I had a warning in the admin, The following message:
The “Strict-Transport-Security” HTTP header is not configured to at least “15552000” seconds.
I followed the guide on https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html#enable-hsts-label
I copied en paste the following code in the .htacces file:
Header always set Strict-Transport-Security “max-age=15552000; includeSubDomains”
I changed the ServerName to my domain.
When I go to my domain, I get a 500 Internal Server Error
I removed the code, but I still can’t reach my domain. How can I fix this and the above warning?
Check your server’s error.log why you get error 500.
The server error says: <VirtualHost not allowed here.
I can reach my domain again. But how can I fix the warning, mentioned above? Do I have the wrong .htacces file, because there are more then one?
This part must go into your apache-config. You can’t do this in a .htaccess.
Where can I find this file?
Restart apache after modifying the file
Please also make sure to add this in the HTTPS section of your config.
*:80 -> HTTP | *:443 -> HTTPS
I can’t find the “apache”.conf file. Can I find that file in my cPanel area?
I don’t know cPanel, you might want to check with their community if you can add manually stuff to a vhost.
Can’t it be done, somehow, in a .htacces file?
If your server configuration allows such changes, it is possible:
Yes, thank you very much! The warning is gone!
I updated NC yesterday, but the changes in the .htacces file are gone. Does this happen al the time when I update NC?