Closed Blingoose closed 2 months ago
To solve issue 2: Your web server is not properly set up to resolve .well-known URLs, failed on: /.well-known/caldav ....
Go to usr/local/www/nextcloud/ vim .htaccess, find lines: RewriteRule ^/.well-known/carddav /remote.php/dav/ [R=301,L] RewriteRule ^/.well-known/caldav /remote.php/dav/ [R=301,L]
Then, assuming your nextcloud instance is on mydomain.com make sure to add:
RewriteRule ^/\.well-known/carddav https://%{mydomain.com}/remote.php/dav/ [R=301,L]
RewriteRule ^/\.well-known/caldav https://%{mydomain.com}/remote.php/dav/ [R=301,L]
I can confirm that change does not solve issue 2, but that isn't a surprise, as Caddy (the webserver I use in this script) doesn't use the .htaccess
file. And the error message is itself in error; the redirect does in fact happen exactly as it should:
╰─ curl -k -v https://cloud2.familybrown.org/.well-known/caldav ─╯
* Trying 192.168.1.24:443...
* Connected to cloud2.familybrown.org (192.168.1.24) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server accepted h2
* Server certificate:
* subject: CN=cloud2.familybrown.org
* start date: Apr 25 19:41:22 2024 GMT
* expire date: Jul 24 19:41:21 2024 GMT
* issuer: C=US; O=(STAGING) Let's Encrypt; CN=(STAGING) Ersatz Edamame E1
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://cloud2.familybrown.org/.well-known/caldav
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: cloud2.familybrown.org]
* [HTTP/2] [1] [:path: /.well-known/caldav]
* [HTTP/2] [1] [user-agent: curl/8.4.0]
* [HTTP/2] [1] [accept: */*]
> GET /.well-known/caldav HTTP/2
> Host: cloud2.familybrown.org
> User-Agent: curl/8.4.0
> Accept: */*
>
< HTTP/2 301
< alt-svc: h3=":443"; ma=2592000
< location: /remote.php/dav
< server: Caddy
< content-length: 0
< date: Fri, 26 Apr 2024 20:47:40 GMT
But I'll see if I can adapt this change to the Caddyfile and see if it changes anything.
It seems that there are no functional issues; the problem lies in how Nextcloud checks for these specific URLs. It appears that Nextcloud expects a '/' at the end of 'dav' in both URLs in Caddyfile.
So instead of:
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
it should be this:
redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
This trick solves the error and can be reproduced by deleting the slashes and reloading caddy.
Via Administrator Settings it says: There are some errors regarding your setup.
Your "trusted_proxies" setting is not correctly set, it should be an array of IP addresses - optionally with range in CIDR notation. For more details see the documentation ↗.
Your web server is not properly set up to resolve
.well-known
URLs, failed on:/.well-known/caldav
For more details see the documentation ↗.The first one is an easy fix in config.php: should be --> 'trusted_proxies' => ['127.0.0.1'] instead of --> 'trusted_proxies' => array ( 1 => 'localhost')
But I have no idea whatsoever how to approach the second issue.