Hello,
I've got traefik and nextcloud up and running. Now I would like to set the HTTP Strict Transport Security to 15552000 as recommended by nextcloud. Unfortunately this does not work. Nextcloud still shows me in the settings "The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds".
What could be the reason for this?
My docker-compose file looks like this:
version: "3.6"
services:
traefik:
container_name: traefik
image: "traefik:latest"
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker
- --api
- "--log.level=DEBUG"
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge=true"
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myhttpchallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myhttpchallenge.acme.email=mail@mail.com"
- "--certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./letsencrypt:/letsencrypt"
labels:
# Dashboard
- "traefik.http.routers.traefik.rule=Host(`traefik.domain.com`)"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.tls.certresolver=myhttpchallenge"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.middlewares=authtraefik"
- "traefik.http.middlewares.authtraefik.basicauth.users=user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/" # user/password
# global redirect to https
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
# middleware redirect
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
#hsts
- "traefik.http.middlewares.nextcloudHeader.headers.stsSeconds=15552000"
- "traefik.http.middlewares.nextcloudHeader.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.nextcloudHeader.headers.stsPreload=true"
- "traefik.http.middlewares.nextcloudHeader.headers.forceSTSHeader=true"
restart: always
nextcloud:
container_name: nextcloud
image: "nextcloud:latest"
environment:
- "MYSQL_DATABASE=nextcloud"
- "MYSQL_USER=nextcloud"
- "MYSQL_PASSWORD=password"
- "MYSQL_HOST=database"
- "NEXTCLOUD_ADMIN_USER=user"
- "NEXTCLOUD_ADMIN_PASSWORD=password"
- "NEXTCLOUD_TRUSTED_DOMAINS=subdomain.domain.com"
labels:
- "traefik.http.routers.nextcloud.rule=Host(`subdomain.domain.com`)"
- "traefik.http.routers.nextcloud.entrypoints=websecure"
- "traefik.http.routers.nextcloud.tls=true"
- "traefik.http.routers.nextcloud.tls.certresolver=myhttpchallenge"
restart: always
Thanks