Apache :: Enable HTTP Strict Transport Security

iCone · Joined: 11 Jul 2016 Posts: 2

After installing owncloud on one of our Centos 6 servers I'm trying to make a change to our web server configuration as per the owncloud admin guides in order to increment the max-age to 15768000.

Inserted the following lines to the httpd.conf:
<VirtualHost *:443>
ServerName cloud.xxxxxxxxxx.com
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
</IfModule>
</VirtualHost>

But Apache fails to start, get this message:
[Mon Jul 11 10:57:33 2016] [warn] _default_ VirtualHost overlap on port 443, the first has precedence

Looked a bit and seems that ssl.conf is the guilty party, what do I need to to in order to make this work while keeping SSL active?

gijs · Joined: 27 Apr 2012 Posts: 189 Location: The Netherlands

That error indicates that there is another web site running on port 443. (The default one?)

It has nothing to do with http strict transport security.

Jan-E · Joined: 09 Mar 2012 Posts: 1266 Location: Amsterdam, NL, EU

You only have to insert these lines into your existing virtualhosts:

iCone · Joined: 11 Jul 2016 Posts: 2

Worked, thanks!!!