diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md
new file mode 100644
index 000000000..acb294e04
--- /dev/null
+++ b/roles/nextcloud/README.md
@@ -0,0 +1,14 @@
+# Nextcloud
+
+This Ansible playbook was derived from an earlier ownCloud playbook thanks to [Josh Dennis](https://github.com/floydianslips) in 2016/2017.
+
+Login to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using:
+
+    Username: Admin
+    Password: changeme
+
+Going forward, should Internet-in-a-Box consider integrating optimizations (or more!) from these below?
+
+- https://github.com/nextcloud/nextcloudpi
+- https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/
+- https://ownyourbits.com/nextcloudpi/
diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml
index 11fd0371c..4ee862f2b 100644
--- a/roles/nextcloud/defaults/main.yml
+++ b/roles/nextcloud/defaults/main.yml
@@ -29,4 +29,5 @@ nextcloud_user_password: nextcloudmysql
 nextcloud_admin_user: 'Admin'
 nextcloud_admin_password: 'changeme'
 
+# 2019-09-04: UNUSED (due to changes in roles/nextcloud/templates/nextcloud.conf.j2)
 nextcloud_required_ip: 10.0.0.0/8 192.168.0.0/16
diff --git a/roles/nextcloud/tasks/enable_or_disable.yml b/roles/nextcloud/tasks/enable_or_disable.yml
index ab8df116b..bd829222d 100644
--- a/roles/nextcloud/tasks/enable_or_disable.yml
+++ b/roles/nextcloud/tasks/enable_or_disable.yml
@@ -1,4 +1,5 @@
 # This should go in computed_network.yml, but here for now
+# 2019-09-04: THE NEXT 4 LINES ARE UNUSED (due to changes in roles/nextcloud/templates/nextcloud.conf.j2)
 - name: Compute Nextcloud listen ip addr for nextcloud.conf
   set_fact:
     nextcloud_required_ip: "{{ ansible_default_ipv4.network }}/{{ ansible_default_ipv4.netmask }}"
@@ -99,6 +100,7 @@
 #  become_user: "{{ apache_user }}"
 #  when: nextcloud_enabled and returned_count == "0"
 
+# 2019-09-04: THE NEXT 5 LINES ARE INEFFECTIVE AND LIKELY USELESS
 - name: Remove overwrite.cli.url line (Rewrite URL) from /opt/nextcloud/config/config.php
   lineinfile:
     regexp: "overwrite.cli.url"
diff --git a/roles/nextcloud/templates/nextcloud.conf.j2 b/roles/nextcloud/templates/nextcloud.conf.j2
index 615bebdfc..a2bd40edc 100644
--- a/roles/nextcloud/templates/nextcloud.conf.j2
+++ b/roles/nextcloud/templates/nextcloud.conf.j2
@@ -6,8 +6,14 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud
 
     <IfModule mod_authz_core.c>
     # Apache 2.4
+    # http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html
     Require host localhost
-    Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0
+    # PERMIT ACCESS FROM ALL IPv4 ADDRESSES:
+    Require all granted
+    # WANT BASIC SECURITY BASED ON IPv4 ADDRESSES?  THEN USE THIS LINE INSTEAD:
+    #Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168 10
+    # AVOID THIS LINE WHICH CAUSES PROBLEMS IN SCHOOLS WITH 192.168.1.x etc:
+    #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0
     </IfModule>
     <IfModule !mod_authz_core.c>
     # Apache 2.2
