Skip to content
This repository has been archived by the owner on Dec 2, 2022. It is now read-only.

Improve security of Nextcloud installation #37

Open
1 of 6 tasks
artis3n opened this issue Jan 29, 2018 · 3 comments
Open
1 of 6 tasks

Improve security of Nextcloud installation #37

artis3n opened this issue Jan 29, 2018 · 3 comments

Comments

@artis3n
Copy link
Owner

artis3n commented Jan 29, 2018
edited
Loading

The following items are found in the below picture:

  • Add 404 and 5xx error pages to signature.json to fix code integrity error
  • Fix .htaccess file to prevent data directory from being directly accessible from the internet
  • Add XSS protection headers to Nginx config
  • Add Clickjacking protection headers to Nginx config
  • Always serve the site over HTTPS - either through Let's Encrypt or self-signed cert
  • Fix PHP OPcache settings

image
@artis3n
Copy link
Owner Author

artis3n commented Feb 19, 2018

XSS and Clickjacking headers are in nginx.conf, however Nextcloud is reading that those headers are not set. That needs to be investigated.

@artis3n
Copy link
Owner Author

artis3n commented Feb 19, 2018

PHP OPCache is set, but is not being picked up by Nextcloud.

@artis3n
Copy link
Owner Author

artis3n commented Jun 29, 2018

regarding htaccess:
https://www.nginx.com/resources/wiki/start/topics/examples/likeapache-htaccess/

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@artis3n