Enable HSTS Nextcloud docker

ZeLion54 · February 18, 2025, 5:06pm

Hello guys, I'm struggling to eliminate this error from nextcloud:

Some headers are not set correctly on your instance - The Strict-Transport-Security HTTP header is not set (should be at least 15552000 seconds). For enhanced security, it is recommended to enable HSTS. For more details see the documentation .

Tried adding this into labels and many more 'solutions' from internet but without luck:

labels:
  - "traefik.http.middlewares.testHeader.headers.framedeny=true"
  - "traefik.http.middlewares.testHeader.headers.browserxssfilter=true"

If anyone could help I would be grateful.

bluepuma77 · February 18, 2025, 7:36pm

The doc you linked states which header to set:

Strict-Transport-Security "max-age=15552000; includeSubDomains"

ZeLion54 · February 18, 2025, 8:35pm

Ok I eliminated error with these labels:

        - traefik.http.middlewares.nextcloudHeader.headers.stsSeconds=15752000
        - traefik.http.middlewares.nextcloudHeader.headers.stsIncludeSubdomains=true
        - traefik.http.middlewares.nextcloudHeader.headers.stsPreload=true
        - traefik.http.middlewares.nextcloudHeader.headers.forceSTSHeader=true
        - traefik.http.routers.nextcloud.middlewares=nextcloudHeader

Thank you! Resolved

system · February 21, 2025, 8:35pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
HTTP Strict Transport Security Traefik v2 docker , middleware , cli	3	15153	January 13, 2020
Problem with cyphers and HSTS Traefik v2 docker	0	1670	November 25, 2019
Nextcloud with Cal/Cardav routing Traefik v2 docker	9	8861	January 20, 2023
Docker Traefik Headers not set Traefik v2 docker , middleware	6	2357	October 1, 2020
Setting HSTS headers Traefik v2 docker , docker-swarm , file , middleware	1	5996	January 17, 2020

Enable HSTS Nextcloud docker

Related topics