The “Strict-Transport-Security” HTTP header is not configured to at least “15552000” seconds. For enhanced security we recommend enabling HSTS…
I’m a bit stuck on this. I can confirm that i have searched, and tried many suggestions.
I should add that i am new to Linux\Apache, so this may be where i need more guidance.
Any help much appreciated.
Include in your apache-config file for Nextcloud (usually in directory “sites-available”):
Header always set Strict-Transport-Security “max-age=15552000; includeSubDomains”
and restart apache server
Alias /nextcloud “/var/www/nextcloud/”
<VirtualHost *:80>
Servername **********
Redirect permanent / **************
<VirtualHost *:443>
Servername ********
Header always set Strict-Transport-Security “max-age=15552000; includeSubDomains”
This is what i have in /etc/apache2/sites-enabled/nextcloud.conf
Restarted apache server multiple times post this to the same error
Hi, I’ve done that as far as i can see, it’s one of the sites\links i’ve looked at:
and
https://docs.nextcloud.com/server/13/admin_manual/configuration_server/harden_server.html
I’ve checked headers are enabled - “Module Headers already enabled”
and as above, the config settings have been done
Am i missing something else?
Maybe you should split your configuration into
(1) nextcloud.conf with VirtualHost *:80
and
(2) nextcloud-ssl.conf with VirtualHost *:443
both with " Header always set Strict-Transport-Security “max-age=15552000; includeSubDomains” "
1 Like