Add NGINX's internal IP address to /etc/hosts:
192.168.2.102 onlyoffice.metropolis.nexus
- Disable Activity
- Disable AppAPI
- Disable Auditing/Logging
- Disable Brute-force settings
- Disable Collaborative tags
- Disable Comments
- Disable Contacts interation
- Disable Dashboard
- Disable Default encryption module
- Disable External storage support
- Disable Federation
- Disable File reminders
- Disable Files download limit
- Disable First run wizard
- Disable LDAP user and group backend
- Disable Log Reader (since there are so many ridiculous errors that are not really errors)
- Disable Monitoring
- Disable Nextcloud annoucnements
- Disable Nextcloud webhook support
- Disable Password policy
- Disable Privacy
- Disable Recommendations
- Disable Related resources
- Disable Support
- Disable Suspicious login
- Disable Usage survey
- Disable User status
- Disable Weather status
- Disable Two-Factor Authentication via Nextcloud notification (Does nothing since Nextcloud cannot do 2FA with OIDC)
- Disable Two-Factor TOTP Provider (Does nothing since Nextcloud cannot do 2FA with OIDC)
- OpenID Connect user backend
- Contacts
- OnlyOffice
- Resolve issues shown in overview, skip the complaint about
X-Frame-OptionsandX-XSS-Protection.
- Background jobs -> Cron
- Profile -> Disable profile by default for new accounts
- Files compatibility -> Enforce Windows compatibility
- Turn off all federation features
- Name -> Metropolis Nextcloud
- Web link -> https://metropolis.nexus
- Slogan -> More secure than Murena Workspace!
- Global default app -> Files
- The default application for opening the format -> Remove pdf (Too laggy compared to the built in PDF viewer)
- Check "Keep intermediate versions when editing (forcesave)"
- Check "Enable live-viewing mode when accessing file by public link"
- Uncheck "Display Chat menu option"
- Uncheck "Display Feedback & Support menu button"
- Uncheck "Enable plugins"
- Uncheck "Run document macros"
- Enable document protection for -> All users
- Setup property mappings in Authentik
- Connect to Authentik through Nextcloud
- Do not use the email scope or map emails - User's can see each other's email through the contacts app otherwise
- Add the
offline_accessscope - Authentik will not issue refresh tokens otherwise - Use user_id and group provisioning
Add the following:
'user_oidc' => [
'enrich_login_id_token_with_userinfo' => true,
],
docker exec nextcloud ./occ config:app:set --value=0 user_oidc allow_multiple_user_backends- OIDC token invalidation currently does not work, see this issue.