cover photo


tidying up OwnCloud

 Xerta last edited: Wed, 21 Mar 2018 12:32:32 +0100  
So in my eternal quest to get a sorted out OwnCloud install, I have started to work through the errors I'm getting. I get the following message:

OwnCloud admin page wrote:
The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.

Security tips says:

Enable HTTP Strict Transport Security

While redirecting all traffic to HTTPS is good, it may not completely prevent man-in-the-middle attacks. Thus administrators are encouraged to set the HTTP Strict Transport Security header, which instructs browsers to not allow any connection to the ownCloud instance using HTTP, and it attempts to prevent site visitors from bypassing invalid certificate warnings.

This can be achieved by setting the following settings within the Apache VirtualHost file:

<VirtualHost *:443>
   Header always add Strict-Transport-Security "max-age=15768000"

This requires the mod_headers extension in Apache.

So I'm looking for how to accomplish this in nginx.
Think this will include self-signed cert warnings?

I had the same thought. Don't know, but sounds like it would.
A self-signed cert is technically invalid as it will not offer any protection against MITM.
  last edited: Wed, 21 Mar 2018 12:31:32 +0100  
Any thoughts on apc/apcu from anyone?
move from apache to nginx

 Xerta last edited: Thu, 22 Mar 2018 00:20:20 +0100  
I had a visit from Dan at the weekend and he has persuaded me to move from apache to nginx. One look at the config files persuaded me -- I had a clue what was going on. Scenario is this: red (proper cert) and friendica (self-signed) and owncloud (self-signed) all on the same box.

I'm going to attempt:

aptitude remove apache2 && aptitude install nginx

Any big gotchas foreseen for that kind of plan? (I expect the answer yes which is why I'm asking first.)

#nginx #apache
 tech  nginx  apache
  last edited: Thu, 22 Mar 2018 00:19:39 +0100  
It worked.