Hello,
I have the same problem after a new nextcloud 10.0.1 installation.
I paste the following code into the nextcloud .htacces file.
# Strict-Transport-Security:
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
But it doesn’t work.
After that, I paste the code into the main www .htacces file. It doesn’t work too.
I use a apache 2.4 server and is restarted.
Best regards,
Christoph
Make sure that you have installed the mod_headers module and enabled it:
a2enmod headers
Then, can enable it directly in your vhost configuration:
https://docs.nextcloud.com/server/10/admin_manual/configuration_server/harden_server.html#enable-http-strict-transport-security
Hello,
thank you for info.
Now it works!
Before I have written this topic, i found these manual.
Now, I know the reason it doesn’t work.
I have forgot to paste the total code in the nextcloud.conf.
Thank you again.
Best reagards,
Christoph