Create cron job to update my DDNS with my dynamic IP address, (so far my IP address hasn’t changed since I started using the DDNS)…
1) crontab -e (this is the crontab edit command)
2) add the following line (without double quotes) at the bottom of the file to run the script every 10 minutes, “*/10 * * * * /path to script/rinker.sh >/dev/null 2>&1”
rinker.sh is the script that ChangeIP provided to update the IP address. The script creates /var/log/changeip.log with the status.
There could be many reasons I can’t reach my server. But if it’s due to my ISP changing my IP address, I should be able to access it again within 10 minutes.
Hardening my NextCloud server
I previously said I thought I was basically finished setting up NextCloud.
Well surprise…surprise. The NextCloud Administrator account has an “overview” section that looks at your server and Flags potential problems and makes useful recommendations!
The following solution may specifically help someone getting the message…
The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds
and used certbot to install the Let’s Encrypt SSL certificate. If you want to skip the boring details just jump down to Solution.
I can’t tell you how many times I googled trying to find a solution.
In my case, YMMV, I enhanced the problem for myself by following a Digital Ocean document describing “How To Set Up Apache Virtual Hosts on Ubuntu”.
Digital Ocean is known for creating great documentation and the fault lies with me for assumptions I made.
So starting there just created so many problems.
However in my defense this problem was repeated time and time again in googles search’s. Many people had problems with this!
I created a /etc/apache2/sites-available/myserver.conf file and added the following 3 lines…
<IfModule mod_headers.c>
Header always set Strict-Transport-Security “max-age=15552000; includeSubDomains; preload” </IfModule>
Then enabled it with: a2ensite myserver.conf
I then restarted apache.
No luck!
I added it to /var/www/http/nextcloud/.htaccess
No luck!
I googled and googled and edited and reedited!
Solution
Finally I added the <IfModule> code shown above to /etc/apache2/sites-available/000-default-le-ssl.conf which I believe was created by Let’s Encrypt certbot…duh!…and it worked!
In hind site it makes sense (isn’t that always the way) because that’s where the SSLcerts are defined. So I didn’t need to create ANY config files, I just needed to edit the one, I assume that certbot created.