Exactly how to force HTTPS?

crobarcro · July 25, 2017, 1:01pm

Hello,

I have just installed nextcloud on a raspberry pi. In the admin setting page there is a message:

“You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our security tips.”

Unfortunately at the provided link the information is not specific enough for me to fix the issue. How exactly should I correct this? I’m using apache as my web server, with all default settings. I’m very inexperienced with web admin.

Thanks!

nuxnix · July 25, 2017, 3:17pm

I was able to do this by easily by accessing the pi via SSH and installing Lets Encrypt SSL. See Enabling HTTPS (SSL, TLS)

crobarcro · August 4, 2017, 8:22am

Thanks nuxnix, does this also modify the right settings in apache and so on? This is the part that isn’t 100% clear.

nuxnix · August 4, 2017, 8:39am

It must have done. I have a pretty green padlock, and a valid certificate over HTTPS. I don’t know ihow it keeps the cert updated though.

clouduser · August 7, 2017, 8:09am

If you dont want to redirect 80 to 443, you can block 80 in your firewall. So you and your users are forced to use https.

But first… install a certificate (Let’s encrypt works perfectly with the most ddns providers)

tflidd · June 6, 2020, 10:36am

Yes, it usually does change the webserver configuration to forward to ssl automatically. You can do it yourself as well.