Nextcloud set up warnings.

[Martintheshred]

Hi Guys 

   hopefully I am in the correct area for this however I am running Next cloud on my server just use as a way to share files between different machines I have at home if I need to access it from outside my home I use a vpn and wireguard however after my last Netcloud update I got a few error messages come up in the security and setup warnings area of the administration overview page on (see below) Nextcloud and can not work out how to fix them.

I have the latest version of Nextcloud running and it appears to be working ok.

 

There are some warnings regarding your setup.

The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.

The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗.

Your web server is not properly set up to resolve "/.well-known/webfinger". Further information can be found in the documentation ↗.

Your web server is not properly set up to resolve "/.well-known/nodeinfo". Further information can be found in the documentation ↗.

Your web server is not properly set up to resolve "/.well-known/caldav". Further information can be found in the documentation ↗.

Your web server is not properly set up to resolve "/.well-known/carddav". Further information can be found in the documentation ↗.

Your installation has no default phone region set. This is required to validate phone numbers in the profile settings without a country code. To allow numbers without a country code, please add "default_phone_region" with the respective ISO 3166-1 code ↗ of the region to your config file.

The database is missing some primary keys. Due to the fact that adding primary keys on big tables could take some time they were not added automatically. By running "occ db:add-missing-primary-keys" those missing primary keys could be added manually while the instance keeps running.

Missing primary key on table "oc_federated_reshares".

Missing primary key on table "oc_systemtag_object_mapping".

Missing primary key on table "oc_comments_read_markers".

Missing primary key on table "oc_collres_resources".

Missing primary key on table "oc_collres_accesscache".

Missing primary key on table "oc_filecache_extended".

The database is missing some optional columns. Due to the fact that adding columns on big tables could take some time they were not added automatically when they can be optional. By running "occ db:add-missing-columns" those missing columns could be added manually while the instance keeps running. Once the columns are added some features might improve responsiveness or usability.

Missing optional column "reference_id" in table "oc_comments".

 

Hopefully you can help a numpty out and  

  

[xxDeadbolt]

I've had this before, I think it's fairly common. For the missing keys, run the terminal for the nextcloud container in the Docker page (not the general unraid terminal option on the top right corner) and type 'occ db:add-missing-primary-keys' which should sort that. For the phone region, there's a great video here to edit your config file: 

 

I'm not sure on the others, I think the X-Frame-Options can be solved in your reverse proxy config - but don't quote me on that one, I may be remembering that one wrong.

[Martintheshred]

On 2/1/2022 at 6:35 PM, xxDeadbolt said:

I've had this before, I think it's fairly common. For the missing keys, run the terminal for the nextcloud container in the Docker page (not the general unraid terminal option on the top right corner) and type 'occ db:add-missing-primary-keys' which should sort that. For the phone region, there's a great video here to edit your config file: 

 

I'm not sure on the others, I think the X-Frame-Options can be solved in your reverse proxy config - but don't quote me on that one, I may be remembering that one wrong.

Hi xxDeadbolt

 

Sorry for the delay in getting back to you and thanks for your help I have been able to sort out every thing except these below with your help and suggestions. I think I will have to  install a Swag docker etc to sort out the remaining issues however for now getting the main database columns and primary keys sorted out is a big step forward for a newbie like me who does not do a lot of command line stuff. 

 

The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.

The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗.

Your web server is not properly set up to resolve "/.well-known/webfinger". Further information can be found in the documentation ↗.

Your web server is not properly set up to resolve "/.well-known/nodeinfo". Further information can be found in the documentation ↗.

Your web server is not properly set up to resolve "/.well-known/caldav". Further information can be found in the documentation ↗.

Your web server is not properly set up to resolve "/.well-known/carddav". Further information can be found in the documentation ↗.

 

Cheers again for all your help I will let you know how I get on with the rest 

[DuneJeeper]

On 2/2/2022 at 1:33 PM, Martintheshred said:

 

 

The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.

The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗.

Your web server is not properly set up to resolve "/.well-known/webfinger". Further information can be found in the documentation ↗.

Your web server is not properly set up to resolve "/.well-known/nodeinfo". Further information can be found in the documentation ↗.

Your web server is not properly set up to resolve "/.well-known/caldav". Further information can be found in the documentation ↗.

Your web server is not properly set up to resolve "/.well-known/carddav". Further information can be found in the documentation ↗.

 

Cheers again for all your help I will let you know how I get on with the rest 

 @MartintheshredWhat did you do to sort this out? I'm in the same boat. Thanks

Edited December 17, 2022 by DuneJeeper

[CallumHauber]

I was having the webfinger issue with a similar-ish setup, and what worked for me (for the webfinger warning at least, hopefully the other well-known warnings too) was deleting the nginx default.conf and letting it regenerate after restarting nextcloud (`/config/nginx/site-confs/default.conf`).

I also had to clear cache since the 301 response gets cached and so the warning won't clear. You need to Open Dev Tools (F12), and while this is open right click on refresh button and select Empty cache and hard reload.

More context here: https://github.com/linuxserver/docker-nextcloud/issues/189
 

I realize you might not be using the linuxserver.io nexcloud docker image, but I hope this helps!

Edit:
 

To fix the "Strict-Transport-Security" HTTP header warning, add these lines to your `default.conf` (`/config/nginx/site-confs/default.conf`):

# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.

You'll want to do this after regenerating `default.conf` or you'll have to re-add the lines.

Edited December 31, 2022 by CallumHauber
added details for clearing the HSTS warning