The only purpose of this Nextcloud application is to add the
Strict-Transport-Security header to installations which do not support header
configuration via a server configuration file (e.g. .htaccess
).
- Download this archive, extract it to
apps/
and enable it or install via app store - Visit your page via https
- You're done
If you like, you can verify that everything is working as expected with the Security Header Scan.
You can change the HSTS header with the following Nextcloud system options (add
them to config/config.php
)
hsts.maxAge
(number) expiry time in seconds; default=15768000 (half a year)hsts.includeSubDomains
(boolean) apply HSTS rule to all subdomains as well; default=falsehsts.preload
(boolean) allow adding the domain to the HSTS preload list; default=false