Strict-Transport-Security" HTTP header is not set

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
eglider86
Posts: 30
Joined: Sat Mar 20, 2021 10:12 am

Strict-Transport-Security" HTTP header is not set

Post by eglider86 »

Hi,
I have a running Dietpi Nextcloud hosted on my rp3 using ddns.net. Everything works fine. Great program. Thank you.
However while updating have received a security message of "Strict-Transport-Security" HTTP header is not set". Tried to follow the provided link to fix it but, did not succeed. Searched the net the information was a bit inconsisten for me. I would like to ask for help if something is necessary to be done and if yes how.
thanks
Andrew
User avatar
Joulinar
Posts: 4504
Joined: Sat Nov 16, 2019 12:49 am

Re: Strict-Transport-Security" HTTP header is not set

Post by Joulinar »

Hi,

Can you share some more information. Where do you have seen that message and which link you followed? As well did you restart your system after changing some parameters?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
eglider86
Posts: 30
Joined: Sat Mar 20, 2021 10:12 am

Re: Strict-Transport-Security" HTTP header is not set

Post by eglider86 »

Settings/Administration/Overview
"The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗."

security tips link
User avatar
Joulinar
Posts: 4504
Joined: Sat Nov 16, 2019 12:49 am

Re: Strict-Transport-Security" HTTP header is not set

Post by Joulinar »

That's a message inside Nextcloud? Can you share the link pls !
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
eglider86
Posts: 30
Joined: Sat Mar 20, 2021 10:12 am

Re: Strict-Transport-Security" HTTP header is not set

Post by eglider86 »

Also there are some recommendation whereby i am not sure what to do.

"This instance is missing some recommended PHP modules. For improved performance and better compatibility it is highly recommended to install them.

bcmath
gmp
imagick

"
User avatar
Joulinar
Posts: 4504
Joined: Sat Nov 16, 2019 12:49 am

Re: Strict-Transport-Security" HTTP header is not set

Post by Joulinar »

The message regarding the php modules are not relevant and can be ignored

One more question, what is the web server you are using?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
eglider86
Posts: 30
Joined: Sat Mar 20, 2021 10:12 am

Re: Strict-Transport-Security" HTTP header is not set

Post by eglider86 »

It runs on rp3 DietPi behind my rooter with port forwarding. Is that what you asked?
User avatar
Joulinar
Posts: 4504
Joined: Sat Nov 16, 2019 12:49 am

Re: Strict-Transport-Security" HTTP header is not set

Post by Joulinar »

not really :)

did you select any specific web server on DietPi or did you go with default settings?

Let's check ss -tulpn | grep LISTEN

btw: HSTS could have been set using dietpi-letsencrypt ;)

picture.PNG
picture.PNG (22.92 KiB) Viewed 250 times
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
takefour
Posts: 1
Joined: Fri Apr 16, 2021 8:34 am

Re: Strict-Transport-Security" HTTP header is not set

Post by takefour »

what is the web server you are using?
Post Reply