Setup warnings on new installation

I got my Nextcloud set up, in my admin settings, under overview, I saw this message, image attached, what do I do?

Your screenshot shows several basic setup issues. That’s not unusual for a fresh install, but without proper info, it’s impossible to give you any real help.

First things first:

  • Are you accessing your Nextcloud via local IP (like http://192.168.x.x)?
  • Or are you using a public domain going through a reverse proxy (NGINX, Apache, NGINX Proxy Manager, etc.)?

Most of the warnings you’re seeing — trusted_proxies, missing HTTPS, HSTS headers — all depend on that.
If you’re just testing on your LAN with HTTP, then some of those warnings are expected.
But if it’s exposed to the internet like that, your setup is simply broken and insecure.

And the thing is — you didn’t mention any of that.

If you actually want useful help, then provide:

  • How you installed Nextcloud (Docker, Snap, AIO, manual)?
  • Are you using a reverse proxy? If yes, which one?
  • Do you have HTTPS set up or just plain HTTP?
  • Can you access the terminal and run occ commands?

Because right now, this is just another one of those:
“Something’s not working but I’m not gonna tell you what I did.”
That helps no one — not even you.

1 Like

I installed nextcloud using dockers through EasyPanel.

reverse proxy? what is this?

It is HTTPS I believe
I rather not work with a terminal, this is why I choose EasyPanel but yes I think there is an option to use a terminal

You’re using a third-party tool (EasyPanel) that hides key parts of the system. You don’t know if you’re using a reverse proxy, can’t confirm HTTPS, and prefer not to touch the terminal — all of which are essential for running Nextcloud properly.

This kind of setup isn’t within the scope of what this forum is focused on.
The community here deals with standard, transparent installations that are properly documented and under user control.

For support, contact the developers or support team behind EasyPanel.
They’re the ones who designed the environment you’re using and are responsible for how it behaves.

7 posts were split to a new topic: Discussion about AI-generated conext

Each message has a link to appropriate sections of the Admin Manual. Beyond that we can’t be helpful unless you fill out the support template.

After I filled out the support template, where can I post it?

edit you initial post and add all details

The Basics

  • Nextcloud Server version (e.g., 29.x.x): Nextcloud Hub 10 (31.0.0)
  • Operating system and version (e.g., Ubuntu 24.04): EasyPanel

Built on Ubuntu 24.04

  • Web server and version (e.g, Apache 2.4.25):
  • Reverse proxy and version _(e.g. nginx 1.27.2): Possibly LiteSpeed
  • PHP version (e.g, 8.3):

PHP Version 8.2.28

  • Is this the first time you’ve seen this error? (Yes / No): Yes, upon installing
  • When did this problem seem to first start? On log in and checking the admin settings
  • Installation method (e.g. AIO, NCP, Bare Metal/Archive, etc.) - Dockers
  • Are you using Cloudflare, mod_security, or similar? (Yes / No) using Hostinger

Summary of the issue you are facing:

Security & setup warnings

It’s important for the security and performance of your instance that everything is configured correctly. To help you with that we are doing some automatic checks. Please see the linked documentation for more information.

There are some errors regarding your setup.

  • The reverse proxy header configuration is incorrect. This is a security issue and can allow an attacker to spoof their IP address as visible to the Nextcloud. For more details see the documentation :up_right_arrow:.

  • Accessing site insecurely via HTTP. You are strongly advised to set up your server to require HTTPS instead. Without it some important web functionality like “copy to clipboard” or “service workers” will not work! For more details see the documentation :up_right_arrow:.

  • No High-performance backend configured - Running Nextcloud Talk without the High-performance backend only scales for very small calls (max. 2-3 participants). Please set up the High-performance backend to ensure calls with multiple participants work seamlessly. For more details see the documentation :up_right_arrow:.

  • Server has no maintenance window start time configured. This means resource intensive daily background jobs will also be executed during your main usage time. We recommend to set it to a time of low usage, so users are less impacted by the load caused from these heavy tasks. For more details see the documentation :up_right_arrow:.

  • One or more mimetype migrations are available. Occasionally new mimetypes are added to better handle certain file types. Migrating the mimetypes take a long time on larger instances so this is not done automatically during upgrades. Use the command occ maintenance:repair --include-expensive to perform the migrations.

  • Some headers are not set correctly on your instance - The Strict-Transport-Security HTTP header is not set (should be at least 15552000 seconds). For enhanced security, it is recommended to enable HSTS. For more details see the documentation :up_right_arrow:.

  • Detected some missing optional indices. Occasionally new indices are added (by Nextcloud or installed applications) to improve database performance. Adding indices can sometimes take awhile and temporarily hurt performance so this is not done automatically during upgrades. Once the indices are added, queries to those tables should be faster. Use the command occ db:add-missing-indices to add them. Missing indices: “mail_messages_strucanalyz_idx” in table “mail_messages”, “mail_acc_prov_idx” in table “mail_accounts”, “mail_alias_accid_idx” in table “mail_aliases”, “fs_storage_path_prefix” in table “filecache”, “mail_messages_mb_id_uid_uidx” in table “mail_messages”, “mail_smime_certs_uid_email_idx” in table “mail_smime_certificates”, “mail_trusted_senders_idx” in table “mail_trusted_senders”, “mail_coll_idx” in table “mail_coll_addresses”. For more details see the documentation :up_right_arrow:.

  • The PHP OPcache module is not properly configured. The OPcache buffer is nearly full. To assure that all scripts can be hold in cache, it is recommended to apply “opcache.memory_consumption” to your PHP configuration with a value higher than “128”.. For more details see the documentation :up_right_arrow:.

  • 11 warnings in the logs since May 7, 2025, 12:55:55 PM

  • The database is used for transactional file locking. To enhance performance, please configure memcache, if available. For more details see the documentation :up_right_arrow:.

  • Your installation has no default phone region set. This is required to validate phone numbers in the profile settings without a country code. To allow numbers without a country code, please add “default_phone_region” with the respective ISO 3166-1 code of the region to your config file. For more details see the documentation :up_right_arrow:.

  • You have not set or verified your email server configuration, yet. Please head over to the “Basic settings” in order to set them. Afterwards, use the “Send email” button below the form to verify your settings. For more details see the documentation :up_right_arrow:.

Please double check the installation guides :up_right_arrow:, and check for any errors or warnings in the log.

Steps to replicate it (hint: details matter!):

Log entries

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

PASTE HERE

Web Browser

If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.

PASTE

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/____:

PASTE HERE

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

PASTE HERE

Apps

The output of occ app:list (if possible).

After doing the security scan

Rating

A

Running Nextcloud 31.0.0.18

NOT on latest patch level

Major version still supported

Scanned at 2025-05-12 02:24:04 trigger re-scan

Vulnerabilities

Learn more about our security efforts.

No known vulnerabilities.

Hardenings

A security hardening is a feature which protects software from attacks even if it is affected by a certain vulnerability. For an overview of security hardening capabilities we’ve developed, see our website.

Below is a list of hardening features your server has enabled.

Bruteforce protection

CSPv3

Same-Site-Cookies

Password confirmation

Checks passwords against HaveIBeenPwned database

__Host-Prefix

App passwords can be restricted

Setup

Besides features of the private cloud software itself, one can configure their Apache or NGINX server more or less securely. Please note that many security settings available cannot be checked from the outside! We strongly recommend you read our Security Hardening Guide and follow the instructions there.

Here are the results of a number of checks against your server.

Headers

X-Frame-Options

X-Content-Type-Options

X-XSS-Protection

X-Download-Options

X-Permitted-Cross-Domain-Policies

Our recommendation

We strongly recommend to keep a private cloud server constantly updated. Servers not running the latest security update in a supported release series are often vulnerable. You can find new versions here for Nextcloud and here for ownCloud. Nextcloud strives to make upgrading a safe, easy and painless procedure. As a result of these efforts, for users running PHP 7.x and a current version of Nextcloud, there is no need to re-enable apps upon upgrade and users get notified of new versions of apps as well. More improvements are coming! You can learn why and how to upgrade to the latest version of Nextcloud in our earlier blog.

We further recommend to read our Security Hardening Guide and follow the instructions there.

and what is your problem?

2 Likes

Is the error message just due to not being updated to the latest version - which is version 31.0.4 ?

this one? yes

if you’d take a moment to read the warning message, it would be clear that there is a directory missing in your Nextcloud files directory.

grafik

so just add a directory Notes and behold the warning will disappear.

or configure a valid notes path:

First, set up https encryption. Then enable HSTS.

Those are IMHO the most important things you need to focus on now.