# --- :80 [IPV6-ADDRESS]:80> ServerAdmin admin@oopen.de ServerName RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L] CustomLog /var/log/apache2/ip_requests.log base_requests CustomLog /var/log/apache2/-access.log combined ErrorLog /var/log/apache2/-error.log :443 [IPV6-ADDRESS]:443> ServerAdmin admin@oopen.de ServerName # Service Discovery # # !! We alraedy provide this servis via '.htaccess'-file !! # # The redirects for CalDAV or CardDAV does not work if Nextcloud is running behind a # reverse proxy. The recommended solution is that your reverse proxy does the redirects # #RewriteEngine On #RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L] #RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L] #ProxyErrorOverride On SetHandler "proxy:unix:/tmp/php-7.4-fpm.www.sock|fcgi://127.0.0.1" DirectoryIndex index.php index.html index.htm DocumentRoot /var/www//htdocs /htdocs"> Require all granted AllowOverride All Options FollowSymLinks MultiViews # - HTTP Strict Transport Security (HSTS) # - # - HSTS tells a browser that the website should only be accessed through # - a secure connection. The HSTS header will be remembered by a standard # compliant browser for max-age seconds. # - # - Remember this settings for 1/2 year # - #Header add Strict-Transport-Security "max-age=15768000" Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" # - Referrer-Policy # - # - See: https://scotthelme.co.uk/a-new-security-header-referrer-policy/ # - https://www.w3.org/TR/referrer-policy/ # - # - Referrer Policy is a new header that allows a site to control how # - much information the browser includes with navigations away from # - a document and should be set by all sites. # - # - The HTTP referer (originally a misspelling of referrer[1]) is an HTTP header # - field that identifies the address of the webpage (i.e. the URI or IRI) that # - linked to the resource being requested. By checking the referrer, the new # - webpage can see where the request originated. # - # - For a complete list and explanation of values, see urls above # - # - Example: "no-referrer-when-downgrade" # - The browser will not send the referrer header when navigating # - from HTTPS to HTTP, but will always send the full URL in the # - referrer header when navigating from HTTP to any origin. It # - doesn't matter whether the source and destination are the same # - site or not, only the scheme. # - Header always set Referrer-Policy "strict-origin-when-cross-origin" SSLEngine on SSLCertificateFile /var/lib/dehydrated/certs//fullchain.pem SSLCertificateKeyFile /var/lib/dehydrated/certs//privkey.pem CustomLog /var/log/apache2/ip_requests.log base_requests CustomLog /var/log/apache2/-access.log combined ErrorLog /var/log/apache2/-error.log