How to enforce HTTPS 2

I know, this is exactly how Nextcloud behaves on shared hosting, so you have to deal with it if you are on such a solution. Therefore, It’s not a fundamental problem of “how to enforce HTTPS/2” on Nextcloud, this is well known, also with directives that can be applied really easily by instance owners of sharing host installations.

It is a platform restriction like others. My suggestion in this case is to place a corresponding enhancement request for Nextcloud proposing modifications to fitting better on a shared hosting environment…

Yeah I suppose they could at least to some extent. But this is better suited in a feature request on GitHub. The forums are primarly here to help with the existing solutions. But I guess if you want to discuss this constructively, without the demanding tone that some others have on it, you certainly can do that in the forums too and no one would have anything against it. However, certain things can’t be solved by Nextcloud or would severely limit the functionality and feature set…

1. HTTPS / HSTS / HTTP/2 are things that the web server does and not the application. So the hosting companies would have to offer appropriate solutions. And if I remember correctly, I could configure at least HTTPS and HSTS in cpanel years ago at my former hosting company.

2. if they for example would omit OCC and similar things, you would gain nothing, they would then simply optimize the product for the lowest common denominator.

3. In theory, it would certainly be possible to run at least some of these scripts from the WebUI. But I also trust the devs, that there were good reasons not to integrate such things to the WebUI, other than “laziness” as some here claim. Things like security considerations for example. But this has been discussed several times on GitHub. Feel free to search for those Issues there or open a new one, if you have specific and constructive suggestions.

pls link the source if you claim something like that.
[update: it seems to be this one How to enforce HTTPS thanks @DarkSteve pointing me into the right direction for which reason ever TS couldn’t relink this themself]

you got that wrong. Since you could try and run NC wherever and however you like. Apart from the recommendations on how to run it best it’s just not “supported”. So you more or less need to deal yourself with the problems that arise from trying to run it on an unrecommended environment. That’s all.
I mean, assuming you come from the windows world, you could try and install windows to your smart-fridge or your car or your smart-tv or wherever. Maybe you would succeed. But you’d need to deal with the problems yourself arising from that. It’s not a problem caused by MS. Though, of course, you could try and held them responsible for it and complain about it in their forums.

Exactly that. Thank you.

@all could we get back to the initial question, please?

Ok, I get it now. Because you have no interest in tech, you didn’t realise you were asking a completely different question that you thought you were.

You want to enforce TLS, you want to make sure the Nextcloud URL is using https:// before the domain (e.g. hives.nexcloud.net). Is that right?

Here’s what happened. You didn’t link to the previous thread, so nobody here had any context. You then added a “2” to the title, which fundamentally changed the question.

HTTP/2 is a standard that is supported by about half of the top 10 million websites, and it’s supported by all the major browsers. Everyone here thought you were asking how to enforce HTTP/2.

HTTP/2 is a 2015 update to the HTTP/1.1 protocol (1997). HTTP/2 provides compression, pipelining, and lower latencies compared to HTTP/1.1.

Neither TLS or HTTP/2 are Nextcloud questions, they’re web server questions. Which is fine, we try to help people with that, too. But we can’t help you tweak your web server when you don’t have one. This is up to whatever online service you use.

HTTP/2 is a configuration option I can tick before compiling Apache (which I did on my machine). The idea of “enforcing” HTTP/2 doesn’t make sense, since it’s a protocol the server makes it available, and it’s up to the browser whether or not it takes advantage of it. This is why everyone was asking you for further information, which you refused to provide.

If only you had answered bb77 honestly, you might have resolved this days ago. Had you answered honestly the first time you posted this question, you probably wouldn’t have need to post the same broken question a second time here.

This forum is for the support of Nextcloud, it’s not the tech support of some random PaaS internet service. If your chosen Platform-as-a-Service doesn’t provide basic TLS/HTTPS support, then contact them about it. How the hell are we supposed to fix their service for you?!

You have virtually no understanding of how the internet works, how PaaS works, and you have absolutely no interest in understand or learning. Combined with your inherent conspiracy/persecution mindset and lack of communication skills, you’re going to continue struggling for quite a while!

Oh, and I have a spare bedroom, my “computer room”, where my Nextcloud server runs, I don’t have a basement. (Nice jab, by the way.)

You are not in tech. Playing PS5 does not mean you’re “in tech”.

I mean, really, you couldn’t even post a coherent question about TLS. You then let the nutter InsufficientlyGeek speak for you because you didn’t understand how the internet works, and then you get your nose out of joint because we can’t fix some random PaaS that you didn’t even name. (Seriously, there may have been someone familiar with it who could have told you how to enable TLS in a control panel or something.)

You know, you could be honest instead. You could admit when you don’t know something, you could provide additional details when asked. I’m thinking the biggest issue impacting your communication skills is your pride.

You feel some need to pretend you already understand, and it’s Nextcloud’s fault you aren’t getting what you want. You claim to be in tech, but don’t understand how PaaS works, or how TLS/HTTPS works, or how web servers work.

You even use the lazy 90s stereotype of nerds running servers in a “basement”.

This discussion was futile for you because you don’t understand what HTTPS is, resulting in your question being about a completely different protocol. You refuse to learn, meaning you refused to actually clarify your question or provide further details when people in this forum actually tried to help you.

Your pride is toxic, dude. You posted your question with an inherent bias in the framing. “Why is Nextcloud suppressing my desire for security?!?!” You seem oblivious to the fact that Nextcloud, by default, will complain if you don’t use HTTPS. If your chosen PaaS has that disabled, it’s probably because they want to charge you extra for TLS.

You know, people run Nextcloud on a Raspberry Pi? Not exactly “prem infrastructure” or a “whole shebang”. But since you aren’t in tech and don’t understand how any of this works, I guess this is a surprise to you.

(Oh, a Raspberry Pi is a tiny ~US$50 computer, used by people in tech.)

You have this bizarre mindset, tech is about “prem infrastructure”, the “whole shebang” is basically impenetrable and incomprehensible magic. And it’s Nextcloud that is hiding the truth. Nextcloud is a puppet of China, making sure you’re insecure so they can harvest your precious data.

You pride is something else. It makes you look like a fool.

Good idea!

Actually, I just wanted to ask a simple question about best practices. It was not my intention to start such a fundamental discussion.

After this discussion, I can clarify my original question:
How to sustainably enforce the HTTPS protocol of a Nextcloud installation at a shared hosting provider?

From the discussion so far, I take the answer: you can’t!

The possible suggestions so far are:

• switch to another provider,
• accept that this security setting is deleted again after each upgrade,
• or forget Nextcloud and look for another software.

All not satisfactory - but now I know where I stand.

Thanks, Friedbert

well … I’m afraid saying of course you can.

it just comes with some more work for you … which might be not acceptable for you. But that’s not a NC problem.

It’s a problem of your platform.

Yes! If that happens, you can just paste the lines again to .htaccess file and you should be fine. This is a little extra effort that should not take more than 2 minutes of your time after an upgrade. I would call this a small inconvinience and not a deal breaker.

This would be an option in the long run if this inconvinience really annoys you that much.

Of course, you are right - somehow it works.

But only if at least one of the requirements from my question is ignored.

I will adjust the configuration file again after each upgrade and hopefully never forget it - but I think that violates my requirement for sustainability.

How do other solutions deal with this problem? Is there already a commonly accepted standardized procedure in place? How do you propose to solve/circumvent this inconvenience/limitation of running Nextcloud on shared hosting platforms in concrete terms?

Yeah well I use a manual installation of Nextcloud which leaves me with a few more things I have to care about. But that was of course my own choice. But ultimately, when you host things yourself, you always have to stay on top of things and in some situations you just have to do certain things manually. Especially with complex applications like Nextcloud, things can change from time to time and there is not only one way to do things. And at a certain point of complexity, there is no way around documenting configuration changes in order to remember everything. You could write a checklist for your Upgrade process, where you als include your changes. Then you can just copy and paste the lines and you are not at risk of forgetting something

it’s not a general limitation from nextcloud’s side… it just depends upon your specific share hoster. there are apparently some causing no problems.

It is clear to me personally that in principle this ISN’T a Nextcloud limitation - unless there is a generally valid procedure how to handle such cases on a share hosting platform, only then I would see Nextcloud in the obligation to apply it.

You should actually be glad that your posts have been hidden and if I were you I would delete them myself.

Statements like this…

…are prove that you don’t seem to understand fundamental things about how open source projects work or the world in general. You are talking about freedom and censorship, but at the same time you want to tell other people how they have to manage their project and what features they have to include in their project. Open source means that the code is freely available, that you can fork the code and make adjustments to it, you can even get your self involved and contribute to the project etc… But it does not mean that the developers work for you or that they are obliged to customize their product according to your personal wishes.

@InsufficientlyGeek
After having received an official warning to watch your language and after having been silenced for a few days you now are silenced for a bit longer due to inappropriate language in your postings.

BTW: as I already said in another thread: of course you can get your critique out… but

• you don’t do that by capturing another thread. If you have something to tell open a new thread.
• you do watch your words and don’t insult anyone.