memory back-end. Leave empty and let the system decide.
;opcache.preferred_memory_model=
; Protect the shared memory from unexpected writing during script execution.
; Useful for internal debugging only.
;opcache.protect_memory=0
; Allows calling OPcache API functions only from PHP scripts which path is
; started from specified string. The default "" means no restriction
;opcache.restrict_api=
; Mapping base of shared memory segments (for Windows only). All the PHP
; processes have to map shared memory into the same address space. This
; directive allows to manually fix the "Unable to reattach to base address"
; errors.
;opcache.mmap_base=
; Enables and sets the second level cache directory.
; It should improve performance when SHM memory is full, at server restart or
; SHM reset. The default "" disables file based caching.
;opcache.file_cache=
; Enables or disables opcode caching in shared memory.
;opcache.file_cache_only=0
; Enables or disables checksum validation when script loaded from file cache.
;opcache.file_cache_consistency_checks=1
; Implies opcache.file_cache_only=1 for a certain process that failed to
; reattach to the shared memory (for Windows only). Explicitly enabled file
; cache is required.
;opcache.file_cache_fallback=1
; Enables or disables copying of PHP code (text segment) into HUGE PAGES.
; This should improve performance, but requires appropriate OS configuration.
;opcache.huge_code_pages=1
; Validate cached file permissions.
;opcache.validate_permission=0
; Prevent name collisions in chroot'ed environment.
;opcache.validate_root=0
; If specified, it produces opcode dumps for debugging different stages of
; optimizations.
;opcache.opt_debug_level=0
....
....
Docker info
Client:
Debug Mode: false
Server:
Containers: 10
Running: 8
Paused: 0
Stopped: 2
Images: 13
Server Version: 19.03.2
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc version: 425e105d5a03fabd737a126ad93d62a9eeede87f
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-957.27.2.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.701GiB
Name: guybrush
ID: XSD2:FHPJ:D2MC:RG3V:36YZ:D7OY:AWFP:SHGG:2YJM:CRMU:JTJZ:6FMB
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
crazy-max commented
Hi @m0rph84,
- What version of Nextcloud ?
- Include all necessary configuration files :
docker-compose.yml,.env, ... (without sensitive values)
m0rph84 commented
Hi @crazy-max, thanks for replying:
- Nextcloud 16.0.4
/var/nextcloud/nextcloud.env
TZ=Usa/New York
MEMORY_LIMIT=1024M
UPLOAD_MAX_SIZE=4096M
OPCACHE_MEM_SIZE=256M
APC_SHM_SIZE=256M
REAL_IP_FROM=0.0.0.0/32
REAL_IP_HEADER=X-Forwarded-For
LOG_IP_VAR=http_x_forwarded_for
HSTS_HEADER=max-age=15768000; includeSubDomains
RP_HEADER=strict-origin
SUBDIR=
DB_TYPE=mysql
DB_HOST=db
DB_NAME=nextcloud
DB_USER=■■■
DB_PASSWORD=■■■
/var/nextcloud/docker-compose.yml
version: "3.2"
services:
traefik:
image: traefik:1.7-alpine
container_name: traefik
command:
- "--logLevel=INFO"
- "--defaultentrypoints=http,https"
- "--entryPoints=Name:http Address::80 Redirect.EntryPoint:https"
- "--entryPoints=Name:https Address::443 TLS"
- "--docker"
- "--docker.exposedbydefault=false"
- "--docker.domain=mydomain.io"
- "--acme=true"
- "--acme.acmelogging=true"
- "--acme.email=webmaster@mydomain.io"
- "--acme.storage=acme.json"
- "--acme.entryPoint=https"
- "--acme.onhostrule=true"
- "--acme.httpchallenge=true"
- "--acme.httpchallenge.entrypoint=http"
ports:
- target: 80
published: 80
protocol: tcp
- target: 443
published: 443
protocol: tcp
volumes:
- "./acme.json:/acme.json"
- "/var/run/docker.sock:/var/run/docker.sock"
restart: always
db:
image: mariadb:10.2
container_name: nextcloud_db
volumes:
- "db:/var/lib/mysql"
environment:
- "MYSQL_ALLOW_EMPTY_PASSWORD=yes"
- "MYSQL_DATABASE=nextcloud"
- "MYSQL_USER= ■■■
- "MYSQL_PASSWORD=■■■
restart: always
redis:
image: redis:4.0-alpine
container_name: nextcloud_redis
restart: always
collabora:
image: collabora/code
container_name: nextcloud_collabora
cap_add:
- MKNOD
labels:
- "traefik.enable=true"
- "traefik.backend=collabora"
- "traefik.port=9980"
- "traefik.frontend.entryPoints=http"
- "traefik.frontend.rule=Host:collabora.mydomain.io"
environment:
- "DONT_GEN_SSL_CERT=true"
- "domain=collabora.mydomain.io"
- "extra_params=--disable-ssl"
restart: always
nextcloud:
image: crazymax/nextcloud:latest
container_name: nextcloud
depends_on:
- db
- redis
volumes:
- "nextcloud:/data"
labels:
- "traefik.enable=true"
- "traefik.backend=nextcloud"
- "traefik.port=8000"
- "traefik.frontend.rule=Host:nextcloud.mydomain.io"
- "traefik.frontend.redirect.permanent=true"
- "traefik.frontend.redirect.regex=https://(.*)/.well-known/(card|cal)dav"
- "traefik.frontend.redirect.replacement=https://$$1/remote.php/dav/"
env_file:
- "./nextcloud.env"
restart: always
cron:
image: crazymax/nextcloud:latest
container_name: nextcloud_cron
depends_on:
- nextcloud
volumes:
- "nextcloud:/data"
env_file:
- "./nextcloud.env"
environment:
- "SIDECAR_CRON=1"
- "CRON_PERIOD=*/15 * * * *"
restart: always
news_updater:
image: crazymax/nextcloud:latest
container_name: nextcloud_news_updater
depends_on:
- nextcloud
volumes:
- "nextcloud:/data"
env_file:
- "./nextcloud.env"
environment:
- "SIDECAR_NEWSUPDATER=1"
- "NC_NEWSUPDATER_THREADS=10"
- "NC_NEWSUPDATER_TIMEOUT=300"
- "NC_NEWSUPDATER_INTERVAL=900"
- "NC_NEWSUPDATER_LOGLEVEL=error"
restart: always
volumes:
db:
nextcloud:
crazy-max commented
Value of OPCACHE_MEM_SIZE is wrong, this should be OPCACHE_MEM_SIZE=256.
See opcache.memory-consumption for more info.