diff --git a/management/hooks.py b/management/hooks.py
index 1413c1b9..bc286ff7 100644
--- a/management/hooks.py
+++ b/management/hooks.py
@@ -72,17 +72,20 @@ def exec_hooks(hook_name, data):
 	cur_handlers = handlers
 	cur_mods_env = mods_env
 	mutex.release()
+
+	handled_count = 0
 	
 	for handler in cur_handlers:
 		if handler['type'] == 'py':
 			# load the python code and run the `do_hook` function
-			log.debug('calling %s hook handler: %s' % (hook_name, handler['path']))
 			module = importlib.import_module(handler['path'])
 			do_hook = getattr(module, "do_hook")
-			do_hook(hook_name, data, cur_mods_env)
+			r = do_hook(hook_name, data, cur_mods_env)
+			log.debug('hook handler %s(%s) returned: %s', handler['path'], hook_name, r)
+			if r: handled_count = handled_count + 1
 
 		else:
 			log.error('Unknown hook handler type in %s: %s', handler['path'], handler['type'])
 
-	return len(cur_handlers)
+	return handled_count > 0
 
diff --git a/management/web_update.py b/management/web_update.py
index 8876693d..f29b1f90 100644
--- a/management/web_update.py
+++ b/management/web_update.py
@@ -116,9 +116,12 @@ def do_web_update(env):
 			nginx_conf += make_domain_config(domain, [template0, template3], ssl_certificates, env)
 
 	# execute hooks
-	hook_data = {'nginx_conf': nginx_conf}
-	hooks.exec_hooks('web_update', hook_data)
-	nginx_conf = hook_data['nginx_conf']
+	hook_data = {
+		'op':'pre-save',
+		'nginx_conf':nginx_conf
+	}
+	if hooks.exec_hooks('web_update', hook_data):
+		nginx_conf = hook_data['nginx_conf']
 
 	# Did the file change? If not, don't bother writing & restarting nginx.
 	nginx_conf_fn = "/etc/nginx/conf.d/local.conf"
diff --git a/setup/mods.available/hooks/remote-nextcloud-mgmt-hooks.py b/setup/mods.available/hooks/remote-nextcloud-mgmt-hooks.py
index 6ac56dac..d2965229 100644
--- a/setup/mods.available/hooks/remote-nextcloud-mgmt-hooks.py
+++ b/setup/mods.available/hooks/remote-nextcloud-mgmt-hooks.py
@@ -20,7 +20,11 @@ log = logging.getLogger(__name__)
 def do_hook(hook_name, hook_data, mods_env):
     if hook_name != 'web_update':
         # we only care about hooking web_update
-        log.debug('hook - ignoring %s' % hook_name)
+        log.debug('hook - ignoring hook %s', hook_name)
+        return False
+    
+    if hook_data['op'] != 'pre-save':
+        log.debug('hook - ignoring hook op %s:%s', hook_name, hook_data['op'])
         return False
 
     if 'NC_HOST' not in mods_env or mods_env['NC_HOST'].strip() == '':
@@ -29,6 +33,7 @@ def do_hook(hook_name, hook_data, mods_env):
         return False
     
     # get the remote nextcloud url and ensure no tailing /
+    
     nc_url = "%s://%s:%s%s" % (
         mods_env['NC_PROTO'],
         mods_env['NC_HOST'],
@@ -36,28 +41,55 @@ def do_hook(hook_name, hook_data, mods_env):
         mods_env['NC_PREFIX'][0:-1] if mods_env['NC_PREFIX'].endswith('/') else mods_env['NC_PREFIX']
     )
 
-    #
-    # modify nginx_conf
-    #
-    def do_replace(find_str, replace_with):
-        if hook_data['nginx_conf'].find(find_str) == -1:
-            log.warning('remote-nextcloud hook: string "%s" not found in proposed nginx_conf' % (find_str))
-            return False
-        hook_data['nginx_conf'] = hook_data['nginx_conf'].replace(
-            find_str,
-            replace_with
-        )
-        return True
-            
-    # 1. change the .well-known/(caldav|carddav) redirects
-    do_replace(
-        '/cloud/remote.php/dav/',
-        '%s/remote.php/dav/' % nc_url
-    )
-    
-    # 2. redirect /cloud to the remote nextcloud
-    do_replace(
-        'rewrite ^/cloud/$ /cloud/index.php;',
-        'rewrite ^/cloud/(.*)$ %s/$1 redirect;' % nc_url
-    )
 
+    # find start and end of Nextcloud configuration section
+    
+    str = hook_data['nginx_conf']
+    start = str.find('# Nextcloud configuration.')
+    if start==-1:
+        log.error("no Nextcloud configuration found in nginx conf")
+        return False
+    
+    end = str.find('\n\t# ', start) # this should match comment "# ssl files sha1:...", which is dynamically added by web_update.py:make_domain_config()
+    if end==0:
+        log.error("couldn't determine end of Nextcloud configuration")
+        return False
+    
+    if str[end+4:end+4+9] != 'ssl files':
+        log.error("expected end replacement block comment to start with 'ssl files', but got '%s'", str[end+4:end+4+9])
+        return False
+
+    # ensure we're not eliminating lines that are not nextcloud
+    # related in the event that the conf/nginx-* templates change
+    #
+    # check that every main directive in the proposed section
+    # (excluding block directives) should contains the text "cloud",
+    # "carddav", or "caldav"
+    
+    for line in str[start:end].split('\n'):
+        if line.startswith("\t\t"): continue
+        line_stripped = line.strip()
+        if line_stripped == "" or \
+           line_stripped.startswith("#") or \
+           line_stripped.startswith("}"):
+            continue
+        if line_stripped.find('cloud')==-1 and \
+           line_stripped.find('carddav')==-1 and \
+           line_stripped.find('caldav')==-1:
+            log.error("nextcloud replacement block directive did not contain 'cloud', 'carddav' or 'caldav'. line=%s", line_stripped)
+            return False
+
+    
+    # ok, do the replacement
+    
+    template = """# Nextcloud configuration.
+	rewrite ^/cloud$ /cloud/ redirect;
+	rewrite ^/cloud/(contacts|calendar|files)$ {nc_url}/index.php/apps/$1/ redirect;
+	rewrite ^/cloud/(.*)$ {nc_url}/$1 redirect;
+	
+	rewrite ^/.well-known/carddav {nc_url}/remote.php/dav/ redirect;
+	rewrite ^/.well-known/caldav {nc_url}/remote.php/dav/ redirect;
+"""
+
+    hook_data['nginx_conf'] = str[0:start] + template.format(nc_url=nc_url) + str[end:]
+    return True