I forgot before: You can also login to the admin interface and looking at the settings page. It'll give you a list of performance and security optimizations with links to instructions on how to make the changes.
Yeah that's where this all started. It only states that I need to...
Modify/enable the HSTS header to at least 15552000 seconds
PHP OPcache not properly configured and to make changes to the php.ini.
From that though, I got to the hardening and security guide and started to go even deeper down the rabbit hole.
I know you're doing this to learn, so this probably isn't needed at the moment. @scottalanmiller's guide to installing NextCloud with Salt has all the settings correct already according to that settings page.
Ya, so there must have been a change at some point. Setting the zone to drop and then adding services allows those services through. Firewalld site shows what your book says is correct and what (I'm 99% sure) I saw when I initially started with the SCAP stuff last year:
Some good points. I like the one that stated keep it lean and keep it mean.
I've not gone over my Linux install as much as my Windows boxes,.. and not done nearly enough on Windows, but I generally attempt to shut down anything I am able to that isn't needed on Windows. It's not a good way to judge things, but when I see a system running 100 or more processes, I wonder what is going on.