I am running nextcloud of a docker container and I’ve read about the HSTS in the documentation https://docs.nextcloud.com/server/17/admin_manual/installation/harden_server.html?highlight=hsts#enable-http-strict-transport-security
But where to I find the Apache VirtualHost file?
It’s linuxserver/nextcloud. I also have letsencrypt container running that has nginx properly configured. But when I go to the nextcloud settings I get that warning that I should configure HSTS.
sure? because that container should handle ssl.
did you check the nginx config for a line like this:
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;
(which letsencrypt container do you have?)
I have linxserver/letsencrypt and I can access nextcloud like this https://mydomain.com/nextcloud without any issues.
sure. you would only mention the hsts thing if you have trouble with a man in the middle.
i guess hsts is disabled because of this statment:
did you use a docker compose file to start your nextcloud/letsencrypt containers? is there a -v statement to map config files from your host into the container?
Yes I have -v that maps to the config folder
so you could add/uncomment the
add_header Strict-Transport-Security line and restart the container.
Thank you! That did the trick!