Nextcloud version (eg, 12.0.2): 13.0.2
Operating system and version (eg, Ubuntu 17.04): Debian GNU/Linux 9.4 (stretch) (Armbian version)
Apache or nginx version (eg, Apache 2.4.25): Nginx 1.10.3
PHP version (eg, 7.1): 7.0.27
The issue you are facing:
With HSTS enabled (in Nginx) I cannot access my Nextcloud instance through the website any more.
Is this the first time you’ve seen this error? (Y/N): Y
Steps to replicate it:
-
I tried to get rid of the following warning/error:
The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips.
by following the advice on the security tips link (together with NC examples for setting up Nginx).
-
I uncommented in my Nginx Nextcloud config file both lines that say:
add_header Strict-Transport-Security "max-age=15768000;
-
reload/restart Nginx
-
Error I get in Chrome (in Firefox, the page just does not even start loading):
ERR_SPDY_PROTOCOL_ERROR
The output of your Nextcloud log in Admin > Logging:
Didn’t see anything relevant. If there is something I should watch out for, do let me know and I’m happy to reproduce.
The output of your config.php file in /path/to/nextcloud
(make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'instanceid' => '###REDACTED###',
'passwordsalt' => '###REDACTED###',
'secret' => '###REDACTED###,
'trusted_domains' =>
array (
0 => 'thatfunkyplace.wheremymonkeyis.at',
1 => 'explorethe7seas.wheremymonkeyis.at',
),
'datadirectory' => '/srv/nextcloud_data',
'overwrite.cli.url' => 'http://localhost',
'dbtype' => 'pgsql',
'version' => '13.0.2.1', [20/953]
'dbname' => 'nextcloud',
'dbhost' => 'localhost',
'dbport' => '5432',
'dbtableprefix' => 'oc_',
'dbuser' => 'www-data',
'dbpassword' => ''###REDACTED###',
'logtimezone' => 'Europe/Ljubljana',
'installed' => true,
'memcache.local' => '\OC\Memcache\APCu',
# 'memcache.local' => '\OC\Memcache\Redis',
# 'redis' => array (
# 'host' => '/var/run/redis/redis.sock',
# 'port' => 0,
# ),
# 'memcache.locking' => '\OC\Memcache\Redis',
'maintenance' => false,
'enabledPreviewProviders' =>
array (
0 => 'OC\Preview\Image',
1 => 'OC\Preview\MP3',
2 => 'OC\Preview\TXT',
3 => 'OC\Preview\MarkDown',
4 => 'OC\Preview\Epub',
5 => 'OC\Preview\PDF',
),
'theme' => '',
'loglevel' => 0,
'mail_domain' => ''###REDACTED###',
'mail_smtpmode' => 'smtp',
'mail_smtpauthtype' => 'LOGIN',
'mail_smtpsecure' => 'ssl',
'mail_from_address' => ''###REDACTED###',
'mail_smtpauth' => 1,
'mail_smtphost' => ''###REDACTED###',
'mail_smtpport' => '465',
'mail_smtpname' => ''###REDACTED###',
'mail_smtppassword' => ''###REDACTED###',
'updater.release.channel' => 'stable',
);
The output of your Apache/nginx/system log in /var/log/____
:
Didn’t see anything relevant. If there is something I should watch out for, do let me know and I’m happy to reproduce.
Happy to re-produce and add the above files if needed.