Hi there,
I have one system (infos below) where I simply cannot get rid of the message that HSTS is not setup correctly. The system where the problem comes up has two services running under apache2, so I have basically three files under /etc/apache2/sites-available:
- 000-default-le-ssl.conf
General description, including certs config ; document root set to /var/www - nextcloud.conf
Config file for nextcloud ; directing to /var/www/nextcloud - service2.conf
Config file for the second service ; directing to /var/www/service2
Contents of /etc/apache2/sites-available/nextcloud.conf:
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
Alias /ncloud "/var/www/nextcloud/"
<Directory /var/www/ncloud/>
Require all granted
AllowOverride All
Options +FollowSymlinks +MultiViews
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
Redirect 301 /.well-known/carddav /ncloud/remote.php/dav
Redirect 301 /.well-known/caldav /ncloud/remote.php/dav
Redirect 301 /.well-known/webfinger /ncloud/index.php/.well-known/webfinger
Redirect 301 /.well-known/nodeinfo /ncloud/index.php/.well-known/nodeinfo
I simply cannot see why the message keeps popping up. Can somebody please help me?
Nextcloud version (eg, 20.0.5): Nextcloud 21.0.3
Operating system and version (eg, Ubuntu 20.04): Debian GNU/Linux 10
Apache or nginx version (eg, Apache 2.4.25): 2.4.38-3+deb10u4
PHP version (eg, 7.4): PHP 7.3.27-1~deb10u1