Hi, I want to enable HSTS on my Apache2 Nextcloud Server. I already added the header in my VirtualHost File. I also enabled the headers_mod, restarted apache2, rebooted my server, but it still shows the warning in the nextcloud settings.
This is my VirtualHost file:
<VirtualHost *:80>
ServerName example.example.com
Redirect permanent / https://example.example.com
</VirtualHost>
<VirtualHost *:443>
ServerName example.example.com
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/example.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.example.com/privkey.pem
DocumentRoot /var/www/nextcloud/
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
RewriteEngine On
RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
RewriteRule ^/\.well-known/host-meta https://%{SERVER_NAME}/public.php?service=host-meta [QSA,L]
RewriteRule ^/\.well-known/host-meta\.json https://%{SERVER_NAME}/public.php?service=host-meta-json [QSA,L]
RewriteRule ^/\.well-known/webfinger https://%{SERVER_NAME}/public.php?service=webfinger [QSA,L]
</Directory>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
</IfModule>
CustomLog ${APACHE_LOG_DIR}/access.log combined
ErrorLog ${APACHE_LOG_DIR}/error.log
</VirtualHost>
(of course I replaced example.example.com with my domain)
Thank you!