Cannot access nextcloud via webDAV

aecklers · July 6, 2016, 8:45am

Hi all,

I’m Toni and that’s my first post in this forum.

I cannot access nextcloud via webDAV and I don’t have a clue where the problem lies.

My setting:
My nextcloud 9.0.51 (production) instance is running at the German hoster strato and I’m facing some issues. I uploaded all files on the server and the installation went well. I’m able to upload and download files by using the web frontend and I’m also able to activate apps like e.g. the calendar. Everything seems to work fine there.

When I log in as admin and go to administration, there are two errors (english translation below):

`

Der “Strict-Transport-Security” HTTP-Header ist nicht auf mindestens “15768000” Sekunden eingestellt. Um die Sicherheit zu erhöhen, empehlen wir das Aktivieren von HSTS, wie es in den Sicherheitshinweisen erläutert ist.
Es wurde kein Memory Cache konfiguriert. Um die Leistung zu verbessern, konfiguriere bitte einen Cache-Speicher, sofern vorhanden. Weitere Informationen findest du in unserer Dokumentation.`

Translation:
`

TStrict-Transport-Security HTTP header isn’t set on at least 15768000 secons […]
No memory cache was configured […]
`

When I check the log section, I see the following log entry that appears three or for times a day:
Error PHP opendir(/var/tmp/): failed to open dir: Permission denied at /mnt/webt/b1/88/54458988/htdocs/nextcloud/lib/private/tempmanager.php#187

My problem:
I’m using https to access the data. My hoster offers 2 options here. The first options would be to pay some money to let them create certificates for me. I chose the other option, that means I access nextcloud by using the URL https://www.ssl-id.de/[MY_strato_URL]/nextcloud.

As written above, that works great for the web frontend (and always worked with ownCloud), but when I try to access data via webDAV, I cannot access it. When I use the ownCloud client, I enter the URL and then I’m asked for a username and a password. After typing in the correct credentials, I see an error message that tells me, that accessing the server would not be permitted.
Same when I try to access my data via MacOS by using the Finder with the URL https://www.ssl-id.de/[MY_strato_URL]/remote.php/webdav. I can enter username and password, by access is not granted.

Do you have any idea where the issue could come from?

Kind regards,
Toni

Bugsbane · July 6, 2016, 8:53am

Welcome! I’m no expert in matters like this, but it seems that permissions are blocking access to the temp directory, most likely because of your shared hosts settings. If I recall correctly, I think it is possible to change the temp directory used in the config/config.php file, so you could change this to something in your account (preferably higher up in the folder structure than the public HTML / htdocs folder).

Hope that helps!

aecklers · July 6, 2016, 9:25am

Thanks, @Bugsbane. This should have solved one issue .

Unfortunately, I’m still not able to access my files via webDAV.

Bugsbane · July 6, 2016, 9:27am

Can you post any errors showing up in the logs? (Just be careful to remove any private information)

aecklers · July 6, 2016, 9:32am

Right now, with a tmp directory configured, I get the following error in the logfiles:

Debug - webdav

Exception: {“Message”:“HTTP/1.1 401 No ‘Authorization: Basic’ header found. Either the client didn’t send one, or the server is mis-configured”,“Exception”:“Sabre\DAV\Exception\NotAuthenticated”,“Code”:0,“Trace”:"#0 [internal function]: Sabre\DAV\Auth\Plugin->beforeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))\n#1 /mnt/webt[…]/htdocs/nextcloud/3rdparty/sabre/event/lib/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\n#2 /mnt/webt[…]/htdocs/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php(446): Sabre\Event\EventEmitter->emit(‘beforeMethod’, Array)\n#3 /mnt/webt[…]/htdocs/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php(248): Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))\n#4 /mnt/webt[…]/htdocs/nextcloud/apps/dav/appinfo/v1/webdav.php(55): Sabre\DAV\Server->exec()\n#5 /mnt/webt[…]/htdocs/nextcloud/remote.php(138): require_once(’/mnt/webt[…]…’)\n#6 {main}",“File”:"/mnt/webt[…]/htdocs/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php",“Line”:188,“User”:false}

Bugsbane · July 6, 2016, 9:35am

@oparoz / @LukasReschke Any ideas?

oparoz · July 6, 2016, 4:28pm

You can probably add that domain as a trusted domain, but I don’t like the fact that it is used by a lot of users. I would suggest switching to a better host, one which offers free SSL certificates which can be installed in one click to any of your domain.

stratacast · July 6, 2016, 5:55pm

I was getting that error before too, and my problem was I didn’t realize that a character of my username was capitalized (derp), so make sure you’re typing it right! Also make sure that you have the cloud federation settings enabled if you don’t have them already

aecklers · July 14, 2016, 1:56pm

Well, unfortunetly I’m not getting further here…

That’s the part of my config:
'trusted_domains' => array ( 0 => 'ssl-id.de', 1 => 'www.ssl-id.de', ), 'datadirectory' => '/mnt/webt/[...]/[...]/htdocs/nextcloud/data', 'overwrite.cli.url' => 'https://ssl-id.de/[url]/nextcloud',

There is no typo in my username / password
Cloud federation settings are enabled

Do you have any further ideas?

Beste regards,
Anton

oparoz · July 14, 2016, 2:00pm

This could have something to do with the new cookie policy, but that’s not my area of expertises, so maybe @LukasReschke might be able to quickly tell if that’s the problem or if there is another obvious problem with that setup.

Raegar · July 14, 2016, 2:23pm

Is this in your apache conf file (or something similar)? - specifically the parts about Dav Off and Transport Security:

Alias /nextcloud /var/www/nextcloud
  <Directory /var/www/nextcloud/>
    Options +FollowSymLinks
    AllowOverride All

    <IfModule mod_dav.c>
      Dav off
    </IfModule>
    <IfModule mod_headers.c>
      Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    </IfModule>

aecklers · July 14, 2016, 2:33pm

I’m sorry to tell you, but can’t figure out a way to see access the config file of my webserver, due to the fact that I’m just using the webspace of the german provider strato.

The only thing I can tell you is, that the cal-dav synchronisation with my owncloud always went well on the same server.

If there is any possibility for me to read out further config settings, please let me know how.

Raegar · July 14, 2016, 2:55pm

Hmm… Normally this would be under /etc/apache2/sites-available/youconfigfile.conf on a Debian/Ubuntu box. I’m not sure if you do or do not have access to that location on a hosted environment.

aecklers · July 14, 2016, 2:56pm

I’m sorry, but I don’t. As written before, it’s just a webspace with a MySQL server that I use…

LukasReschke · July 14, 2016, 2:58pm

Without having read the whole topic, note that an SSL proxy like that takes your data at massive risk and you should really avoid that.

Everybody with an account on ssl-id.de can simply send you a link (or embed it in a mail etc.) that will do malicious things on your Nextcloud. There is no Same-Origin-Policy protection anymore guaranteed for doing this. (so if you click that link it’s executed within the same origin) – That’s simply how the web works.

If you’re serious about keeping your data secure you may consider not doing that.

aecklers · July 14, 2016, 3:03pm

Thanks for comment.

I know about the risk and for being absolutely honest, I don’t care. I totally agree: There is a risk and I don’t want to play that down. But if anyone gets me to the point that I (as the only user) click on a malicous e-mail / link, he may access it. I will not upload anything critical there