improve documentation for nextcloud security

BlockListed · BlockListed · commit 9d4e3fc59cdb · 2023-05-10T21:33:29.000+02:00
The default configuration does not pass security checks.
A change to ssl.conf is required for secure operation.
This behaviour can be very confusing to new users.
Documenting this should help make it easier for
new nextcloud users to have a secure experience.
diff --git a/nextcloud.subdomain.conf.sample b/nextcloud.subdomain.conf.sample
@@ -32,6 +32,7 @@ server {
         set $upstream_proto https;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
+        # Uncomment X-Frame-Options directive in ssl.conf to pass security checks.
         proxy_hide_header X-Frame-Options;
         proxy_max_temp_file_size 2048m;
     }
diff --git a/nextcloud.subfolder.conf.sample b/nextcloud.subfolder.conf.sample
@@ -34,6 +34,7 @@ location ^~ /nextcloud/ {
     proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
     rewrite /nextcloud(.*) $1 break;
+    # Uncomment X-Frame-Options directive in ssl.conf to pass security checks.
     proxy_hide_header X-Frame-Options;
     proxy_max_temp_file_size 2048m;
     proxy_set_header Range $http_range;

Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,7 @@ server {`
`32`	`32`	`set $upstream_proto https;`
`33`	`33`	`proxy_pass $upstream_proto://$upstream_app:$upstream_port;`
`34`	`34`
	`35`	`+ # Uncomment X-Frame-Options directive in ssl.conf to pass security checks.`
`35`	`36`	`proxy_hide_header X-Frame-Options;`
`36`	`37`	`proxy_max_temp_file_size 2048m;`
`37`	`38`	`}`