diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6da60c0c..b9d77908 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,7 +18,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
* Use systemd module instead of command
* Removed all "warn: False" args in command, shell and other modules as it's been deprecated and will give a hard fail in ansible-core 2.14.0.
-* webapp/nextcloud : Change default data directory to be outside web root
+* webapps/nextcloud : Change default data directory to be outside web root
+* webapps/nextcloud : Small enhancement on the vhost template to lock out data dir
### Fixed
diff --git a/webapps/nextcloud/templates/apache-vhost.conf.j2 b/webapps/nextcloud/templates/apache-vhost.conf.j2
index ff9f621c..556fa4cb 100644
--- a/webapps/nextcloud/templates/apache-vhost.conf.j2
+++ b/webapps/nextcloud/templates/apache-vhost.conf.j2
@@ -5,9 +5,11 @@
ServerAlias {{ domain_alias }}
{% endfor %}
+ # SSL
# SSLEngine on
# SSLCertificateFile /etc/letsencrypt/live/{{ nextcloud_instance_name }}/fullchain.pem
# SSLCertificateKeyFile /etc/letsencrypt/live/{{ nextcloud_instance_name }}/privkey.pem
+ # Header always set Strict-Transport-Security "max-age=15552000"
DocumentRoot {{ nextcloud_webroot }}/
@@ -21,6 +23,15 @@
+
+ Require all denied
+ AllowOverride None
+
+
+ Dav off
+
+
+
# SSL Redirect
# RewriteEngine On
# RewriteCond %{HTTPS} !=on