From 9d4e3fc59cdb2e2cf4a704f69d960e1bda4cee81 Mon Sep 17 00:00:00 2001
From: BlockListed <44610569+BlockListed@users.noreply.github.com>
Date: Wed, 10 May 2023 21:33:29 +0200
Subject: [PATCH] improve documentation for nextcloud security

The default configuration does not pass security checks.
A change to ssl.conf is required for secure operation.
This behaviour can be very confusing to new users.
Documenting this should help make it easier for
new nextcloud users to have a secure experience.
---
 nextcloud.subdomain.conf.sample | 1 +
 nextcloud.subfolder.conf.sample | 1 +
 2 files changed, 2 insertions(+)

diff --git a/nextcloud.subdomain.conf.sample b/nextcloud.subdomain.conf.sample
index e63d077..c3e2ee1 100644
--- a/nextcloud.subdomain.conf.sample
+++ b/nextcloud.subdomain.conf.sample
@@ -32,6 +32,7 @@ server {
         set $upstream_proto https;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
+        # Uncomment X-Frame-Options directive in ssl.conf to pass security checks.
         proxy_hide_header X-Frame-Options;
         proxy_max_temp_file_size 2048m;
     }
diff --git a/nextcloud.subfolder.conf.sample b/nextcloud.subfolder.conf.sample
index 11bbb75..8708b4e 100644
--- a/nextcloud.subfolder.conf.sample
+++ b/nextcloud.subfolder.conf.sample
@@ -34,6 +34,7 @@ location ^~ /nextcloud/ {
     proxy_pass $upstream_proto://$upstream_app:$upstream_port;
 
     rewrite /nextcloud(.*) $1 break;
+    # Uncomment X-Frame-Options directive in ssl.conf to pass security checks.
     proxy_hide_header X-Frame-Options;
     proxy_max_temp_file_size 2048m;
     proxy_set_header Range $http_range;