I followed the Installation instruction for setting up a self-signing certificate on Ubuntu (I have Mint): See https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html#enabling-ssl-label
Basically it’s supposed to be as simple as:
service apache2 reload
This didn’t appear to be working until I typed in https://192.168.x.x/nextcloud into the URL bar and added a self-signed security exception. It appears to work fine in Firefox, but not in Chromium. Anyway, I think it’s working but any comments much appreciated.
FWIW I really don’t think I need to deal with letsencrypt etc because I don’t want the public on my system anyway.
I found some further information here: https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html
Redirect all unencrypted traffic to HTTPS
To redirect all HTTP traffic to HTTPS administrators are encouraged to issue a permanent redirect using the 301 status code. When using Apache this can be achieved by a setting such as the following in the Apache VirtualHosts configuration:
Redirect permanent / https://cloud.nextcloud.com/
Enable HTTP Strict Transport Security
While redirecting all traffic to HTTPS is good, it may not completely prevent man-in-the-middle attacks. Thus administrators are encouraged to set the HTTP Strict Transport Security header, which instructs browsers to not allow any connection to the Nextcloud instance using HTTP, and it attempts to prevent site visitors from bypassing invalid certificate warnings.
This can be achieved by setting the following settings within the Apache VirtualHost file:
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
Can someone tell me what files to actually put this code into? I have Linux Mint 18.2?