As Workaround you can modify the *.conf file of your nginx server for serving your nextcloud files by setting
add_header X-Robots-Tag “none” always;
to
add_header X-Robots-Tag “noindex, nofollow” always;
after recheck (integrity:check-core) the error is not shown.
by the way the setting
add_header X-Robots-Tag “noindex, nofollow, nosnippet, noarchive” always;
gives the same error → NC 26.x seems to unlike the nosnippet, noarchive options …
Because “none” is indeed equivalent to “noindex, nofollow” for Google, but seems to be not supported by Bing and probably other search engines.
Look here: https://github.com/nextcloud/server/pull/36689
Since Nextcloud 26, the shiped .htaccess file is changed in some lines:
old:
Header always set X-Robots-Tag "none"
new:
Header always set X-Robots-Tag "noindex, nofollow"
old:
# Add cache control for static resources
<FilesMatch "\.(css|js|svg|gif|png|jpg|ico|wasm|tflite)$">
Header set Cache-Control "max-age=15778463"
</FilesMatch>
<FilesMatch "\.(css|js|svg|gif|png|jpg|ico|wasm|tflite)(\?v=.*)?$">
Header set Cache-Control "max-age=15778463, immutable"
</FilesMatch>
new:
# Add cache control for static resources
<FilesMatch "\.(css|js|svg|gif|png|jpg|ico|wasm|tflite)$">
<If "%{QUERY_STRING} =~ /(^|&)v=/">
Header set Cache-Control "max-age=15778463, immutable"
</If>
<Else>
Header set Cache-Control "max-age=15778463"
</Else>
</FilesMatch>
For people who disabled .htaccess parsing (with AllowOverride None) for performance reasons or nginx users must change their webserver conf files accordingly. I know how to do it for apache2 but have no clue how to translate this to nginx. I would say, that your “Workaround” is more than that, it looks like the solution.
On Nginx, if I change the line add_header X-Robots tag "none" always;
to add_header X-Robots tag "noindex nofollow" always;
, the next restart of Nginx fails with the following message:
nginx: [emerg] invalid number of arguments in "add_header" directive in /etc/nginx/conf.d/nextcloud.conf:36
Thanks for the quick reply, but unfortunately the error still occurs. When I enter “noindex,nofollow” the warning does not disappear, so everything is the same and when I enter “noindex, nofollow” (i.e. a space after the comma) the same error appears as above.
Just follow the admin manual that is linked above.
Now to the warning in nextcloud → please clear the cache of your browser and try again.
Alternative is to use the occ command to check integrity again and after that use the browser twice.
Another trap for all who use a reverse proxy in front of nextcloud
If you contact your WebUI of the nextcloud server direct from inner LAN / DOMAIN you may bypass all reverse proxy settings so as the headers.
Be sure that your backend nginx settings (the nginx on the same server than the nextcloud files) serve the same headers as well → or check your nextcloud WebUI from really “outside” by using another device (mobile device only using mobile data e.g.).
root@nextcloud-jail:/usr/local/etc/nginx/conf.d # service nginx start
Performing sanity check on nginx configuration:
nginx: [emerg] invalid number of arguments in "add_header" directive in /usr/local/etc/nginx/conf.d/nextcloud.inc:23
nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed
Starting nginx.
nginx: [emerg] invalid number of arguments in "add_header" directive in /usr/local/etc/nginx/conf.d/nextcloud.inc:23
/usr/local/etc/rc.d/nginx: WARNING: failed to start nginx
If i change to add_header X-Robots-Tag “noindex,nofollow” always;
I get this on the webUI The "X-Robots-Tag" HTTP header is not set to "noindex, nofollow". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
I tried occ integrity:check-core root@nextcloud-jail:/usr/local/etc/nginx/conf.d # occ -vv integrity:check-core No errors found
I have cleared the browser cache many times.
I have read all the links on this page but i am still in the dark?
What is the nextcloud.inc line supposed to be?
“noindex,nofollow” “noindex, nofollow” or “noindex nofollow”
the difference are the double quotes: " "
do you see the difference? You are using curly quotes “ ”.
The Unicode code point for the double quotation mark " is U+0022 and the Unicode code point for the left and right double quotation marks “ ” are U+201C and U+201D, respectively.
Double quotes " are the standard ASCII characters used to enclose strings and indicate literal values. They are typically used in programming languages, configuration files, and other technical contexts where exact syntax and punctuation are important.
Curly quotes “ ”, on the other hand, are a typographic convention used in many written languages but not suitable for nginx configuration files.
Yes, you are correct and it’s all working now. I’m so grateful thank you, I would have never noticed.
It’s a bit odd as I copied the text directly from one of the posts above on this thread (so as not to make a silly spelling mistake or something). Well, that didn’t work ^^
I just need to get the SSL security cert sorted so people dont need to create an exception when they come to my server via the web, but i thought i’d see if i could get this far first. It looks complicated for me
I have tried everything so far, but nextcloud just keeps complaining:
The "X-Robots-Tag" HTTP header is not set to "noindex, nofollow". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
I am using docker installation, and separate docker for Nginx-proxy-manager. I have tried everything I found so far, without luck. My current config is:
Within nextcloud docker, /nextcloud/nginx/site-confs/default.conf has
Integrity check in nextcloud cli returns no issues.
// edit
This was unexpected. I found another site where someone advised that he had it configured inside nextcloud docker and npm docker also. Removing it from npm worked and now it passes checks just fine. Does not make much sense to me, but as long as it is good, I am happy
Thanks @mmjoy .
I am using the docker images Swag and Nextcloud from linuxserver.io and had added the robots tag manually in my nextcloud.conf file but removing that got rid of the warning for me.
It is likely already present in the nextcloud image and it seems you get the same warning for having it twice.
I had a hunch it was something like this because https://headers.4tools.net showed the robot tag twice.