Force SSL on Nginx Proxy Manager

beppi · July 30, 2023, 7:15am

Nextcloud version: 27 (AIO 6.4.0)
OS: Ubuntu Server 22.04
PHP version: 8.1 (I think)

Hey guys,
I have nextcloud working, however when It comes to the NPM settings, when setting Force SSL on, as recommended in the NPM guide on the AIO github, Firefox gives a “The page isn’t redirecting properly” error. When this setting is off however, all is fine. I can try and access the page via http, but it looks like I’m immediately connected to https. I’d really like to have Force SSL on as it’s recommended, but am i misunderstanding what it does? It looks like SSL is forced anyway

Thanks guys

beppi · December 5, 2023, 10:04am

Bump, also I’m getting a notice in Security & Setup warnings:

The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips .

Anyone have any ideas? Nothing bad has happened so far but I don’t like the yellow colour in the settings page

szaimen · December 5, 2023, 10:06am

Are you using Cloudflare

beppi · December 12, 2023, 10:18am

Yes! Sorry, I didn’t see the email notification from this

szaimen · December 12, 2023, 10:35am

Then see point 10 here: https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel

beppi · December 12, 2023, 10:55am

I have HSTS active in Cloudflare dashboard already,

When you say manually, I’m assuming you just mean this?

szaimen · December 12, 2023, 10:55am

You need to set a max ag iirc…

beppi · December 12, 2023, 10:56am

Oops, you saw it before I deleted… How embarassing hahahaha

beppi · December 12, 2023, 10:58am

I undeleted it so people can see if they need. If I set HSTS and force SSL within Nginx Proxy Manager now I still get the same issues, but if I leave them off then I no longer get that security issue. Is it okay to have force SSL and HSTS turned off in NPM?