Security issues

[bnorman93]

I am having the hardened security issue i have went in and edited the .htaccess file and its still saying that i need to update the number but there are a bunch of .htaccess files that i have found throughout the system and have updated them. I have nextcloud running in a jail on my truenas operating system. Thanks for any help in advance! Nextcloud security advisor is still saying the hsts and these errors with it:

• The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗.
• Your web server is not properly set up to resolve "/.well-known/webfinger". Further information can be found in the documentation ↗.
• Your web server is not properly set up to resolve "/.well-known/nodeinfo". Further information can be found in the documentation ↗.
• You have not set or verified your email server configuration, yet. Please head over to the Basic settings in order to set them. Afterwards, use the "Send email" button below the form to verify your settings.
• Your installation has no default phone region set. This is required to validate phone numbers in the profile settings without a country code. To allow numbers without a country code, please add "default_phone_region" with the respective ISO 3166-1 code ↗ of the region to your config file.

 

[Rajstopy]

Hi !
Same here...
Would be so good to have some guidance, I'm not an NC expert at all ...

Cheers

 

[Patrick M. Hausen]

How did you install Nextcloud? If you used danb35's script - that doesn't use Apache, so .htaccess files are ignored. You need to enter the correct statements into the web server configuration.

If you are using Nginx, the Nextcloud documentation has a very extensive example:

NGINX configuration — Nextcloud latest Administration Manual latest documentation

 

[bnorman93]

How did you install Nextcloud? If you used danb35's script - that doesn't use Apache, so .htaccess files are ignored. You need to enter the correct statements into the web server configuration.

If you are using Nginx, the Nextcloud documentation has a very extensive example:

NGINX configuration — Nextcloud latest Administration Manual latest documentation

That’s what I’m using is nextcloud in a jail I’m assuming it’s nginx, when I try to go to the var/we/nextcloud it doesn’t exist mines under var/usr/local/ data or www/ nextcloud

 

[Patrick M. Hausen]

Nginx config would be in /usr/local/etc/nginx in FreeBSD, Inside the jail, not on the TrueNAS host. Why are you "assuming" it's Nginx? You did pkg install nginx, didn't you? If you used danb35's script, it's possibly not Nginx but Caddy or something different altogether. You need to know what you are running.

 

[bnorman93]

Nginx config would be in /usr/local/etc/nginx in FreeBSD, Inside the jail, not on the TrueNAS host. Why are you "assuming" it's Nginx? You did pkg install nginx, didn't you? If you used danb35's script, it's possibly not Nginx but Caddy or something different altogether. You need to know what you are running.

You nailed it and it’s FreeBSD, thank you! The /var/www works but not the nextcloud directory after that there’s only a html folder under that directory

 

[TYFLOOZY]

Hello, What command is used to input "'default_phone_region' => 'US'," into my nexcloud shell? I'm newer at commands so trying to find the full sequence of commands to make this happen.

 

[danb35]

What command is used to input "'default_phone_region' => 'US'," into my nexcloud shell?

You've replied to a year-old thread on a very different question, so I doubt you're going to get much help here--you'd be better off starting a new thread. When you do, you can include quite a bit more information about your installation--like which version of TrueNAS you're running and how you installed Nextcloud, for starters.