Security & setup warnings
It’s important for the security and performance …
The “Strict-Transport-Security” HTTP header is not configured to at least “15552000” seconds. For enhanced security we recommend enabling HSTS as described in our security tips.
where do i set this up?
Hello,
Please use the find fonction because this question have been answered a lot of times.
Please also read nextcloud documentation. When you have this problem reported you have a link to follow to have an answer.
So i will tell you one more time :
First enable the HEADERS module on your apache :
a2enmod headers
Then go and read this :
https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html#use-https
Restart your apache service and voila.
After don’t forget to put this topic SOLVED
You’re welcome
ok - thank You for Your quick answer !
I need to tell this our provider…
My problem with these instrutions is that it does not say which file to modify. A lot of us don’t know what the “Apache VirtualHost file” is
I’m still not sure because I still get the warning in the Admin page.
Is it /etc/apache2/sites-enabled/default-ssl.conf ?
a2enmod is a command,
a2 like apache 2
en like enable
Mod like module
You should learn a little bit how Apache2 works and where are key files and how they work. Knowing that will be a great help for using nextcloud.
Because Apache2 is a web server, you can have multiple websites running on a single server. Every website rely on a .conf file saying : what is my name, what is my alias, where is my root folder etc…
In brief, for nextcloud if you want to master all of this you need knowledge on web server (apache2 or ngnix), database (mysql mariadb or postgresql) and Php