Nextcloud version: 14.0.4
Operating system and version: Ubuntu 18.04
Apache or nginx version: Apache 2.4.29
PHP version: 7.2
I have a server running on AWS, and I provide the SSL cert to the server through ACM. So, all traffic is directed to the server through port 80. In the security checks, the well-known fails even though they do in fact redirect to /remote.php/dav/. However, there is an error in the console due to the CSP settings. Because the site is physically served on https://sub.domain.com and because the system check being performed is requesting http://sub.domain.com, it fails. How can I ensure that Nextcloud performs this check on the https protocol?
Refused to connect to ‘http://sub.domain.com/remote.php/dav/’ because it violates the following Content Security Policy directive: “connect-src ‘self’”.
Another issue I’m having is that I was only able to get Redis to work with Unix Socket with a file permission of 777 on redis.sock. I followed this guide:
One last thing. I’m told the following (on Security and Setup Warnings) even though it is certainly set in the .htaccess file. I can also confirm that I do receive the correct header information from the site with a response of “no-referrer” for Referrer-Policy.
The PHP memory limit is below the recommended value of 512MB.
The “Referrer-Policy” HTTP header is not set to “no-referrer”, “no-referrer-when-downgrade”, “strict-origin”, “strict-origin-when-cross-origin” or “same-origin”