Calendar sync with Thunderbird/Lightning broken due to Apache 2.4/http2?

Hi,

Works well here…

Don’t forget to write the complete url of your calendar in Thunderbird/Lightning

https://your-server/remote.php/dav/calendars/your-user-name/name-of-the-calendar/
and
https://your-server/remote.php/dav/calendars/your-user-name/contact_birthdays/

Yes, I’m using the full URL. And it used to work for many years actually. But since my provider updated to http2 it does not work anymore with Thunderbird/Lightning but all other clients still work.

O.K. meanwhile be sure that the openssl library version is = 1.0.2 or greater.
The1.0.2 version include specification RFC7301 (protocol ALPN) required for being able to accept HTTP/2 negociations.
The 1.0.1 version permit only NPN protocol wich is now obsolete.

[user@server:~] $ openssl version
OpenSSL 1.0.2h 3 May 2016

The OpenSSL version on the server seems to be OK. Any other ideas?

Sorry, no…

I know some administrators have been obliged to tweak their ciphers (no cipher from a specified black list may be used) but i didn’t have to do that here. Anyway must be a problem with your hosting provider.

Regards,

… or rather TB/Lightning as it works with all other clients I have tested.
But thank you anyway!

If others also face this problem please comment on this Bug report https://bugzilla.mozilla.org/show_bug.cgi?id=1106727

I have to correct myself: The issue was that two users obviously didn’t enter their passwords correctly, although they were 100% sure they did. The question remains, why Lightning wants them to reenter their credentials after migration, but anyways, it works now.

Sorry to barge in on this thread and I hope you’ll find a solution soon! :sweat_smile:

It is also important to create the url be in lowercase format.

Same problem on nginx. Interestingly, additionally to calendar not syncing, I can’t access Nextcloud from Opera Mobile with http2 enabled.

I have the same problem, since I switched my server to http/2.

Actually I was hoping that adding it with Protocols h2 h2c http/1.1 would allow it to fall back to http/1.1 if http/2 is not working. But I also enabled H2Direct, which I read brings some compatibility issues. I will try it without and see if it helps. But it will take time until tomorrow. My preview generator is still pre-generating previews of dozens GB of pictures :stuck_out_tongue: .

Opera Mini actually works fine for me, with and without data compression (inaktiv while WLAN connection). I use the newest beta 21.0.2254, maybe they added support recently.

http://caniuse.com/#feat=http2 shows browser compatibility. Opera Mini is still listed as unsupported. Maybe this changed in the current beta, maybe it just works because of successful http/1.1 fall-back?

€: disable H2Direct directive doesn’t fix the thunderbird issue. I also updated thunderbird and lightning to the current beta (50 beta 3) but still no http2 support. Poor thing… maybe someone with access to mozilla forums can give some hint there.

€€: Okay, the latest issue was just because of the calender cache could not be touched or something. I deleted to old ones and added the exactly same DAV urls again and now it works. Also the contacts now work, why ever :smiley: . I don’t know if this is new, but at least in the thunderbird 50 beta there is also some setting in about:config to enable/disable SPDY and http2 suppoert.

I finally found a workaround and got Thunderbird/Lightning got to sync again with nextcloud
The workaround is to set “network.http.spdy.enabled.http2” to false in the Thunderbird config.
See also https://bugzilla.mozilla.org/show_bug.cgi?id=1106727#c18

As additional information here is a Bug report against Apache for this issue https://bz.apache.org/bugzilla/show_bug.cgi?id=60663

1 Like

Interesting, for me actually it worked after removing and adding the caldav calendars again, with “network.http.spdy.enabled.http2 = true”.
But as mentioned above, I used version 50 beta, the stable one seems to be still in the 40s. The fix might be implemented in between.

What part of the setting is that in?

https://support.mozilla.org/t5/Thunderbird-controls-and-buttons/Config-Editor/ta-p/15680

It seems that I have a similar problem (see here), but setting network.http.spdy.enabled.http2 to false did not fix it. This said, going back in this thread, I see that the version of OpenSSL on my server is not ≥1.0.2:

# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

Could that be the issue? If that is the case, is there any workaround? I am on a shared server and it is not in my power to update OpenSSL…

Thanks.

After upgrading NC from 11.0.1 to 12.x and I guess more or less at the same time getting an update to Thunderbird, I had the same problem.

I just realized I had to disable Thunderbird’s network connect by system proxy. Now it works again.

May that help?

Thanks MikeLupe for your answer. It does help to see I’m not the only one having this problem… but it did not fix my issue, unfortunately.

I went a bit deeper in my tests and trials, including trying an empty profile and changing a hidden pref, to no avail (details in this thread). Any suggestion would be greatly appreciated.

For the record, my problem is solved in NC 12.0.1, thanks to tflidd for the help and figuring it out.

I know this is rather an old thread, but I suddenly started experiencing the exact issue first described. The change, in my case, was a move from using the fastcgi mod in Apache 2.4 for php5-fpm to using the proxy_fcgi alternative. The result is that Lightning no longer connects to Nextcloud calendars.
The issue can be seen in the nextcloud log as "No ‘Authorization: Basic’ header found. Either the client didn’t send one, or the server is misconfigured,"
The difference is that, under the fastcgi option, the parameter “-pass-header Authorization” is added to the php5-fpm socket description, while this is not usual, or possible, when passing as a proxy.
The issue seems to be resolved in apache 2.4.13 and above, with a “CGIPASSAUTH” directive, but this is not available under earlier versions. In theory, according to what I have found, adding “SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1” to the .htaccess should work, but this is already in Nextcloud’s .htaccess
Hope this helps someone.
As of now, I have no solution, but I think, at least, I have understood the issue.

I have stumbled on a solution, but to be honest, I do not understand the reason. I have been able to confirm that using php5-fpm with proxy_fcgi is the cause of authorisation issues, resulting in Lightning not being able to connect correctly to the NC server. Reverting to mod_fastcgi resolves the problem, but it seems NC devs are aware of this, and add relevant use cases into the .htaccess file. Unfortunately this still does not resolve the problem. Eventually I stumbled on an incantation that resolves this, using a proxy directive ahead of a SetHandler directive, and with this, mod_proxy_fcgi option with php5-fpm works for Lightning, as before.
The way I have done this is to add and enable a “php5-fcgi.conf” with the following
<Proxy “fcgi://localhost:9000/”>

<FilesMatch .php$>
SetHandler “proxy:fcgi://localhost:9000”

I would prefer to be using a socket, but this is acceptable.
Hope this helps someone.