I get the following security warning: "The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ".
Even there is a written security tip, I did not manage to enable HSTS on my NC22 instance so far.
May someone post his experience here, please, how he managed to enable HSTS
Which file(s) have been affected?
Which code exactely has been written?
The mentioned warning has nothing to do with Nextcloud itself but the configuration of your web server.
Unfortunately you haven’t provided any valuable information about your environment, the used web server, software version, how you’ve tried to enable HSTS, etc., etc., so that it isn’t possible to give you any advise except to ask aunt G. for help on how to configure your web server.
Dear henry:
My context is this:
Operating System: Linux 5.11.0-25-generic x86_64
CPU: Intel(R) Core™ i3-8109U CPU @ 3.00GHz (4 cores)
Memory: 15.50 GB
PHP: 8.0.9
Database: mysql 10.3.30
Server version: Apache/2.4.41 (Ubuntu)
Server built: 2021-07-05T07:16:56
Yes, I restarted the apache web server by saying with root rights:
service apache2 restart
endit your /etc/apache2/sites-enabled-le-ssl.conf file aand add the following code under the <Virtualhost *:443> header just after the Servername should be fine:
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; >
</IfModule>
Save the file. Restart apache2 using the following or your system’s equivalent:
Thank you all tree (@j-ed, @anon71540698 and @wizlon) for having guided me - a NC beginner - towards a solution within one day!
My problem was that I added the documented code for HSTS to another than the correct Apache VirtualHost file.
Now the security warning: "The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips " has disapperad.
Thank you so much!
