Hardening security of Nextcloud and hosting it on domain

Hey everyone, I have just installed and setup the nextcloud using SNAP and it is running perfectly locally.
But now I want to make sure that it is secure enough to be hosted on domain and available to me from the outside world.

Most of the basic things i have configured like https and all but I am getting 2 errors from the Overview tab of which i am pasting at the end of post and also can someone help me in how to host it on a domain. To add to this, reference links or videos will be fine for me.

Hardware Details : Raspberry pi4 8GB ram
Software : Raspberry Pi OS installed nextcloud using SNAP.

Errors i am getting :

Security & setup warnings

It’s important for the security and performance of your instance that everything is configured correctly. To help you with that we are doing some automatic checks. Please see the linked documentation for more information.

There are some warnings regarding your setup.

  • The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds. For enhanced security, it is recommended to enable HSTS as described in the

  • Your installation has no default phone region set. This is required to validate phone numbers in the profile settings without a country code. To allow numbers without a country code, please add “default_phone_region” with the respective [ISO 3166-1 code :arrow_upper_right:

Regarding HSTS I found this: TLS renewal problem · Issue #2063 · nextcloud-snap/nextcloud-snap · GitHub

sudo nextcloud.occ config:system:set default_phone_region --value=CH

Replace CH with the code for your country… https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements

1 Like

If you use Let’s Encrypt this should be done for you. How did you setup HTTPS?

Probably not using Let’s Encrypt, then. Are you using self-signed certs? HSTS isn’t compatible with those.

Yes i am using self cert so can you help me how to transfer it to lets encrypt and also further hosting it on a domain