danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
The README is your friend:
Edit: Actually, this probably isn't relevant to you, since Caddy isn't doing TLS termination for you. You'd instead need to set this on your pfSense box, wherever in the labyrinth of HAProxy settings it would be.
HTTP Strict Transport Security
When you log into your Nextcloud instance as administrator, you may see a configuration warning that HSTS is not enabled. This is intentional. HSTS is a useful security measure, but it can also lock you out of your site if certificate renewal isn't working properly. I recommend you let the system obtain its initial trusted cert, and then renewing at least once, before enabling HSTS, to ensure that automatic renewal works as intended. Ordinarily this will take about 60 days. To enable HSTS, follow these steps:
- iocage console nextcloud
- nano /usr/local/www/Caddyfile
- Uncomment (remove the #) from the line that begins with Strict-Transport-Security
- Save the edited file and exit nano.
- service caddy reload
Edit: Actually, this probably isn't relevant to you, since Caddy isn't doing TLS termination for you. You'd instead need to set this on your pfSense box, wherever in the labyrinth of HAProxy settings it would be.