FreeNAS Owncloud Plugin Enabling Strict-Security

[adrastos20006]

I am hoping somebody can help. I am running FreeNAS 9.3 and using the the owncloud plugin 9.1.2. All is going well with the simple installation of the plugin and the initial log in. I am trying to harden the server some from a security aspect and would like to enable Strict-Security. In the owncloud admin panel I am getting this warning:

"Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.

I don't know where to put this:

Code:

<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>

I have it in the /mnt/data1/jails_10/owncloud_1/usr/pbi/owncloud-am64/etc/apache24/extra/http-default.conf and httpd-ssl.conf

I am struggling with how to get this implemented in a FreeNAS plugin owncloud environment. Hoping somebody can help.

Thanks. sb

 

[DrKK]

Sir:

This is not really a FreeNAS question. This is an OwnCloud question.

The OwnCloud guys are usually pretty responsive. I recommend contacting them on either their irc channel (#owncloud on freenode), or their forums.

 

[adrastos20006]

The only thing is that enabling this is related to how the web functions are handled and that configuration is different in FreeNAS and its use of jails as compared to standard owncloud and standard apache configuration. So, hoping that somebody that is really aware of apache configuration inside of FreeNAS will be able to help.

 

[danb35]

This is an OwnCloud question.

No, it really isn't that either. It's a web server (Apache/nginx) question. Except that the locations of config files are very non-standard with the plugin installations--I have no idea where the .pbi puts them.

 

[adrastos20006]

I found it after searching for quite a while and navigating the different Jails that are on my system. I modified the "httpd.conf" file located at /mnt/data1/jails_1/owncloud/usr/pbi/owncloud-amd64/etc/apache24/ I added the following to the file:

<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>

"NOTE: The directory for you will be slightly different, but for the most part it will be in a location named similar to above."

Additionally, I added the following to the .htaccess file to get Freenas plugin version of owncloud to redirect to https

Directory:
/mnt/data1/jails_11/owncloud_1/usr/pbi/owncloud-amd64/www/owncloud/

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://"yourIPaddress"/$1 [R,L]

 

[Jailer]

Will that survive an upgrade?

 

[DrKK]

I assume you mean an upgrade of the Plugin (because obviously it would survive an upgrade of FreeNAS).

This is why I never use the plugins. :)

 

[Jailer]

I assume you mean an upgrade of the Plugin

Correct.

 

[adrastos20006]

I believe it will survive an upgrade, but not a deletion and new install.