HSTS on docker container?

I am running nextcloud of a docker container and I’ve read about the HSTS in the documentation https://docs.nextcloud.com/server/17/admin_manual/installation/harden_server.html?highlight=hsts#enable-http-strict-transport-security

But where to I find the Apache VirtualHost file?


which one?

It’s linuxserver/nextcloud. I also have letsencrypt container running that has nginx properly configured. But when I go to the nextcloud settings I get that warning that I should configure HSTS.

sure? because that container should handle ssl.
did you check the nginx config for a line like this:
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;

(which letsencrypt container do you have?)

I have linxserver/letsencrypt and I can access nextcloud like this https://mydomain.com/nextcloud without any issues.

sure. you would only mention the hsts thing if you have trouble with a man in the middle.

i guess hsts is disabled because of this statment:

did you use a docker compose file to start your nextcloud/letsencrypt containers? is there a -v statement to map config files from your host into the container?

Yes I have -v that maps to the config folder

so you could add/uncomment the add_header Strict-Transport-Security line and restart the container.

1 Like

Thank you! That did the trick!

1 Like