Enable HTTP Strict Transport Security on Ubuntu

webserver_issue

#1

Hello,
I've tried to follow this tutorial ( https://doc.owncloud.org/server/9.1/admin_manual/configuration_server/harden_server.html )
Steps to reproduce
1. Add the following line :

<VirtualHost *:443>
  ServerName cloud.owncloud.com
    <IfModule mod_headers.c>
      Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
    </IfModule>
 </VirtualHost>

To /etc/apache2/conf-enabled/owncloud.conf file
2. restart apache2
3. get this error message :

[Sun Aug 28 19:02:24.406570 2016] [ssl:emerg] [pid 3095] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)

I guess I have to add

SSLCertificateKeyFile /etc/apache2/ssl/owncloud.key

in a configuration file, but which one ?

Expected behaviour
Not having the error :slight_smile:

Actual behaviour
apache2 error

Server configuration
Operating system: Ubuntu 14.04
Web server: delestre.io/owncloud
Database: mysql
PHP version: 5.5.9
ownCloud version (see ownCloud admin page): 9.1.0
Updated from an older ownCloud or fresh install: fresh install
ownCloud log (data/owncloud.log, see https://central.owncloud.org/t/how-to-find-webserver-or-oc-logfile-enable-php-logfile/808):


#2

Hi,

for configuration help with your webserver its advised to contact a community like:

http://www.apachelounge.com/

where you can reach more experts on this topics.

As configuring SSL is also nothing ownCloud specific you will find plenty of tutorials how to configure your webserver on the net. Very good ones are the ones from digital ocean for example:

https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04

https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority

https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-with-a-free-signed-ssl-certificate-on-a-vps


#3

It only says what you have to add to your SSL-VirtualHost (on top of the other entries).