Issues after fresh install using latest (new) Nextcloud version 29

[Blingoose]

Via Administrator Settings it says: There are some errors regarding your setup.

1. Your "trusted_proxies" setting is not correctly set, it should be an array of IP addresses - optionally with range in CIDR notation. For more details see the documentation ↗.

2. Your web server is not properly set up to resolve .well-known URLs, failed on: /.well-known/caldav For more details see the documentation ↗.

The first one is an easy fix in config.php: should be --> 'trusted_proxies' => ['127.0.0.1'] instead of --> 'trusted_proxies' => array ( 1 => 'localhost')

But I have no idea whatsoever how to approach the second issue.

[Blingoose]

UPDATE: THIS IS NOT THE SOLUTION, MY BAD.

To solve issue 2: Your web server is not properly set up to resolve .well-known URLs, failed on: /.well-known/caldav ....

Go to usr/local/www/nextcloud/ vim .htaccess, find lines: RewriteRule ^/.well-known/carddav /remote.php/dav/ [R=301,L] RewriteRule ^/.well-known/caldav /remote.php/dav/ [R=301,L]

Then, assuming your nextcloud instance is on mydomain.com make sure to add:

RewriteRule ^/\.well-known/carddav https://%{mydomain.com}/remote.php/dav/ [R=301,L]
RewriteRule ^/\.well-known/caldav https://%{mydomain.com}/remote.php/dav/ [R=301,L]

[danb35]

I can confirm that change does not solve issue 2, but that isn't a surprise, as Caddy (the webserver I use in this script) doesn't use the .htaccess file. And the error message is itself in error; the redirect does in fact happen exactly as it should:

╰─ curl -k -v https://cloud2.familybrown.org/.well-known/caldav                                                                  ─╯
*   Trying 192.168.1.24:443...
* Connected to cloud2.familybrown.org (192.168.1.24) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=cloud2.familybrown.org
*  start date: Apr 25 19:41:22 2024 GMT
*  expire date: Jul 24 19:41:21 2024 GMT
*  issuer: C=US; O=(STAGING) Let's Encrypt; CN=(STAGING) Ersatz Edamame E1
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://cloud2.familybrown.org/.well-known/caldav
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: cloud2.familybrown.org]
* [HTTP/2] [1] [:path: /.well-known/caldav]
* [HTTP/2] [1] [user-agent: curl/8.4.0]
* [HTTP/2] [1] [accept: */*]
> GET /.well-known/caldav HTTP/2
> Host: cloud2.familybrown.org
> User-Agent: curl/8.4.0
> Accept: */*
>
< HTTP/2 301
< alt-svc: h3=":443"; ma=2592000
< location: /remote.php/dav
< server: Caddy
< content-length: 0
< date: Fri, 26 Apr 2024 20:47:40 GMT

But I'll see if I can adapt this change to the Caddyfile and see if it changes anything.

[Blingoose]

UPDATE: THIS IS THE SOLUTION.

It seems that there are no functional issues; the problem lies in how Nextcloud checks for these specific URLs. It appears that Nextcloud expects a '/' at the end of 'dav' in both URLs in Caddyfile.

So instead of:

redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301

it should be this:

redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301

This trick solves the error and can be reproduced by deleting the slashes and reloading caddy.