I have Nginx install on the server… not in a docker container of its own. ANd I use it as a reverse proxy to the docker containers. I have Nextcloud installed and working, but I get the warnings in the admin section about the headers not being set:
The “X-XSS-Protection” HTTP header is not configured to equal to “1; mode=block”. This is a potential security or privacy risk and we recommend adjusting this setting.
The “X-Content-Type-Options” HTTP header is not configured to equal to “nosniff”. This is a potential security or privacy risk and we recommend adjusting this setting.
The “X-Robots-Tag” HTTP header is not configured to equal to “none”. This is a potential security or privacy risk and we recommend adjusting this setting.
The “X-Frame-Options” HTTP header is not configured to equal to “SAMEORIGIN”. This is a potential security or privacy risk and we recommend adjusting this setting.
The “X-Download-Options” HTTP header is not configured to equal to “noopen”. This is a potential security or privacy risk and we recommend adjusting this setting.
The “X-Permitted-Cross-Domain-Policies” HTTP header is not configured to equal to “none”. This is a potential security or privacy risk and we recommend adjusting this setting.
I have tried setting the headers in the server block on the Nginx configuration, which did not resolve the issue. I then tried adding them in the location block where the proxy_pass directive is located which also did not resolve the issue.
I can’t seem to find a guide or thread that discusses this scenario for having Nginx outside of nextcloud, but not in a docker container of its own. I use letsencrypt outside of docker as well… so all SSL is handled by Nginx in case that matters.
Any help or guidance is appreciated.
