I have just installed nextcloud on a raspberry pi. In the admin setting page there is a message:
“You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our security tips.”
Unfortunately at the provided link the information is not specific enough for me to fix the issue. How exactly should I correct this? I’m using apache as my web server, with all default settings. I’m very inexperienced with web admin.
I was able to do this by easily by accessing the pi via SSH and installing Lets Encrypt SSL. See Enabling HTTPS (SSL, TLS)
Thanks nuxnix, does this also modify the right settings in apache and so on? This is the part that isn’t 100% clear.
It must have done. I have a pretty green padlock, and a valid certificate over HTTPS. I don’t know ihow it keeps the cert updated though.
If you dont want to redirect 80 to 443, you can block 80 in your firewall. So you and your users are forced to use https.
But first… install a certificate (Let’s encrypt works perfectly with the most ddns providers)
Yes, it usually does change the webserver configuration to forward to ssl automatically. You can do it yourself as well.