Owncloud X: The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds

Server
1

I’ve upgraded owncloud to version X. And now get the following issue…

The “Strict-Transport-Security” HTTP header is not configured to at least “15552000” seconds. For enhanced security we recommend enabling HSTS as described in our security tips.

In /var/www/owncloud/sites-available/owncloud.conf

I’ve added to no avail "Header always set Strict-Transport-Security “max-age=15552000; includeSubDomains” :

>     Alias /owncloud "/var/www/owncloud/"
> 
>     <VirtualHost *:443>
>         ServerName adamlondon.uk.to
>         DocumentRoot /var/www/owncloud/
>     	<Directory /var/www/owncloud/>
>     	  Options +FollowSymlinks
>     	  AllowOverride All
> 
>     	<IfModule mod_dav.c>
>     	  Dav off
>      	</IfModule>
> 
>     	 SetEnv HOME /var/www/owncloud
>     	 SetEnv HTTP_HOME /var/www/owncloud
>     	 Satisfy Any
>     	</Directory>
>         <Directory "/var/www/owncloud/data/">
>                    Require all denied
>         </Directory>
**>     	<IfModule mod_headers.c>**

** > Header always set Strict-Transport-Security “max-age=15552000; includeSubDomains”**
** > **
>

And /var/www/owncloud/.htaccess

Header always set X-Frame-Options "SAMEORIGIN"
Header      unset X-Download-Options
Header always set X-Download-Options "noopen"
Header      unset X-Permitted-Cross-Domain-Policies
Header always set X-Permitted-Cross-Domain-Policies "none"
SetEnv modHeadersAvailable true
  </IfModule>

  # Let browsers cache CSS, JS files for half a year
  <FilesMatch "\.(css|js)$">
Header      unset Cache-Control
Header always set Cache-Control "max-age=15778463"
  </FilesMatch>

  # Let browsers cache WOFF files for a week
  <FilesMatch "\.woff$">
Header      unset Cache-Control
Header always set Cache-Control "max-age=604800"
  </FilesMatch>
</IfModule>

<IfModule mod_php5.c>
php_value always_populate_raw_post_data -1
php_value upload_max_filesize 513M
php_value post_max_size 513M
php_value memory_limit 512M
php_value mbstring.func_overload 0
php_value default_charset 'UTF-8'
php_value output_buffering 0
<IfModule mod_env.c>
  SetEnv htaccessWorking true
</IfModule>
</IfModule>

<IfModule mod_php7.c>
php_value upload_max_filesize 513M
php_value post_max_size 513M
php_value memory_limit 512M
php_value mbstring.func_overload 0
php_value default_charset 'UTF-8'
php_value output_buffering 0
<IfModule mod_env.c>
  SetEnv htaccessWorking true
</IfModule>
</IfModule>

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
  RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.*
  RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>
<IfModule mod_mime.c>
  AddType image/svg+xml svg svgz
  AddEncoding gzip svgz
</IfModule>
<IfModule mod_dir.c>
  DirectoryIndex index.php index.html
</IfModule>
AddDefaultCharset utf-8
Options -Indexes
<IfModule pagespeed_module>
  ModPagespeed Off
</IfModule>
#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####

**<IfModule mod_headers.c>**

** Header always set Strict-Transport-Security “max-age=15552000; includeSubDomains”**
** **

ErrorDocument 403 /owncloud/core/templates/403.php
ErrorDocument 404 /owncloud/core/templates/404.php

Server configuration

Operating system:
Ubuntu

Web server:
Apache/2.4.18 (Ubuntu)

Database:
sqlite3.11

PHP version:
7.0.33

ownCloud version: (see ownCloud admin page)
10.2.0.5

Updated from an older ownCloud or fresh install:
upgrade

Where did you install ownCloud from:
ubuntu owncloud repo
7.0.33

Signing status (ownCloud 9.0 and above):
???

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and puth the link here.

Technical information

The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results

  • core
    • EXCEPTION
      • UnexpectedValueException
      • RecursiveDirectoryIterator::__construct(/var/www/owncloud/backup/owncloud/data): failed to open dir: Permission denied

Raw output

Array
(
[core] => Array
(
[EXCEPTION] => Array
(
[class] => UnexpectedValueException
[message] => RecursiveDirectoryIterator::__construct(/var/www/owncloud/backup/owncloud/data): failed to open dir: Permission denied
)

    )

)

How do I resolve this issue?

2

Why do you have your backup directory inside the ownCloud directory?

Can you move it outside of of ownCloud?

3

Do you have the module headers enabled?
In Ubuntu the easiest way to check is running:

a2enmod headers

If it is already enabled it will tell you the following:

Module headers already enabled

And otherwise:

root@ubuntu1804:~$ a2enmod headers
Enabling module headers.
To activate the new configuration, you need to run:
  systemctl restart apache2
3 Likes
4

Thanks, you helped me a lot!