ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Duplicate Headers Found But I Can't See Them

    IT Discussion
    nginx
    1
    1
    463
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • NashBrydgesN
      NashBrydges
      last edited by

      I've finally migrated all of my web servers to use Nginx as a proxy running on a separate server which does nothing but serve as a proxy and manage SSL certs. But when I check raw headers for my new Nextcloud install, I get a warning stating there are duplicates found. The server running Nextcloud has Apache but no SSL configured as that's all managed through the proxy.

      Here is the warning I get.

      0_1500992530295_76771484-17eb-4986-9b72-a5b364a6f9af-image.png

      I don't have anything else running on this server except Nginx. There are other config files but they are for separate domains so I can't understand why it is telling me I have duplicates. I got this warning from both https://securityheaders.io and https://observatory.mozilla.org. Any ideas where I should be looking?

      Here is my Nginx conf file.

      server {
   listen 80;
   server_name mydomain.com;
   return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl http2;
  server_name mydomain.com;
  
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Content-Type-Options nosniff;
  add_header Referrer-Policy strict-origin;
  ssl_stapling on;
  ssl_stapling_verify on;
  server_tokens off;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
  ssl_session_timeout 5m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_dhparam /etc/ssl/certs/dhparam.pem;
  proxy_cookie_path / "/; secure; HttpOnly";


    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://192.168.100.80;
        proxy_redirect off;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
   }
}

      My Nextcloud Apache conf file is this.

      <VirtualHost *:80>
 DocumentRoot "/var/www/nextcloud"
 ServerName mydomain.com

 ErrorLog ${APACHE_LOG_DIR}/error.log
 CustomLog ${APACHE_LOG_DIR}/access.log combined

<Directory /var/www/nextcloud/>
 Options +FollowSymlinks
 AllowOverride All

 <IfModule mod_dav.c>
 Dav off
 </IfModule>

 SetEnv HOME /var/www/nextcloud
 SetEnv HTTP_HOME /var/www/nextcloud

</Directory>

</VirtualHost>
      1 Reply Last reply Reply Quote 0
      • 1 / 1
      • First post
        Last post