From c143accdfcffa15a3a93773a6da77660a015375b Mon Sep 17 00:00:00 2001
From: Giuseppe C <AvverbioPronome@users.noreply.github.com>
Date: Fri, 24 Jul 2020 09:37:58 +0200
Subject: do not hsts preload by default, only serve hsts header over https

Signed-off-by: Giuseppe C <AvverbioPronome@users.noreply.github.com>
---
 bin/ncp/CONFIG/nc-nextcloud.sh | 11 +++++++++++
 changelog.md                   |  4 +++-
 lamp.sh                        |  6 ------
 ncp.sh                         |  3 +++
 4 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/bin/ncp/CONFIG/nc-nextcloud.sh b/bin/ncp/CONFIG/nc-nextcloud.sh
index fb1205bb..de5f45a2 100644
--- a/bin/ncp/CONFIG/nc-nextcloud.sh
+++ b/bin/ncp/CONFIG/nc-nextcloud.sh
@@ -194,6 +194,9 @@ EOF
     LimitRequestBody 0
     SSLRenegBufferSize 10486000
   </Directory>
+  <IfModule mod_headers.c>
+    Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
+  </IfModule>
 </IfModule>
 EOF
   a2ensite nextcloud
@@ -206,6 +209,14 @@ EOF
     RewriteCond %{HTTPS} !=on
     RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
   </IfModule>
+  <Directory /var/www/nextcloud/>
+    Options +FollowSymlinks
+    AllowOverride All
+    <IfModule mod_dav.c>
+      Dav off
+    </IfModule>
+    LimitRequestBody 0
+  </Directory>
 </VirtualHost>
 EOF
 
diff --git a/changelog.md b/changelog.md
index d127b4c3..3dc9390e 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,7 @@
 
-[v1.29.6](https://github.com/nextcloud/nextcloudpi/commit/55e16b2) (2020-08-29) ncp-web: Fix the style of the language selection dropdown (chrome)
+[v1.29.7](https://github.com/nextcloud/nextcloudpi/commit/d98e7ad) (2020-07-24) do not hsts preload by default, only serve hsts header over https
+
+[v1.29.6](https://github.com/nextcloud/nextcloudpi/commit/14b78e3) (2020-08-29) ncp-web: Fix the style of the language selection dropdown (chrome)
 
 [v1.29.5 ](https://github.com/nextcloud/nextcloudpi/commit/34e84ba) (2020-08-30) ncp-web: fix initial screen displaying all sections
 
diff --git a/lamp.sh b/lamp.sh
index 2d25eb2a..a5c3a71d 100644
--- a/lamp.sh
+++ b/lamp.sh
@@ -73,12 +73,6 @@ SSLUseStapling          on
 SSLStaplingResponderTimeout 5
 SSLStaplingReturnResponderErrors off
 SSLStaplingCache        shmcb:/var/run/ocsp(128000)
-EOF
-
-    cat >> /etc/apache2/apache2.conf <<EOF
-<IfModule mod_headers.c>
-  Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
-</IfModule>
 EOF
 
     # CONFIGURE PHP7
diff --git a/ncp.sh b/ncp.sh
index 4e532c9e..2c57fb8f 100644
--- a/ncp.sh
+++ b/ncp.sh
@@ -73,6 +73,9 @@ Listen 4443
   SSLEngine on
   SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
   SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+  <IfModule mod_headers.c>
+    Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
+  </IfModule>
 
   # 2 days to avoid very big backups requests to timeout
   TimeOut 172800
-- 
cgit v1.2.3