I’ve recently started to move the stuff I host to Docker, using the Traefik reverse proxy as the SSL termination.
Traefik is a really nice piece of software, but unfortunately while the documentation is great, it’s somewhat missing in tutorials and examples.
Among other things, I host a Nextcloud instance, and among the security suggestions, it tells me to add a Strict-Transport-Security header with a value of at least 15552000.
In my case, it was not strictly necessary as edzilla.info is already using HSTS preloading, but I wanted to follow the security suggestions to the letter.
To add the header to any host reverse proxied service, you simply have to add a label such as this:
traefik.frontend.headers.customResponseHeaders=Strict-Transport-Security:15552000