NextCloud bulletproof

To increase the security of the NextCloud instance, we work on some points of the test website and thus ensure a smooth and secured operation of our cloud.

What do we want to achieve?

A cloud that is as secure as possible on the Internet to keep our data safe and private.
This requires several steps.

This section takes care of the part HTST and Key Exchange parameters and thus an essential part of the security.
After optimizing all parts we have a cloud with 100% rating of the test platform

The open source project NextCloud is a very popular and widespread productivity platform.
Very versatile and widely extensible and with a large community.

We also use NextCloud for our communication and collaboration.

To further increase the security of the self-hosted installation, the following additions can be made to the Apache2 configuration:

SSLProtocol         all -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder on
SSLCompression      off
SSLSessionTickets   off

For this purpose, the following setting should be changed: change max-age to the value 31536000.

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

With these two changes, the HTST and Key Exchange parameters are done. We continue with the DNSSEC and Dane options.