How to enforce HTTPS 2

I’d like to reopen Friedbert’s thread regarding this topic. Just closing a thread because you don’t like the message isn’t the way to improve Nextcloud. I 100% agree with Friedbert and others in the thread did too.

There are many people who would like to run Nextcloud on a shared hosting provider. To insist that Nextcloud won’t be designed to allow that (or at least to make it difficult) is obviously limiting Nextcloud’s penetration in the marketplace . If that is the goal, then fine.

The ability to not overwrite configuration that is a fundemental security setup and requiring that its be manually redone after every update is asinine.

Hi @iamhives

It would be helpful to provide some context or better link to the thread you are referring to, if you want to start a discussion about it…

It was this thread in case somebody is wondering. And it was about adding the HSTS header to the .htaccess file, which seems to be overwritten during an upgrade of Nextcloud, not about HTTP/2 or HTTPS in general.

It’s not just updates. As silly as it is, that might be the easier problem the circumvent. Even though backing up and replacing the htacess file before updating is an annoyance, it’s at least relatively easy. But running update:htaccess in occ performs a full overwrite of the entire htaccess file as well. That is a bigger problem, IMO, because it complicates initial setup and it really complicates changes that may be needed or desired after the fact. How is one to predict that all changes that may need to involve running update:htaccess should be completed first, before one proceeds to make any necessary or desired manual updates to their htaccess?

It’s just plain sloppy work any which way you slice it. And it’s very bizarre that the Nextcloud devs seem to have a stubborn attitude as if they own our htacces files and those of implementing the software don’t have a right to choose our own server solutions and configurations.

While I can understand your points, I can also understand, that shared hosting is not the top priority of the Nextcloud devs. And let’s be honest, if you wouldn’t just book the cheapest 0.99€ plan at your hosting company, but maybe something for 5 Euros, you would probably have other options to manage your Apache configuration, instead of only the .htaccess file :wink:

Thank you for demonstrating what I, and likely others, have been suspecting: That the treatment of this issue is being fueled by an elitist and judgemental attitude rather than based on the facts.

You don’t know what my hosting plan is, or what it entails. But you’re quick to rush to assumptions based on your goal of trying to shame people. So, let me put your faulty assumptions to rest. While I may be using a shared hosting provider, I’m actually on their maxed out plan. I have multiple websites, and I certainly spend more than $5 a month on my hosting plan. I choose to stay on a shared hosting plan because the cost jump to a VPS is prohibitive for my needs. And while I might lack access to httpd.conf (any shared hosting will plan will be the same) it hasn’t stopped me from building my websites from scratch.

Now, if you’ve had your fill with patronizing people, perhaps you’d care to get back to the subject at hand. Or is that all you can contribute?

Sorry it was not my intention to be rude. I thought it was clear that my post was not meant to be dead serious.

Unfortunatly it is. Because I can’t change the fact that the Nextcloud devs decided to go this route. Also this has been publicly disussed on GitHub and also here in the forums many times and workarounds for all possible scenarios have been proposed in these threads. If you want to change something about it, GitHub would be the right place, but if the Nextcloud devs don’t want to implement it, you are left with workarounds or developing something yourself. The forum is community driven and we can’t offer you solutions that don’t exist or change the product design of Nextcloud.

1 Like

You’ve made it clear that you’re not to be taken seriously, if that’s what you mean.

Comming from the person, who complains about not having the right to use free and open source software the way he wants and about sloppy work here. How many applications with as many features as Nextcloud do you know that run from a Raspi to shared web hosting to large clusters for several 1000 users and are also completely free and open source?

100% agree with this post. I too have chosen to used a shared host because I’m just doing this for my family use, as an alternative to the devil Google or Dropbox but don’t want to administer my own server top to bottom. I too use the top end of my providers shared hosting plan.

I’ve put up with the minor inconveniences of Nextcloud upgrades but I think the suggestions are being made in the spirit of making Nextcloud better and more applicable to broader user bases - isn’t this the goal of Nextcloud, or no?

What I’m hearing is Nextcloud is not intended for the shared hosting approach. Seems very short sighted for all of the reasons discussed in this and other similar threads.

Anyway, enough. I feel that several of us are banging our heads against a brick wall.

I think it’s not a matter of short-sightness or not. So you can be sure that if it was easy to maintain NC would love doing it… (My personal opinion).

It’s technically just NOT that easy. Since every hoster has their own policies, technical standards, definitions for updates, some are too easygoing with securityissues, while others aren’t really interested in giving support to their paying customers… etc.
PLUS: Pls take into consideration that NC can be - at times - quite demanding in technical resources… and well… shared hosting lives from shared technical ressources. Meaning. while a NC would need some more CPU-time to run there would be less left for other users.

So you can see, hopefully, that it seems to be impossible to have a product that deals with all of that.
Thus the brains behind NC came up with the idea that instead of using a shared hoster NC should be able to run on litte, lightweighted homeservers, like e.g. a raspberry. It just costs $40-50 which should be affordable for everyone (take your monthly payment, multply it by 12 and see if you could compete with that amount anyhow)… and easy to maintain (like via ncp)… Perfect for familyneeds. And you would be the master of your own data.

We just have diffrent opinions. But I’m not the one who could change things anyways. And it’s not like Nextcloud won’t run on shared hosts anymore, unlike many other software projects.

And honestly, sometimes the expectation of some and the always same subliminal critisism formulated as a question gets annoying and then I just get a little cynical. I mean it is free and opensource software. And it’s not difficult to find all the existing threads about this topic, but everyone wants to have his own personal explanation on the subject, as if this was a customer service frontdesk here that is obliged to offer you a solution or compensation when something doesn’t work the way you imagined.

It’s free and open source software. You can fork it an make it your own better product. That’s exactley what the Nextcloud project did with OwnCloud once.


They really don’t and they don’t owe anything to anyone. And beside of that, nobody stops you to start your own software project or fork the existing one and then make it right to everyone. That’s a huge task. And Nextcloud does already more in this regard than most other projects.

No. But statements like like: “It’s just plain sloppy work any which way you slice it. And it’s very bizarre that the Nextcloud devs seem to have a stubborn attitude as if they own our htacces files and those of implementing the software don’t have a right to choose our own server solutions and configurations.” are proove that you not interested in discussing things but rather just want to complain.

Expressing wishes is ok. Making concrete suggestions for changes would be even better. Calling the developers sloppy, who provide you with a complex product like this for free and without any restrictions, is not ok. Or to say it in your own words: “pathetic”

And even the beginning of your post is really just complaining, because you have to do one or two additional steps, while upgradeing your instance. And you say it yourself: This makes it a little more complicated but not impossible to run it on a shared host.


again and again: if you wanna critize something you’re welcome doing so.

But we won’t never ever accept rudeness, insultings, personal attacks, etc. For everyone feeling being treated unfair pls. refer to


Everyone has signed them by setting up an account here.

You sound like a QAnon conspiracy theorist. You are not an honest poster or commenter. I would have kicked you from the forum already.

1 Like

The last discussion on this topic got closed because whoever didn’t like it, so I created a new one regarding the question at hand. So it’s not a conspiracy. Its actually the exact opposite.
Surely the purpose of community forums is to hear from the community, take input and maybe add suggestions to a backlog (which can be made low priority if whoever makes those decisions sees fit) but don’t just dismiss and/or close down suggestions/dialogue.

I didn’t say it was a conspiracy, I said InsufficientlyGeek sounded like a QAnnon conspiracy theorist. There’s a big difference there.

InsufficientlyGeek claimed “the powers that be don’t like too much truth”, and went on to assert Communist China is maintaining Nextcloud so they can overtake our data. InsufficientlyGeek is either a troll, or has serious mental stability issues.

Now, your post here wasn’t very clear, I’m not sure what you want, or what you’re asking for. When bb77 asked for clarification, you stayed relatively silent and let InsufficientlyGeek speak for you (“the issue is fueled by an elitist and judgemental attitude”, and “you don’t know what my hosting plan is” while giving vague and non-specific details so they can can keep evading).

After InsufficientlyGeek spouts bullshit a couple more times, you pop up saying you “100% agree” with them, then go silent again. You provide no further detail of what you want or what your issue is, other than upgrading Nextcloud is a “minor convenience”. Uh, ok.

Once I called InsufficientlyGeek out for being irrational, you jump in claiming the topic was closed last time because “whoever didn’t like it”. Could it have been because there was no real issue brought up? You didn’t provide any explanation of why you need to enforce HTTP/2, or why it isn’t, what the benefits or trade-offs would be, or anything. I don’t know what your issue is.

And you still haven’t explained or addressed it. You instead wax lyrical about the “purpose of community forums”. Could the problem be the lack of communication skills of people like you and InsufficientlyGeek, rather than any inherent issue with Nexcloud or the purpose of forums?


I’m probably assuming people read the prior thread (with the same name minus the ‘2’) which I acknowledged is probably lazy of me.

In my head it’s become a general gripe than the general attitude/answer is that Nextcloud is only for people not using shared hosting. I don’t want to run my own server, do my own backups, ensure my power supply is secure, my network is up etc. I want people who are professionals to do that sort of stuff and that’s what shared hosting provides. I want to leverage IaaS/PaaS not run a server in my basement but then devs (or whoever responds to posts here) seem to want to support enterprises with enough resources to support on prem infrastructure or techies who know enough and have the time interest, knowledge and knowledge to manage the whole shebang. I’m in tech but am not a programmer/admin and can just about do what is necessary to install and maintain a Nextcloud install but if it was a little easier Nextcloud could penetrate further (if that’s the goal)

In any case, I sense this is a futile discussion. I do appreciate those that develop Nextcloud and provide a free alternative to Google, Dropbox et al.

In most threads about shared hosting, workarounds are suggested. But the questioners don’t want to hear them and prefer to hang on to side notes. And yes, those who reply to these posts, sometimes mention that Nextcloud is not suitable for shared hosting and that shared hosting is not a priority for the Netxloud devs. I don’t even know if that’s true. But these answers also come from the fact that most of these questioners already show in their initial post that they are not really interested in a solution, but rather just want to complain.

Most limitations of shared hosting can be worked around somehow, but not always with a one-klick solution for everything. But for example what’s the big deal, when one has to backup the .htaccess file before an update and/or re-add a few lines to it after an upgrade. This takes five minutes of that persons time and I wouldn’t say that Nextcloud is unusable on a shared host because of that. Btw. maintaining a manual installation is way more time consuming.

1 Like

The clearer the question, the better the answers. Does Nextcloud really have a fundamental problem with the implementation of the HTTPS/2 protocol?

On the other hand, do you have concrete statistics by hand on the installed base of Nextcloud? I see hundreds of requests here on the forum regarding shared hosting, so it seems to be a very common variant after all…

So what are you specifically talking about here in this thread? There is no fitting-all solution, each installation approach has advantages and disadvantages. You have to cope with that or look for better alternatives, either by switching to a product that meets your requirements better, or by a concrete and constructive formulation of improvement suggestions by submitting enhancement requests to the development teams. This is how it works. My 2 cents.

No it does not. Works perfectley fine on my instance. (manual installation in a VM)

The problem on a shared host is, that you often cannot configure the main apache config or VirtualHosts. Your only chance to configure things is the admin panel of your hosting company and the .htaccess file, which gets overwritten during a Nextcloud upgrade. Also if you don’t have command line access you can’t run PHP scripts like the Nextcloud OCC commands. At least not in a direct and easy way.

Besides, various things like HTTPS, HTTP/2 and HSTS (coming from the other thread OP refers to) have been mixed up here.