In ssllabs i have A+ :
My nextcloud.conf :
Alias / â/var/www/nextcloud/â
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
Dav off
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
<VirtualHost *:80>
ServerAdmin mail@mydomain.com
DocumentRoot /var/www/nextcloud
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName mydomain.com
ServerAlias www.mydomain.com
Redirect permanent / https://mydomain.com
ServerName mydomain.com
ServerAlias www.mydomain.com
ServerAdmin mail@mydomain.com
DocumentRoot /var/www/nextcloud
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; preload"
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
My HTACCES in nextcloud doc :
SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
# Add security and privacy related headers
Header set Strict-Transport-Security "max-age=15552000" env=HTTPS
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header set X-Robots-Tag "none"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Download-Options "noopen"
Header set X-Permitted-Cross-Domain-Policies "none"
SetEnv modHeadersAvailable true
Add cache control for CSS and JS files
<FilesMatch â.(css|js)$â>
Header set Cache-Control âmax-age=7200, publicâ
php_value upload_max_filesize 513M
php_value post_max_size 513M
php_value memory_limit 512M
php_value mbstring.func_overload 0
php_value always_populate_raw_post_data -1
php_value default_charset âUTF-8â
php_value output_buffering 0
SetEnv htaccessWorking true
php_value upload_max_filesize 513M
php_value post_max_size 513M
php_value memory_limit 512M
php_value mbstring.func_overload 0
php_value default_charset âUTF-8â
php_value output_buffering 0
SetEnv htaccessWorking true
RewriteEngine on
RewriteCond %{HTTP_HOST} ^mydomain.com[NC]
RewriteRule ^(.)$ https://www.mydomain.com/$1 [L,R=301,NC]
RewriteRule . - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^.well-known/host-meta /public.php?service=host-meta [QSA,L]
RewriteRule ^.well-known/host-meta.json /public.php?service=host-meta-json [QSA,L]
RewriteRule ^.well-known/carddav /remote.php/dav/ [R=301,L]
RewriteRule ^.well-known/caldav /remote.php/dav/ [R=301,L]
RewriteRule ^remote/(.) remote.php [QSA,L]
RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/. - [R=404,L]
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
RewriteRule ^(?:.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
DirectoryIndex index.php index.html
AddDefaultCharset utf-8
Options -Indexes
ModPagespeed Off
My nextcloud config/config.php :
<?php
$CONFIG = array (
** âinstanceidâ => âmyinstanceidâ,**
** âpasswordsaltâ => âmypasswordsaltâ,**
** âsecretâ =>âmysecretâ,**
** âtrusted_domainsâ => **
** array (**
** 0 => âwww.mydomain.comâ,**
** 1 => âmydomain.comâ,**
** 3 => âip_serverâ,**
** ),**
** âdatadirectoryâ => â/var/www/nextcloud/dataâ,**
** âoverwrite.cli.urlâ => âhttps://www.mydomain.com/nextcloudâ,**
** âdbtypeâ => âmysqlâ,**
** âversionâ => â9.1.1.5â,**
** âdbnameâ => ânextcloudâ,**
** âdbhostâ => âlocalhostâ,**
** âdbportâ => ââ,**
** âdbtableprefixâ => âoc_â,**
** âdbuserâ => ânextcloudâ,**
** âdbpasswordâ => âmy_db_passwordâ,**
** âlogtimezoneâ => âUTCâ,**
** âinstalledâ => true,**
** âthemeâ => âexampleâ,**
** âloglevelâ => 0,**
);