CalDav iOS SSL sync issue using tailscale funnel

Dear Community,

There are multiple posts discussing this issue but none of them addresses my situation. I have a NC docker container installed on unraid. iOS app works and syncs the files. I connect to the NC container via tailscale funnel. Hence, I can connect from everywhere via https://nc.mytailnet.ts.net. If I open it in firefox, I can see it’s a secure connection with a letsencrypt certificate.

Why can I not sync contacts via the same URL and get an SSL error?

https://nc.mytailnet.ts.net is a trusted domain in my NC config. Do I have to bake the SSL certificate into the NC config somehow?

I cant forward ports and tailscale funnel is the ideal setup at this point. As such, reverse proxy solutions are not for me.

Currently at a loss how to fix this. Please point me in the right direction how to navigate this.

Let me know if sharing of any logs would help.

Thank you,
Fred

Hi Fred,

Do I understand correctly:

  • Your Nextcloud
    • is in a container on Unraid (their version or AiO? Another version?)
    • connection to the 'Net runs through Tailscale funnel
  • Working:
    • NC in browser
    • File actions through app on IOS
  • Not working:
    • contacts synchronisation
  • Not mentioned:
    • calendar synchronisation

I have no experience with Tailscale, Funnel or IOS, so I hope someone who does have experience with any of those chimes in.

The documentation for Funnel makes me think it creates an entrypoint for a specific URL. WebDAV for contact runs on another URL than WebDAV for files.

Of the examples in the documentation, the “development server” example seems the best match for your situation.

Do you have a configuration for each URL? The calendar settings in Nextcloud seem to imply that Apple devices require a more specific address than non-Apple devices.

What is the error that is presented?

To troubleshoot:

  • is there any logging for Apache or nginx in your container, when you try to connect?
  • does the Letsencrypt certificate that is presented in the browser match what you would expect for the contacts-address?
  • is all of this only on your IOS-device, or did you run the tests on other devices as well?
1 Like

Hi wbk,

I can’t thank you enough. This made me rethink:

Oh boy, it’s one of those Read The Freakin Manual moments. Hope this saves others hours of frustration. I didn’t pay enough attention to No. 6 and went down the rabbit hole chasing an SSL issue:

https://docs.nextcloud.com/server/13/user_manual/pim/sync_ios.html#calendar

In the section for Thunderbird, there is a better description:

https://docs.nextcloud.com/server/13/user_manual/pim/sync_thunderbird.html

The URL for CardDAV server can be copied from the contacts settings in NC (the three little dots):

This URL looks like this: https://nextcloud.mytailnet.ts.net/remote.php/dav/addressbooks/users/myusername/contacts/

With this URL I got it synced within seconds. My mistake was to use the same URL for adding the CardDAV account as I use for logging in via the NC app which is https://nextcloud.mytailnet.ts.net

Still need to figure out how to sync from iOS to NC instead of NC to iOS but that’s for another post, maybe.

Anyways, that URL mistake took me hours and as so often was so easy to fix. It’s all written in the manual!

Well, this is solved. Thanks again, wbk.

Peace,
Fred