khanh.pndc/nextcloud-docs
1
0
Fork 0
mirror of https://github.com/nextcloud/documentation.git synced 2026-01-02 17:59:36 +07:00
Code Issues Packages Projects Releases Wiki Activity

correct HTTP Strict Transport Security section

Browse Source
This commit is contained in:
Carla Schroder
2015-10-05 16:53:49 -07:00
parent 468c1baf89
commit fe77901e50
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
admin_manual/configuration_server/harden_server.rst
View File

@@ -115,14 +115,16 @@ connection to the ownCloud instance using HTTP, and it attempts to prevent site
visitors from bypassing invalid certificate warnings.
This can be achieved by setting the following settings within the Apache
VirtualHost file:
VirtualHost file::
.. code-block:: none
<VirtualHost *:443>
ServerName cloud.owncloud.com
Header always add Strict-Transport-Security "max-age=15768000"
<VirtualHost *:443>
ServerName cloud.owncloud.com
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
</IfModule>
</VirtualHost>
This example configuration will make all subdomains only accessible via HTTPS. If you have subdomains not accessible via HTTPS, remove ``includeSubdomains;``.
This requires the ``mod_headers`` extension in Apache.