I cannot access nextcloud via webDAV and I don’t have a clue where the problem lies.
My nextcloud 9.0.51 (production) instance is running at the German hoster strato and I’m facing some issues. I uploaded all files on the server and the installation went well. I’m able to upload and download files by using the web frontend and I’m also able to activate apps like e.g. the calendar. Everything seems to work fine there.
When I log in as admin and go to administration, there are two errors (english translation below):
Der “Strict-Transport-Security” HTTP-Header ist nicht auf mindestens “15768000” Sekunden eingestellt. Um die Sicherheit zu erhöhen, empehlen wir das Aktivieren von HSTS, wie es in den Sicherheitshinweisen erläutert ist.
Es wurde kein Memory Cache konfiguriert. Um die Leistung zu verbessern, konfiguriere bitte einen Cache-Speicher, sofern vorhanden. Weitere Informationen findest du in unserer Dokumentation.`
TStrict-Transport-Security HTTP header isn’t set on at least 15768000 secons […]
No memory cache was configured […]
When I check the log section, I see the following log entry that appears three or for times a day: Error PHP opendir(/var/tmp/): failed to open dir: Permission denied at /mnt/webt/b1/88/54458988/htdocs/nextcloud/lib/private/tempmanager.php#187
I’m using https to access the data. My hoster offers 2 options here. The first options would be to pay some money to let them create certificates for me. I chose the other option, that means I access nextcloud by using the URL https://www.ssl-id.de/[MY_strato_URL]/nextcloud.
As written above, that works great for the web frontend (and always worked with ownCloud), but when I try to access data via webDAV, I cannot access it. When I use the ownCloud client, I enter the URL and then I’m asked for a username and a password. After typing in the correct credentials, I see an error message that tells me, that accessing the server would not be permitted.
Same when I try to access my data via MacOS by using the Finder with the URL https://www.ssl-id.de/[MY_strato_URL]/remote.php/webdav. I can enter username and password, by access is not granted.
Do you have any idea where the issue could come from?
Welcome! I’m no expert in matters like this, but it seems that permissions are blocking access to the temp directory, most likely because of your shared hosts settings. If I recall correctly, I think it is possible to change the temp directory used in the config/config.php file, so you could change this to something in your account (preferably higher up in the folder structure than the public HTML / htdocs folder).
You can probably add that domain as a trusted domain, but I don’t like the fact that it is used by a lot of users. I would suggest switching to a better host, one which offers free SSL certificates which can be installed in one click to any of your domain.
I was getting that error before too, and my problem was I didn’t realize that a character of my username was capitalized (derp), so make sure you’re typing it right! Also make sure that you have the cloud federation settings enabled if you don’t have them already
Without having read the whole topic, note that an SSL proxy like that takes your data at massive risk and you should really avoid that.
Everybody with an account on ssl-id.de can simply send you a link (or embed it in a mail etc.) that will do malicious things on your Nextcloud. There is no Same-Origin-Policy protection anymore guaranteed for doing this. (so if you click that link it’s executed within the same origin) – That’s simply how the web works.
If you’re serious about keeping your data secure you may consider not doing that.
I know about the risk and for being absolutely honest, I don’t care. I totally agree: There is a risk and I don’t want to play that down. But if anyone gets me to the point that I (as the only user) click on a malicous e-mail / link, he may access it. I will not upload anything critical there