25.0.2: ready to pull my hair out with ".well-known" links

0xKruzr · December 24, 2022, 2:58am

hi - nothing I try seems to be able to make these work right, and I am constantly getting the “your server is not set up to resolve these correctly” error on the NC config page. 25.0.2 on stock Apache from Ubuntu 22.04.

mod_rewrite from the /var/www/html/nextcloud/.htaccess file (the rules are duplicated with and without the leading forward slashes because I can’t tell which one is right, and if it’s wrong, it doesn’t match so who cares):

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT} DavClnt
  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^/\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^/\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^/\.well-known/webfinger /index.php/.well-known/webfinger [R=301,L]
  RewriteRule ^\.well-known/webfinger /index.php/.well-known/webfinger [R=301,L]
  RewriteRule ^/\.well-known/nodeinfo /index.php/.well-known/nodeinfo [R=301,L]
  RewriteRule ^\.well-known/nodeinfo /index.php/.well-known/nodeinfo [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
  RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>

my Apache nextcloud.conf (TLS is terminated on my Caddy reverse proxy):

<VirtualHost *:80>
    DocumentRoot "/var/www/html/nextcloud"
    ServerName checkwithscience.com

    <Directory "/var/www/html/nextcloud/">
        Require all granted
        Options MultiViews FollowSymlinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    TransferLog /var/log/apache2/nextcloud_access.log
    ErrorLog /var/log/apache2/nextcloud_error.log

</VirtualHost>

Redirect 301 /.well-known/carddav /remote.php/dav
Redirect 301 /.well-known/caldav /remote.php/dav

Does anyone know where to start here? TIA.

KarlF12 · December 24, 2022, 7:06am

This problem usually needs a change on the reverse proxy, not the Nextcloud system. Those rewrite lines you posted would be put on an Apache reverse proxy.

Try this:

https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/reverse_proxy_configuration.html#caddy

0xKruzr · December 24, 2022, 3:36pm

Shouldn’t the rewrite rules work regardless of what the reverse proxy is doing? ETA: also, adding that to the Caddyfile didn’t help)

KarlF12 · December 24, 2022, 6:26pm

I’m not sure, but my understanding was those rules are specifically needed for the reverse proxy. If you look a few paragraphs above that link, that’s what it says.

The redirects for CalDAV or CardDAV does not work if Nextcloud is running behind a reverse proxy. The recommended solution is that your reverse proxy does the redirects.

I don’t use caddy so I can’t help there, but putting that in an Apache reverse proxy definitely resolves it. I’ve done it numerous times.

0xKruzr · December 25, 2022, 7:07pm

does anyone else have some ideas w/r/t how to troubleshoot this?

MartinRushton · December 25, 2022, 9:59pm

To get rid of the error messages I inserted the following lines at the top level in my /etc/httpd/conf/httpd.conf:

#
# Asked for by NextCloud
#
<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteRule ^/\.well-known/carddav /nextcloud/remote.php/dav [R=301,L]
    RewriteRule ^/\.well-known/caldav /nextcloud/remote.php/dav [R=301,L]
    RewriteRule ^/\.well-known/webfinger /nextcloud/index.php/.well-known/webfinger [R=301,L]
    RewriteRule ^/\.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo [R=301,L]
</IfModule>

HTH

0xKruzr · December 26, 2022, 3:35am

this appears not to have done anything.

koug44 · December 28, 2022, 9:03pm

TBH, this thing is a nightmare. I’ve tried hours and it’s still not working. To the point where I think the test is kinda buggy.

In my case (Apache), webfinger and nodeinfo are correctly resolved but I still have an error message for carddav and caldav. What you could try is requesting the URL using CURL or HTTPie and see what it looks like:

In my case:

http https://mydomain.org/.well-known/carddav
HTTP/1.1 301 Moved Permanently
[…]

It looks fine even if I have the error message on the administration UI

szaimen · December 28, 2022, 9:08pm

Hi, can you post your caddyfile here?

0xKruzr · January 2, 2023, 5:23pm

Fun fact: Caddy directives only work when you apply them to the domain you are actually trying to make a change to.

Sorry. I’m an idiot.

martin-rueegg · September 13, 2023, 10:30am

It’s been a long time and this is not strictly related to reverse proxy setup, but for those who still struggle with the issue regarding the redirection of /.well-known services and find this thread through a web search, they might find some additional information on why the tests for webfinger and nodeinfo might fail despite correct redirection in my comment here.
(Apologies for the noise.)

nextnoci · October 6, 2023, 4:14pm

Very useful additions and it solved my issue with this at last as well.
Now they need to land inside the documentation.