keboose
Explorer
- Joined
- Mar 5, 2016
- Messages
- 92
I have an owncloud jail set up, the current 9.1.2 version. I have SSL set up correctly, so if I go to https://mysite.com or https://www.mysite.com I get the login page for the server.
I have a problem in that sometimes, if I do not use the secure link, it does not load the login page. I believe I have not completed the setup to the level the jail is expecting, as evidenced by the error at the top of the admin page in the web UI:
Their security tips page describes what to add to force a redirect to the secure site, but I am unsure how to add what the site is suggesting. I found a virtualhosts file under the directory "/usr/pbi/owncloud-amd64/etc/apache24/extra/httpd-vhosts.conf" but it only had two generic examples of "<VirtualHost *:80>" blocks, so it doesn't look (to me) like that's the actual file apache uses for virtual hosts.
I don't want to edit any files that could mess up the web UI if I mess it up, so I'd like to make sure: Is this the correct file to edit for HTTPS redirects? If so, should I be adding an anything besides what is shown on the owncloud guide page? I would like to add the "HSTS" line and the HTTPS force redirect.
I have a problem in that sometimes, if I do not use the secure link, it does not load the login page. I believe I have not completed the setup to the level the jail is expecting, as evidenced by the error at the top of the admin page in the web UI:
Code:
The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.
Their security tips page describes what to add to force a redirect to the secure site, but I am unsure how to add what the site is suggesting. I found a virtualhosts file under the directory "/usr/pbi/owncloud-amd64/etc/apache24/extra/httpd-vhosts.conf" but it only had two generic examples of "<VirtualHost *:80>" blocks, so it doesn't look (to me) like that's the actual file apache uses for virtual hosts.
I don't want to edit any files that could mess up the web UI if I mess it up, so I'd like to make sure: Is this the correct file to edit for HTTPS redirects? If so, should I be adding an anything besides what is shown on the owncloud guide page? I would like to add the "HSTS" line and the HTTPS force redirect.