diff --git a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2
index bb5b14e..e211e9d 100644
--- a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2
+++ b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2
@@ -23,6 +23,9 @@ cloud.vleeuwen.me cloud.mvl.sh {
     redir /.well-known/caldav /remote.php/dav/ 301
     
     reverse_proxy nextcloud:80
+    header {
+        Strict-Transport-Security "max-age=15552000; includeSubDomains"
+    }
     tls {{ caddy_email }}
 }
 
diff --git a/config/ansible/tasks/servers/services/nextcloud/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/nextcloud/docker-compose.yml.j2
index 2a05dce..392a0b3 100644
--- a/config/ansible/tasks/servers/services/nextcloud/docker-compose.yml.j2
+++ b/config/ansible/tasks/servers/services/nextcloud/docker-compose.yml.j2
@@ -1,6 +1,6 @@
 services:
   db:
-    image: mariadb:10.5
+    image: mariadb:11.4
     command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
     restart: unless-stopped
     volumes: