From c143accdfcffa15a3a93773a6da77660a015375b Mon Sep 17 00:00:00 2001
From: Giuseppe C <AvverbioPronome@users.noreply.github.com>
Date: Fri, 24 Jul 2020 09:37:58 +0200
Subject: do not hsts preload by default, only serve hsts header over https

Signed-off-by: Giuseppe C <AvverbioPronome@users.noreply.github.com>
---
 bin/ncp/CONFIG/nc-nextcloud.sh | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'bin')

diff --git a/bin/ncp/CONFIG/nc-nextcloud.sh b/bin/ncp/CONFIG/nc-nextcloud.sh
index fb1205bb..de5f45a2 100644
--- a/bin/ncp/CONFIG/nc-nextcloud.sh
+++ b/bin/ncp/CONFIG/nc-nextcloud.sh
@@ -194,6 +194,9 @@ EOF
     LimitRequestBody 0
     SSLRenegBufferSize 10486000
   </Directory>
+  <IfModule mod_headers.c>
+    Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
+  </IfModule>
 </IfModule>
 EOF
   a2ensite nextcloud
@@ -206,6 +209,14 @@ EOF
     RewriteCond %{HTTPS} !=on
     RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
   </IfModule>
+  <Directory /var/www/nextcloud/>
+    Options +FollowSymlinks
+    AllowOverride All
+    <IfModule mod_dav.c>
+      Dav off
+    </IfModule>
+    LimitRequestBody 0
+  </Directory>
 </VirtualHost>
 EOF
 
-- 
cgit v1.2.3