cover photo

elmussol

elmussol@elsmussols.org

tidying up OwnCloud

 Xerta last edited: Wed, 21 Mar 2018 12:32:32 +0100  
So in my eternal quest to get a sorted out OwnCloud install, I have started to work through the errors I'm getting. I get the following message:

OwnCloud admin page wrote:
The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.


Security tips says:

Enable HTTP Strict Transport Security

While redirecting all traffic to HTTPS is good, it may not completely prevent man-in-the-middle attacks. Thus administrators are encouraged to set the HTTP Strict Transport Security header, which instructs browsers to not allow any connection to the ownCloud instance using HTTP, and it attempts to prevent site visitors from bypassing invalid certificate warnings.

This can be achieved by setting the following settings within the Apache VirtualHost file:

<VirtualHost *:443>
   ServerName cloud.owncloud.com
   Header always add Strict-Transport-Security "max-age=15768000"
</VirtualHost>


This requires the mod_headers extension in Apache.


So I'm looking for how to accomplish this in nginx.
  
Think this will include self-signed cert warnings?

I had the same thought. Don't know, but sounds like it would.
  
A self-signed cert is technically invalid as it will not offer any protection against MITM.
  last edited: Wed, 21 Mar 2018 12:31:32 +0100  
Any thoughts on apc/apcu from anyone?
webDAV/Owncloud mystery

 Xerta last edited: Thu, 22 Mar 2018 15:12:33 +0100  
As this install is just a test for me, I decided I couldn't be bothered to sort the cert issues. I am now on the Owncloud install process and I've hit a speed bump.

Near completion of the install I get:

Your web server is not yet properly setup to allow files synchronisation because the WebDAV interface seems to be broken.

Please double check the installation guides.


The installation guide says:

You don’t need any WebDAV support module for your web server (i.e. Apache’s mod_webdav) to access your ownCloud data via WebDAV. ownCloud has a built-in WebDAV server of its own.


root@pendle:~# ls -al /etc/apache2/mods-enabled/ | grep dav
root@pendle:~#


So I have no WebDAV enabled. I am confused.