š¾ Archived View for alaskalinuxuser.ddns.net āŗ 2021-07-23_5.gmi captured on 2024-09-29 at 00:07:55. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
">
57w, https://alaskalinuxuser3.ddns.net/wp-content/uploads/2021/05/nc-
300x177.png 300w" sizes="(max-width: 757px) 100vw, 757px" />
I think Iāve mentioned it before, but Iām not a security expert. Iāve been
really enjoying learning though! One of the things I was learning about today,
was how to continue making my Nextcloud more secure. Fortunately, for guys like
me, there is a āHardening_and_security_guideā online, and Iāve been making use
of it.
One thing that my Nextcloud dashboard pointed out was that I needed to make
some changes to prevent MITM (Man In The Middle) attacks. Of course, I was
already using forced redirects to make every connection use HTTPS (port 443),
even if the origin requested HTTP (port 80). But as the dashboard pointed out,
and further reading revealed in the guide, I needed to enable HSTS, or HTTP
Strict Transport Security. Seems like a mouthful to say, but according to the
guide, it was really easy to implement.
All I had to do was add these lines to my Apache2 virtual host file for my
Nextcloud page:
<IfModule mod_headers.c>\n Header always set Strict-Transport-Security
"max-age=15552000; includeSubDomains"\n </IfModule>
According to the guide, the big thing that this does is prevent the acceptance
or use of invalid certificates. So if the certificate looks sketchy, the client
will not be allowed to connect, hopefully reducing the chance of a MITM attack
that use SSL stripping. You can read_more_about_HSTS_on_Acunetix_blog.
Linux ā keep it simple.