nextcloud.conf

#   cat /etc/apache2/sites-available/nextcloud.conf
<VirtualHost *:80>
    RewriteEngine On
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

<VirtualHost *:443>
        Protocols h2 h2c http/1.1

        ServerName nextcloud.duckdns.org

        ServerAdmin xyz@gmail.com
        DocumentRoot /var/www/nextcloud/

        <IfModule mod_headers.c>
                Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
        </IfModule>

          <Directory /var/www/nextcloud/>
            Require all granted
            AllowOverride All
            Options FollowSymLinks MultiViews

            <IfModule mod_dav.c>
              Dav off
            </IfModule>
          </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # Intermediate configuration
        Header add Strict-Transport-Security: "max-age=15552000;includeSubdomains"
        SSLEngine               on
        SSLCompression          off
        SSLProtocol             -all +TLSv1.2 +TLSv1.3
        SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        SSLHonorCipherOrder     off
        SSLSessionTickets       off
        ServerSignature         off

        #SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
        #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        SSLCertificateFile      /etc/ssl/certs/nextcloud.duckdns.org.cer
        SSLCertificateKeyFile /etc/ssl/private/nextcloud.duckdns.org.key

        #   Server Certificate Chain:
        #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
        SSLCertificateChainFile /etc/apache2/ssl.crt/nextcloud.fullchain.cer

        #   Certificate Authority (CA):
        #SSLCACertificatePath /etc/ssl/certs/
        #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
        SSLCACertificateFile /etc/apache2/ssl.crt/nextcloud.ca.cer

        #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>
</VirtualHost>