Nextcloud shows Security & setup warnings

mepi0011 · 12 December 2020 12:26

Hi,

I run nextcloud behind the swag server. I recognized that nextcloud shows me the following Security & setup warnings:

There are some warnings regarding your setup.

The "X-Robots-Tag" HTTP header is not set to "none". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗.

How can I solve this warnings?

Further information:
swag server: Linuxserver.io version:- 1.9.0-ls17 Build-date:- 2020-10-20T10:06:33+00:00
nextcloud: Linuxserver.io version:- 20.0.0-ls101 Build-date:- 2020-10-03T10:37:02+00:00

Thank you in advance for your help.

aptalca · 12 December 2020 14:18

Swag ssl.conf and the nextcloud default site conf both contain a disabled by default option for hsts. And swag readme has info on the x-robots one. You can enable them, but make sure you know what you’re doing before you enable either option as they have ramifications affecting your entire server. If not sure, leave them disabled and you’ll be fine.

mepi0011 · 13 December 2020 07:32

Thank you for the feedback. Because I am not familiar with these things, then I leave it as it is and live with the warnings.

system · 18 December 2020 07:32

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.