improve documentation for nextcloud security

The default configuration does not pass security checks.
A change to ssl.conf is required for secure operation.
This behaviour can be very confusing to new users.
Documenting this should help make it easier for
new nextcloud users to have a secure experience.
This commit is contained in:
BlockListed 2023-05-10 21:33:29 +02:00
parent 9e6cea7efd
commit 9d4e3fc59c
No known key found for this signature in database
GPG key ID: 2D204777C477B588
2 changed files with 2 additions and 0 deletions

View file

@ -32,6 +32,7 @@ server {
set $upstream_proto https;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# Uncomment X-Frame-Options directive in ssl.conf to pass security checks.
proxy_hide_header X-Frame-Options;
proxy_max_temp_file_size 2048m;
}

View file

@ -34,6 +34,7 @@ location ^~ /nextcloud/ {
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
rewrite /nextcloud(.*) $1 break;
# Uncomment X-Frame-Options directive in ssl.conf to pass security checks.
proxy_hide_header X-Frame-Options;
proxy_max_temp_file_size 2048m;
proxy_set_header Range $http_range;