Enforce https via .htaccess, file integrity check error

While using ownCloud, I added

RewriteCond %{HTTPS} !=on RewriteCond %{ENV:HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

to the .htaccess-file. Copying this .htaccess to the new Nextcloud-installation leads of course to integrity check errors.

Is there another way of enforcing my Nextcloud only to be reachable via https which does not have these problems?

You could put the redirect in your httpd.conf file instead of .htaccess.

I have

Redirect permanent / https://my.domain/

in a vhost, seems to work for me.

1 Like

Thanks for the suggestions. As my Nextcloud is on a shared hosting platform, I cannot edit httpd.conf or vhost.

I think it would be good to have the enforcement of https implemented directly within Nextcloud or an option of Nextcloud that edits the .htaccess file and thereby keeps the integrity check valid.

2 Likes

@LukasReschke any advice?

That sounds like a good idea! Good point! I filed an enhancement request at https://github.com/nextcloud/server/issues/132

2 Likes

Is there any news relating to enforcing https via config file or GUI on a Nextcloud 11.X installation?
Reading the comments on https://github.com/nextcloud/server/issues/132 tell me that seems to be a heavy lift.

Is there a best practice for Apache 2.4 and htaccess when you cannot change apache config itself?

Thanks in advance. Still getting used to the forum. The tag and search concept is still a bit overwhelming for me. Sorry, if I overlooked a fresher thread about this topic.

Hi all,

I am also interested in getting feedback on this topic. Currently I run the same settings as @ambux does. It is working fine but a security warning is popping up in the administrator menu.

Thanks in advance.

So you added this to the htaccess of nextcloud:

I’m not using Nextcloud for a very long time (no OwnCloud usage). Isn’t the shipped htaccess file overwritten by updates from time to time?

I added the following code to the .htaccess file

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

The setting runs smoothly and the .htaccess file has not beeing updated since I changed it.

If u want and update save .htaccess. Dont put the .htaccess to /cloud/nextcloud. Put the file in /cloud with code posted above

Related: I found out the hard way that having:
Redirect permanent / https://my.domain
before document root in your apache2.conf file causes it to not redirect, which messes up a whole slew of things, like logout.

Make sure that Redirect comes before other lines in virtual host entries, and that you do not add the server alias.