I have an nginx webserver hosted at my subdomain.mydomain.com. This server is running on Ubuntu 20.04 and is configured for proxy services only. It handles all of the ssl. I am redirecting my nextcloud to another Ubuntu 20.04 server with apache and nextcloud installed. Everything is working for the most part, I would like to fix some of the Security and setup warnings on the overview page. I have read documentation on how to resolve it but most of the documentation assumes you are running nginx on the same server as nextcloud. So I am looking for a little guidance on how to best do this.
I am receiving the following message in Security warnings: The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds.
Here is my nginx config:
upstream nextcloud {
server 192.168.10.3;
keepalive 32;
}
server {
listen 80;
listen [::]:80;
server_name cloud.mydomain.com www.cloud.mydomain.com;
return 302 https://$server_name$request_uri;
# Prevent nginx HTTP Server Detection
server_tokens off;
}
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
server_name cloud.mydomain.com www.cloud.mydomain.com;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
client_max_body_size 2048M;
underscores_in_headers on;
location / {
add_header Front-End-https on;
proxy_pass http://192.168.10.3;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 2048M;
proxy_buffering off;
proxy_read_timeout 300;
}
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/webfinger {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/nodeinfo {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
}
I have added to my nginx config, but I still receive the error.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
I am still a newbie at setting up nginx so any help is appreciated. Thank you