Added additional hints/info for the setup and security warnings page.

admin_manual/configuration_server/harden_server.rst

@@ -27,6 +27,8 @@ shares.
 Operating system
 ----------------
 
+.. _dev-urandom-label:
+
 Give PHP read accesss to ``/dev/urandom``
 *****************************************
 ownCloud uses a `RFC 4086 ("Randomness Requirements for Security")`_ compliant 
@@ -41,6 +43,9 @@ to ``/dev/urandom`` may make your random numbers predictable and may make your
 ownCloud instance insecure as attackers might predict password reset tokens or
 other sensitive data.
 
+.. note:: When having an ``open_basedir`` configured within your ``php.ini``
+   make sure to include the folder ``/dev``.
+
 Enable hardening modules such as SELinux
 ****************************************
 It is highly recommend to enable hardening modules such as SELinux where 
@@ -80,6 +85,8 @@ setting the ``enable_previews`` switch to ``false`` in ``config.php``. As an
 administrator you are also able to manage which preview providers are enabled by 
 modifying the ``enabledPreviewProviders`` option switch.
 
+.. _use-https-label:
+
 Use HTTPS
 ---------
 Using ownCloud without using an encrypted HTTPS connection might allow attackers 
@@ -103,6 +110,8 @@ achieved by a setting such as the following in the Apache VirtualHosts config:
      Redirect permanent / https://cloud.owncloud.com/
   </VirtualHost>
 
+.. _enable-hsts-label:
+
 Enable HTTP Strict Transport Security
 *************************************
 While redirecting all traffic to HTTPS is already a good start it will often not 

admin_manual/configuration_server/security_setup_warnings.rst

@@ -30,7 +30,7 @@ performance reasons we recommend to update to a newer *{Cache}* version" then
 you need to upgrade, or, if you're not using it, remove it.
 
 It is not required to use any caches, but caches improve server performance. See 
-:doc:`performance_tuning` for more information on installing and using caches.
+:ref:`caching` for more information on installing and using caches.
 
 You are accessing this site via HTTP
 ------------------------------------
@@ -42,15 +42,41 @@ server to support it, and then there are some settings in the **Security**
 section of your ownCloud Admin page to enable. The following manual pages 
 describe how to enable HTTPS on the Apache and Nginx Web servers.
 
+:ref:`enabling-ssl-label` (on Apache)
 
-`Enabling SSL (on Apache) 
-<https://doc.owncloud.org/server/8.1/admin_manual/installation/ 
-source_installation.html#enabling-ssl>`_
+:ref:`use-https-label`
 
-`Use HTTPS 
-<https://doc.owncloud.org/server/8.1/admin_manual/configuration_server/ 
-harden_server.html#use-https>`_
+:ref:`nginx_configuration_example`
 
-`Nginx 
-Configuration <https://doc.owncloud.org/server/8.1/admin_manual/installation/ 
-nginx_configuration.html>`_
+The test with getenv(\"PATH\") only returns an empty response
+-------------------------------------------------------------
+
+Some environments are not passing a valid PATH variable to ownCloud. The
+:ref:`using_php-fpm` are providing the information how to configure your environment.
+
+The "Strict-Transport-Security" HTTP header is not configured
+-------------------------------------------------------------
+
+"The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds.
+For enhanced security we recommend enabling HSTS as described in our security tips."
+
+The HSTS header needs to be configured within your webserver by following the
+:ref:`enable-hsts-label` documentation
+
+/dev/urandom is not readable by PHP
+-----------------------------------
+
+"/dev/urandom is not readable by PHP which is highly discouraged for security reasons.
+Further information can be found in our documentation."
+
+This message is another one which needs to be taken seriously. Please have a look
+at the :ref:`dev-urandom-label` documentation.
+
+Your web server is not yet set up properly to allow file synchronization
+------------------------------------------------------------------------
+
+"Your web server is not yet set up properly to allow file synchronization because
+the WebDAV interface seems to be broken."
+
+At the ownCloud community forums a larger `FAQ <https://forum.owncloud.org/viewtopic.php?f=17&t=7536>`_
+is maintained containing various informations and debugging hints.

admin_manual/installation/source_installation.rst

@@ -210,6 +210,8 @@ Additional Apache Configurations
           use SSL/TLS to encrypt all of your server traffic, and to protect 
           user's logins and data in transit.
 
+.. _enabling-ssl-label:
+
 Enabling SSL
 ------------