khanh.pndc/nextcloud-docs
1
0
Fork 0
mirror of https://github.com/nextcloud/documentation.git synced 2026-01-03 10:20:02 +07:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1741 from owncloud/hardenserver

Browse Source 
correct HTTP Strict Transport Security section
This commit is contained in:
Carla Schroder
2015-10-06 07:09:52 -07:00
parent 09d09da55c fe77901e50
commit 9013b7f44b
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
admin_manual/configuration_server/harden_server.rst
View File

@@ -115,14 +115,16 @@ connection to the ownCloud instance using HTTP, and it attempts to prevent site
visitors from bypassing invalid certificate warnings.
This can be achieved by setting the following settings within the Apache
VirtualHost file:
VirtualHost file::
.. code-block:: none
<VirtualHost *:443>
ServerName cloud.owncloud.com
Header always add Strict-Transport-Security "max-age=15768000"
<VirtualHost *:443>
ServerName cloud.owncloud.com
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
</IfModule>
</VirtualHost>
This example configuration will make all subdomains only accessible via HTTPS. If you have subdomains not accessible via HTTPS, remove ``includeSubdomains;``.
This requires the ``mod_headers`` extension in Apache.