[Bug]: Your web server is not properly set up to resolve .well-known URLs, failed on: /.well-known/webfinger

Lawkss commented 3 months ago

⚠️ This issue respects the following points: ⚠️

[X] This is a bug, not a question or a configuration/webserver/proxy issue.
[X] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
[X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
[X] I agree to follow Nextcloud's Code of Conduct.

Bug description

When upgrading from NC28 to NC29 the following error appeared:

Your web server is not properly set up to resolve .well-known URLs, failed on: /.well-known/webfinger

However going to mydomain.tld.com/.wellknown/webfinger correctly redirects to /myNCsubdir/.wellknown/webfinger

{
    "message": "webfinger not supported"
}

My config has not changed from NC28 and worked for many main releases of NC:

Redirect 301 /.well-known/carddav /MYSUBDIR/remote.php/dav
Redirect 301 /.well-known/caldav /MYSUBDIR/remote.php/dav
Redirect 301 /.well-known/webfinger /MYSUBDIR/index.php/.well-known/webfinger
Redirect 301 /.well-known/nodeinfo /MYSUBDIR/index.php/.well-known/nodeinfo

This what I have been using in the apache conf. Only webfinger is reported as failed.

Using RewriteRule in .htaccess as per documentation does not solve the problem. Using RewriteRule in vhost as per documentation with additional ^/\ does not solve the problem.

Steps to reproduce

Upgrade NC28 to 29 with a subdirectory install.
Go to config check page/update page.

Expected behavior

I would expect it to detect it is working.

Installation method

Community Web installer on a VPS or web space

Nextcloud Server version

29

Operating system

RHEL/CentOS

PHP engine version

PHP 8.3

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Upgraded to a MAJOR version (ex. 22 to 23)

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

[X] Default user-backend (database)
[ ] LDAP/ Active Directory
[ ] SSO - SAML
[ ] Other

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "vom-bruch.com"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "29.0.1.1",
        "overwrite.cli.url": "https:\/\/vom-bruch.com\/cloud",
        "htaccess.RewriteBase": "\/cloud",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "mail_smtpmode": "smtp",
        "mail_smtpsecure": "ssl",
        "mail_sendmailmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_smtpauth": 1,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "filelocking.enabled": true,
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "timeout": 0
        },
        "default_phone_region": "AT",
        "simpleSignUpLink.shown": false,
        "app_install_overwrite": [
            "unsplash"
        ],
        "maintenance": false,
        "theme": "",
        "loglevel": 2,
        "maintenance_window_start": 1,
        "updater.release.channel": "stable"

List of activated Apps

Enabled:
  - activity: 2.21.1
  - bruteforcesettings: 2.9.0
  - calendar: 4.7.4
  - circles: 29.0.0-dev
  - cloud_federation_api: 1.12.0
  - comments: 1.19.0
  - contacts: 6.0.0
  - contactsinteraction: 1.10.0
  - dashboard: 7.9.0
  - dav: 1.30.1
  - federatedfilesharing: 1.19.0
  - federation: 1.19.0
  - files: 2.1.0
  - files_downloadlimit: 2.0.0
  - files_pdfviewer: 2.10.0
  - files_reminders: 1.2.0
  - files_sharing: 1.21.0
  - files_trashbin: 1.19.0
  - files_versions: 1.22.0
  - firstrunwizard: 2.18.0
  - logreader: 2.14.0
  - lookup_server_connector: 1.17.0
  - mail: 3.6.1
  - nextcloud_announcements: 1.18.0
  - notes: 4.10.0
  - notifications: 2.17.0
  - oauth2: 1.17.0
  - passman: 2.4.9
  - password_policy: 1.19.0
  - photos: 2.5.0
  - privacy: 1.13.0
  - provisioning_api: 1.19.0
  - recommendations: 2.1.0
  - related_resources: 1.4.0
  - richdocuments: 8.4.2
  - richdocumentscode: 24.4.201
  - serverinfo: 1.19.0
  - settings: 1.12.0
  - sharebymail: 1.19.0
  - spreed: 19.0.1
  - support: 1.12.0
  - survey_client: 1.17.0
  - suspicious_login: 7.0.0
  - systemtags: 1.19.0
  - text: 3.10.0
  - theming: 2.4.0
  - twofactor_backupcodes: 1.18.0
  - twofactor_totp: 11.0.0-dev
  - updatenotification: 1.19.1
  - user_status: 1.9.0
  - viewer: 2.3.0
  - weather_status: 1.9.0
  - workflowengine: 2.11.0
Disabled:
  - admin_audit: 1.19.0
  - encryption: 2.17.0
  - files_external: 1.21.0
  - user_ldap: 1.20.0

Nextcloud Signing status

No response

Nextcloud Logs

No response

Additional info

No response

joshtrichards commented 3 months ago

You did not fill out the issue template. Any chance you have the optional social app installed?

kesselb commented 3 months ago

Most likely the same as https://github.com/nextcloud/server/issues/45033

Lawkss commented 3 months ago

I added apps and config. It did NOT work for me applying the patch of #45033

BernieO commented 3 months ago

Since your nextcloud resides in a subdirectory: additionally to adding trailing slashes to the redirects, did you also patch apps/settings/lib/SetupChecks/CheckServerResponseTrait.php as well? https://github.com/nextcloud/server/issues/45033#issuecomment-2095742325

Lawkss commented 3 months ago

The patch fixes the webfinger error but introduces two new errors for CalDAV and CarDAV

changing the redirect from remote.php/dav to remote.php/dav/ with a / at the end fixes all errors.

The documentation does not mention / at the end only at the beginning for vhost configs. (I am on apache)

Can the patch be changed so it works without / at the end? Or is that a bad thing?

cmigliorini commented 3 months ago

I experience the exact same issue (plus others) on 29.0.1.

I don't have social installed

I don't have nextcloud setup in a subdirectory (nextcloud root is host's root)

Lawkss commented 3 months ago

This is no fixed in NC 29.0.2

You still need to apply this patch after updating:

https://github.com/nextcloud/server/issues/45033#issuecomment-2095742325

drankinatty commented 1 week ago

I can confirm this issue exactly, Nextcloud Hub 8 (29.0.6) on Archlinux:

  kernel:   6.10.8-arch1-1
  Apache:   2.4.62 (Unix)
  OpenSSL:  3.3.1
  PHP:      8.2.23

This issue appeared some time ago with upgrade to Nextcloud 28 if I recall correctly. It was never there before from at least Nextcloud 25 - 27.

Browsing to https://my.domain.tld/.well-known/webfinger redirects to https://my.domain.tld/nextcloud/index.php/.well-known/webfinger with the raw output being:

{"message":"webfinger not supported"}

I'm not sure the [Closed] tag is warranted.

nextcloud / server