The Basics
- Nextcloud Server version (e.g., 29.x.x):
31.0.6
- Operating system and version (e.g., Ubuntu 24.04):
Almalinux 5.14.0-503.38.1.el9_5.x86_64
- Web server and version (e.g, Apache 2.4.25):
Apache/2.4.62
- Reverse proxy and version _(e.g. nginx 1.27.2)
n/a
- PHP version (e.g, 8.3):
PHP 8.2.28
- Is this the first time you’ve seen this error? (Yes / No):
No, it's been there for a whole
- When did this problem seem to first start?
2 years ago maybe
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
Bare Metal
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
No
Summary of the issue you are facing:
- Admin panel complains that
Some headers are not set correctly on your instance - The
Strict-Transport-SecurityHTTP header is not set (should be at least
15552000seconds). For enhanced security, it is recommended to enable HSTS. For more details see the [documentation ↗](https://docs.nextcloud.com/server/31/go.php?to=admin-security).
Measures Taken:
- httptools.dev Shows
HSTS implemented correctly!
- On localhost,
curl -s -D- https://nextcloud.mydomain.com| grep -i strict-transport-security:
showsStrict-Transport-Security: max-age=63072000; includeSubDomains; preload
Configuration
Nextcloud
The output of occ config:list system
or similar is best, but, if not possible, the contents of your config.php
file from /path/to/nextcloud
is fine (make sure to remove any identifiable information!):
{
"system": {
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost",
"nextcloud.werkraum.hk",
"cloud.thewanch.hk"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "31.0.6.2",
"overwrite.cli.url": "http:\/\/localhost",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"default_phone_region": "HK",
"memcache.local": "\\OC\\Memcache\\APCu",
"filelocking.enabled": true,
"memcache.locking": "\\OC\\Memcache\\Redis",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 6379,
"timeout": 0,
"password": "***REMOVED SENSITIVE VALUE***"
},
"maintenance": false,
"maintenance_window_start": 5,
"theme": "",
"loglevel": 2,
"log_type": "file",
"logfile": "\/var\/log\/nextcloud\/nextcloud.log",
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauthtype": "PLAIN",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_smtpsecure": "ssl",
"data-fingerprint": "b0a4d505483d086847b732861ab2fb9a",
"instanceid": "***REMOVED SENSITIVE VALUE***",
"updater.release.channel": "stable",
"mail_smtpauth": 1,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"app_install_overwrite": [
"news"
],
"memories.db.triggers.fcu": true,
"memories.exiftool_no_local": true,
"memories.vod.path": "\/var\/www\/nextcloud\/public_html\/apps\/memories\/bin-ext\/go-vod-amd64",
"memories.vod.ffmpeg": "\/bin\/ffmpeg",
"memories.vod.ffprobe": "\/bin\/ffprobe"
}
}
Apps
Enabled:
- activity: 4.0.0
- admin_audit: 1.21.0
- app_api: 5.0.2
- assistant: 2.4.0
- calendar: 5.3.2
- circles: 31.0.0
- cloud_federation_api: 1.14.0
- comments: 1.21.0
- contacts: 7.1.3
- contactsinteraction: 1.12.0
- context_chat: 4.3.0
- dashboard: 7.11.0
- dav: 1.33.0
- federatedfilesharing: 1.21.0
- federation: 1.21.0
- files: 2.3.1
- files_downloadlimit: 4.0.0
- files_pdfviewer: 4.0.0
- files_reminders: 1.4.0
- files_sharing: 1.23.1
- files_trashbin: 1.21.0
- files_versions: 1.24.0
- firstrunwizard: 4.0.0
- forms: 5.1.0
- logreader: 4.0.0
- lookup_server_connector: 1.19.0
- memories: 7.5.2
- news: 26.0.1
- notes: 4.12.1
- notifications: 4.0.0
- oauth2: 1.19.1
- password_policy: 3.0.0
- photos: 4.0.0-dev.1
- privacy: 3.0.0
- profile: 1.0.0
- provisioning_api: 1.21.0
- quota_warning: 1.21.0
- recommendations: 4.0.0
- related_resources: 2.0.0
- richdocuments: 8.7.1
- serverinfo: 3.0.0
- settings: 1.14.0
- sharebymail: 1.21.0
- spreed: 21.1.0
- support: 3.0.0
- survey_client: 3.0.0
- systemtags: 1.21.1
- talk_matterbridge: 1.31.1026000
- text: 5.0.0
- theming: 2.6.1
- twofactor_backupcodes: 1.20.0
- twofactor_nextcloud_notification: 5.0.0
- twofactor_totp: 13.0.0-dev.0
- updatenotification: 1.21.0
- user_status: 1.11.0
- viewer: 4.0.0
- weather_status: 1.11.0
- webhook_listeners: 1.2.0
- whiteboard: 1.0.5
- workflowengine: 2.13.0
Disabled:
- bruteforcesettings: 4.0.0 (installed 3.0.0)
- encryption: 2.19.0
- files_external: 1.23.0
- nextcloud_announcements: 3.0.0 (installed 1.14.0)
- suspicious_login: 9.0.1 (installed 6.0.0)
- user_ldap: 1.22.0