I had a warning in the admin, The following message:
The “Strict-Transport-Security” HTTP header is not configured to at least “15552000” seconds.
I followed the guide on https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html#enable-hsts-label
I copied en paste the following code in the .htacces file:
<VirtualHost *:443>
ServerName cloud.nextcloud.com
Header always set Strict-Transport-Security “max-age=15552000; includeSubDomains”
I changed the ServerName to my domain.
When I go to my domain, I get a 500 Internal Server Error
I removed the code, but I still can’t reach my domain. How can I fix this and the above warning?
tflidd
August 12, 2017, 4:04pm
2
Check your server’s error.log why you get error 500.
The server error says: <VirtualHost not allowed here.
I can reach my domain again. But how can I fix the warning, mentioned above? Do I have the wrong .htacces file, because there are more then one?
tflidd
August 12, 2017, 6:45pm
4
This part must go into your apache-config. You can’t do this in a .htaccess.
Where can I find this file?
/etc/apache2/sites-avialable/yournextcloud.conf
Restart apache after modifying the file
Please also make sure to add this in the HTTPS section of your config.
*:80 -> HTTP | *:443 -> HTTPS
I can’t find the “apache”.conf file. Can I find that file in my cPanel area?
tflidd
August 14, 2017, 9:23pm
9
I don’t know cPanel, you might want to check with their community if you can add manually stuff to a vhost.
Can’t it be done, somehow, in a .htacces file?
tflidd
August 14, 2017, 9:50pm
11
If your server configuration allows such changes, it is possible:
1 Like
Yes, thank you very much! The warning is gone!
I updated NC yesterday, but the changes in the .htacces file are gone. Does this happen al the time when I update NC?