-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapache.conf
More file actions
41 lines (32 loc) · 1.73 KB
/
apache.conf
File metadata and controls
41 lines (32 loc) · 1.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<VirtualHost *:80>
ServerName your.domain.com
# Redirect HTTP to HTTPS
Redirect permanent / https://your.domain.com/
</VirtualHost>
<VirtualHost *:443>
ServerName your.domain.com
# Enable SSL
SSLEngine on
SSLCertificateFile /path/to/your/fullchain.pem
SSLCertificateKeyFile /path/to/your/privkey.pem
# HSTS (HTTP Strict Transport Security)
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Additional security headers
Header always set Referrer-Policy "no-referrer"
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
# Reverse proxy to Nextcloud
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
# Preserve the Host header
ProxyPreserveHost On
# Forward the original client IP to your Nextcloud instance
RequestHeader set X-Forwarded-For %{REMOTE_ADDR}s
</VirtualHost>
# Key Points:
# - SSL Configuration: Replace /path/to/your/fullchain.pem and /path/to/your/privkey.pem with the actual paths to your SSL certificate and private key files.
# - HSTS Configuration: The Strict-Transport-Security header is set to enable HSTS with a max age of 1 year, including subdomains, and allows for preloading.
# - Security Headers: Additional security headers are set to enhance the security of your Nextcloud instance.
# - Reverse Proxy: The ProxyPass and ProxyPassReverse directives are used to forward requests to your Nextcloud instance running on localhost:8080.
# - Client IP Forwarding: The RequestHeader set X-Forwarded-For directive is used to forward the original client IP address to your Nextcloud instance.