diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md
new file mode 100644
index 000000000..acb294e04
--- /dev/null
+++ b/roles/nextcloud/README.md
@@ -0,0 +1,14 @@
+# Nextcloud
+
+This Ansible playbook was derived from an earlier ownCloud playbook thanks to [Josh Dennis](https://github.com/floydianslips) in 2016/2017.
+
+Login to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using:
+
+ Username: Admin
+ Password: changeme
+
+Going forward, should Internet-in-a-Box consider integrating optimizations (or more!) from these below?
+
+- https://github.com/nextcloud/nextcloudpi
+- https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/
+- https://ownyourbits.com/nextcloudpi/
diff --git a/roles/nextcloud/templates/nextcloud.conf.j2 b/roles/nextcloud/templates/nextcloud.conf.j2
index 615bebdfc..a0ae9ae0a 100644
--- a/roles/nextcloud/templates/nextcloud.conf.j2
+++ b/roles/nextcloud/templates/nextcloud.conf.j2
@@ -6,8 +6,14 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud
# Apache 2.4
+ # http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html
Require host localhost
- Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0
+ # PERMIT ACCESS FROM ALL IPv4 ADDRESSES:
+ Require all granted
+ # WANT BASIC SECURITY BASED ON IPv4 ADDRESSES? THEN USE THIS LINE INSTEAD:
+ #Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168 10
+ # AVOID THIS LINE WHICH CAUSES PROBLEMS IN SCHOOLS WITH 192.168.1.x etc:
+ #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0
# Apache 2.2