Secure Check and configuration advise

robcop · November 17, 2021, 8:14am

Iha ve done the security check, and I have received this message.
I don’t know ehat to do:
I have read documentation but I think is too much for my knlowledge.
…ORIGINAL…

Avvisi di sicurezza e di configurazione

È importante per la sicurezza e le prestazioni della tua istanza che tutto sia configurato correttamente. Per aiutarti in questo senso, stiamo eseguendo alcuni controlli automatici. Vedi la documentazione collegata per ulteriori informazioni.

Sono presenti degli avvisi relativi alla tua configurazione.

La configurazione delle intestazioni del proxy inverso non è corretta, o stai effettuando l’accesso a Nextcloud da un proxy affidabile. In caso diverso, questo è un problema di sicurezza e può consentire a un attaccante di falsificare il suo indirizzo IP, rendendolo visibile a Nextcloud. Ulteriori informazioni sono disponibili nella documentazione.
La tua installazione non ha una regione telefonica predefinita impostata. Ciò è necessario per poter convalidare i numeri di telefono nelle impostazioni del profilo senza un codice nazionale. Per consentire i numeri senza un codice nazionale, aggiungi “default_phone_region” con il rispettivo codice ISO 3166-1 della regione desiderata al file di configurazione.
Su questa istanza mancano alcuni moduli PHP consigliati. Per prestazioni migliorate e migliore compatibilità, è vivamente consigliato di installarli.
imagick

Leggi attentamente le guide d’installazione , e controlla gli errori o gli avvisi nel log.

Controlla la sicurezza del tuo Nextcloud con la nostra scansione di sicurezza
… GOOGLE TRANSLATED…

Security and Configuration Alerts It is important for the security and performance of your instance that everything is configured correctly. To help you in this regard, we are running some automatic checks. See the linked documentation for more information.

There are alerts about your configuration. *

The reverse proxy header configuration is incorrect, or you are logging into Nextcloud from a trusted proxy. If not, this is a security issue and can allow an attacker to spoof their IP address, making it visible to Nextcloud. More information can be found in the documentation.
Your installation does not have a default phone region set. This is necessary in order to be able to validate phone numbers in the profile settings without a country code. To allow numbers without a country code, add “default_phone_region” with the respective ISO 3166-1 code of the desired region to the configuration file.

Some recommended PHP modules are missing from this instance. For improved performance and better compatibility, it is highly recommended to install them. ‘imagick’

Someone can helpme?

thansk in advance

tflidd · November 20, 2021, 3:01pm

Many things are just tips, not really a security concern. What kind of setup do you have? You seem to use a proxy??

Default phone region is nice to be set, so Nextcloud can guess the country prefix for phone numbers. Regarding the php modules, check out the documentation for the required modules, some are recommended, without all the recommended ones, some functions are not available.

rollanders · December 4, 2021, 3:03pm

May I complain about unclear error message - see below. It would help if you indicate the name of the config-file and where it is normally located.
I added ‘default_phone_region’ =>‘SE’ to /var/www/nextcloud/config/config.php and the server stopped funtioning. I got the message
“Internal Server Error
The server encountered an internal error and was unable to complete your request.
Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report. More details can be found in the webserver log.”

Which config-file should be edited? give an example.

Your installation has no default phone region set. This is required to validate phone numbers in the profile settings without a country code. To allow numbers without a country code, please add “default_phone_region” with the respective ISO 3166-1 code of the region to your config file.

tflidd · December 6, 2021, 12:07pm

The texts are defined here:

github.com

nextcloud/server/blob/a06001e0851abc6073af678b742da3e1aa96eec9/core/js/setupchecks.js

/*
 * Copyright (c) 2014
 *
 * This file is licensed under the Affero General Public License version 3
 * or later.
 *
 * See the COPYING-README file.
 *
 */

(function() {
	OC.SetupChecks = {

		/* Message types */
		MESSAGE_TYPE_INFO:0,
		MESSAGE_TYPE_WARNING:1,
		MESSAGE_TYPE_ERROR:2,
		/**
		 * Check whether the WebDAV connection works.
		 *

This file has been truncated. show original

You can submit bug reports and even a pull request (suggested fix) directly there.

swindhab · December 6, 2021, 12:56pm

The file is the right one, maybe you made a syntax mistake? If you show us what you did we can say more about it (but please erase personal data and passwords).

rollanders · December 6, 2021, 3:43pm

Sorry. I missed to add the trailing “,”
added ‘default_phone_region’ =>‘SE’,
Now it works
Roland