Enable strict transport security

roles/nextcloud/templates/apache2-vhost-ssl.conf

@@ -9,15 +9,7 @@ SSLStrictSNIVHostCheck off
 # Website configuration
 <VirtualHost *:80>
 	ServerName {{ nextcloud_url }}
-	# Uncomment me for HTTPS redirection
-	# Leaving it off for now for testing
-	#Redirect permanent / https://{{ nextcloud_url }}
-	DocumentRoot {{ nextcloud_webroot }}
-	<Directory "{{ nextcloud_webroot }}">
-		Require all granted
-		AllowOverride All
-		Options MultiViews FollowSymlinks
-	</Directory>
+	Redirect permanent / https://{{ nextcloud_url }}
 </VirtualHost>
 <VirtualHost *:443>
 	SSLEngine on
@@ -36,4 +28,7 @@ SSLStrictSNIVHostCheck off
 		AllowOverride All
 		Options MultiViews FollowSymlinks
 	</Directory>
+	<IfModule mod_headers.c>
+		Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
+	</IfModule>
 </VirtualHost>