Hello all,
I have nextcloud installed in a LXC container on proxmox. This instance is also behind an nginx reverse proxy server. I have setup strong Diffie-Hellman group, https certificates with Letsencrypt and done the hardening advice from the documentation. The problem I have is the following:
If I go to settings —> overview ----> security scan I get three messages:
There are some warnings regarding your setup.
* The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the [security tips ↗](https://docs.nextcloud.com/server/18/go.php?to=admin-security).
* Your web server is not properly set up to resolve "/.well-known/caldav". Further information can be found in the [documentation](https://docs.nextcloud.com/server/18/go.php?to=admin-setup-well-known-URL).
* Your web server is not properly set up to resolve "/.well-known/carddav". Further information can be found in the [documentation](https://docs.nextcloud.com/server/18/go.php?to=admin-setup-well-known-URL).
Please double check the [installation guides ↗](https://docs.nextcloud.com/server/18/go.php?to=admin-install), and check for any errors or warnings in the [log](https://mycloud.link/index.php/settings/admin/logging).
Check the security of your Nextcloud over [our security scan ↗](https://scan.nextcloud.com).
However if I go and scan my cloud address on the nextcloud website, I get an A+ rating.
Which on is correct?