[/details]
Nextcloud 23.0.3
Debian 11
Apache 2.4.53
PHP 8.0.17
Hi everyone,
I have been struggling with this all morning and could not find anything that helped.
Despite having the headers set for HSTS, I still get an error to set it for at least 15552000s in the Nextcloud GUI.
First time I am having this issue, I am stuck… Thanks for your help.
Her is my nextcloud.conf file, everything else works fine:
<VirtualHost *:80>
ServerAdmin admin@domain.com
DocumentRoot /var/www/html/XXXX
ServerName XXXXX
ServerAlias XXXXXXX
Redirect permanent / XXXXXXXX
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/html/XXXXXXX/>
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*) index.php [PT,L]
</Directory>
RewriteCond %{SERVER_NAME} =XXXXXXX [OR]
RewriteCond %{SERVER_NAME} =XXXXXXX
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
SSLEngine on
<IfModule http2_module>
ProtocolsHonorOrder On
Protocols h2 h2c http/1.1
</IfModule>
ServerName XXXXXXX
<IfModule mod_headers.c>
Header always set Strict-Transport-Security: "max-age=31536000; includeSubDomains"
</IfModule>
ServerAdmin admin@domaine.com
DocumentRoot "/var/www/html/XXXXXXX/«
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/lXXXXXXX/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/XXXXXXX/privkey.pem
# Header always set Strict-Transport-Security “max-age=15552000; includeSubDomains”
</VirtualHost>
</IfModule>
# modern configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
SSLHonorCipherOrder off
SSLSessionTickets off
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"