Support intro
Sorry to hear you’re facing problems
help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.
In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:
example
Or for longer, use three backticks above and below the code snippet:
longer
example
here
Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can
Hi, after several attempts and modifications of the conf files, I am left with the error in question. I followed the directions on the site, adding the string to the default-ssl.conf file, but the problem persists. Checking with the site “hstspreload.org” indicated in the guides and entering my domain, this is what comes out:
Error: No HSTS header
Response error: No HSTS header is present on the response
As for the redirect, I temporarily disabled it to connect locally and upload files faster, but I can’t activate HSTS.
Nextcloud version : 23.0.1.2
Operating system and version : Raspbian Bullseye 64bit
Apache version: Apache 2.4.52
PHP version : 8.0
The issue you are facing:
The "Strict-Transport-Security" HTTP header is not configured with a value of at least "15552000" seconds. To enhance security, we recommend enabling HSTS as described in Security Tips ↗
Is this the first time you’ve seen this error? : Y
The output of your config.php file in /var/ww/nextcloud/conf
:
<?php
$CONFIG = array (
'instanceid' => '--------------------',
'passwordsalt' => '-------------------------------',
'secret' => '--------------------------',
'trusted_domains' =>
array (
0 => 'RPI.IP',
1 => 'MY.DOMAIN.COM',
),
'default_phone_region' => 'IT',
'datadirectory' => '/DATA/DIRECTORY/NextCloud',
'dbtype' => 'mysql',
'version' => '23.0.2.1',
'overwrite.cli.url' => 'http://RPI.IP/nextcloud',
'dbname' => '[MYDBNAME]',
'dbhost' => '[MYHOST]',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => '[MYUSER]',
'dbpassword' => '[MYPASSWORD]',
'installed' => true,
'filelocking.enabled' => true,
'memcache.local' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '127.0.0.1',
'port' => 6379,
),
);
The output of your default-ssl.conf file in /etc/apache2/sites-available
:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
#ServerAdmin webmaster@localhost
DocumentRoot /var/www/nextcloud
ServerName MY.DOMAIN.COM
ServerAlias SECOND.DOMAIN.COM
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/MY.DOMAIN.COM/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/MY.DOMAIN.COM/privkey.pem
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
The output of your 000-default.conf file in /etc/apache2/sites-available
:
<VirtualHost *:80>
ServerName MY.DOMAIN.COM
ServerAlias SECOND.DOMAIN.COM
#Redirect permanent / https://MY.DOMAIN.COM/index.php/login
#ServerAdmin webmaster@localhost
DocumentRoot /var/www/nextcloud
<Directory /var/www/nextcloud/>
RewriteEngine On
RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
RewriteRule ^/\.well-known/host-meta https://%{SERVER_NAME}/public.php?service=host-meta [QSA,L]
RewriteRule ^/\.well-known/host-meta\.json https://%{SERVER_NAME}/public.php?service=host-meta-json [QSA,L]
RewriteRule ^/\.well-known/webfinger https://%{SERVER_NAME}/public.php?service=webfinger [QSA,L]
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteCond %{SERVER_NAME} =MY.DOMAIN.COM [OR]
RewriteCond %{SERVER_NAME} =SECOND.DOMAIN.COM
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet