Cant Connect to Webdav (Error 401)

LarryLite · May 29, 2020, 10:10pm

Hi,

after setting up Nextcloud on Apache with an nginx reverse proxy (on the same maschine), i wanted to connect my Client via WebDav and it obviously doesnt work… If i want to login i get a 401 Error (see in the Access Logs). Same procedure with Card/Caldav.

Nextcloud version (eg, 18.0.2): 18.0.4
Operating system and version (eg, Ubuntu 20.04): Ubuntu 18.04
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.29 & nginx 1.14.0 (reverse proxy)
PHP version (eg, 7.1): 7.2-fpm

The output of your config.php file:

<?php
$CONFIG = array (
  'instanceid' => '',
  'passwordsalt' => '',
  'secret' => '',
  'trusted_domains' =>
  array (
    0 => 'IP',
    1 => 'DOMAIN',
  ),
  'overwritehost' => 'DOMAIN',
  'overwriteprotocol' => 'https',
  'overwritewebroot' => '/',
 
  'trusted_proxies' =>
  array (
    0 => 'IP of Proxy ',
  ),
  'datadirectory' => '/var/www/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '18.0.4.2',
  'overwrite.cli.url' => '',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',                                                                                                                                                                                                                    'mysql.utf8mb4' => true,                                                                                                                                                                                                                     'dbuser' => '',                                                                                                                                                                                                                       'dbpassword' => 'password',
  'installed' => true,

  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'filelocking.enabled' => 'true',
  'redis' =>
  array (
    'host' => '/var/run/redis/redis.sock',
    'port' => 0,
    'timeout' => 0.0,
    'password' => 'password',
  ),

  'twofactor_enforced' => 'true',
  'twofactor_enforced_groups' =>
  array (
  ),
  'twofactor_enforced_excluded_groups' =>
  array (
  ),
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
);

Apache Access Log:

[30/May/2020:00:00:17 +0200] "PROPFIND /remote.php/dav/files/  HTTP/1.0" 401 1449
[30/May/2020:00:00:17 +0200] "PROPFIND /remote.php/dav/files/  HTTP/1.0" 401 859
 [30/May/2020:00:00:17 +0200] "PROPFIND /remote.php/dav/files/  HTTP/1.0" 401 859
[30/May/2020:00:00:17 +0200] "PROPFIND /remote.php/dav/files/  HTTP/1.0" 401 859
 [30/May/2020:00:00:18 +0200] "PROPFIND /remote.php/dav/files/  HTTP/1.0" 401 859
 [30/May/2020:00:00:18 +0200] "PROPFIND /remote.php/dav/files/  HTTP/1.0" 401 859
 [30/May/2020:00:00:18 +0200] "PROPFIND /remote.php/dav/files/  HTTP/1.0" 401 859

nginx Access Log:

[30/May/2020:00:00:17 +0200] "PROPFIND /remote.php/dav/files/ HTTP/2.0" 401 299 "-" "Microsoft-WebDAV-MiniRedir/10.0.18363"
  [30/May/2020:00:00:17 +0200] "PROPFIND /remote.php/dav/files/ HTTP/2.0" 401 299 "-" "Microsoft-WebDAV-MiniRedir/10.0.18363"
  [30/May/2020:00:00:17 +0200] "PROPFIND /remote.php/dav/files/  HTTP/2.0" 401 299 "-" "Microsoft-WebDAV-MiniRedir/10.0.18363"
  [30/May/2020:00:00:18 +0200] "PROPFIND /remote.php/dav/files/  HTTP/2.0" 401 299 "-" "Microsoft-WebDAV-MiniRedir/10.0.18363"
  [30/May/2020:00:00:18 +0200] "PROPFIND /remote.php/dav/files/  HTTP/2.0" 401 299 "-" "Microsoft-WebDAV-MiniRedir/10.0.18363"
  [30/May/2020:00:00:18 +0200] "PROPFIND /remote.php/dav/files/  HTTP/2.0" 401 299 "-" "Microsoft-WebDAV-MiniRedir/10.0.18363"
  [30/May/2020:00:00:18 +0200] "PROPFIND /remote.php/dav/files/  HTTP/2.0" 401 299 "-" "Microsoft-WebDAV-MiniRedir/10.0.18363"

Apache vHost Config:

<VirtualHost domain:8080>
 
   DocumentRoot /var/www/nextcloud

    <Directory /var/www/nextcloud/>
        Options +FollowSymlinks
        AllowOverride All
        Require all granted


       <IfModule mod_dav.c>
           Dav off
        </IfModule>

        SetEnv HOME /var/www/nextcloud
        SetEnv HTTP_HOME /var/www/nextcloud
    </Directory>

    ErrorLog /var/log/apache2/nextcloud-error_log
    CustomLog /var/log/apache2/nextcloud-access_log common
</VirtualHost>

nginx vHost Config:

server {

    server_name DOMAIN;

    client_max_body_size 0;
    underscores_in_headers on;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        add_header Front-End-Https on;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";


        proxy_headers_hash_max_size 512;
        proxy_headers_hash_bucket_size 64;

        proxy_buffering off;
        proxy_redirect off;
        proxy_max_temp_file_size 0;
        proxy_pass http://DOMAIN:8080;
        auth_basic off;
    }


        location = /.well-known/carddav {
                return 301 $scheme://$host:/remote.php/dav;
        }
        location = /.well-known/caldav {
                return 301 $scheme://$host:/remote.php/dav;
        }


    listen 443 ssl http2; # managed by Certbot
    listen [::]:443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = DOMAIN) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;

    server_name DOMAIN;
    return 404; # managed by Certbot


}

devnull · May 30, 2020, 5:45am

Use only apache2 without nginx. Or do you need it?

MadTia · May 30, 2020, 10:48am

401 if i remember correctly should be unathorized access , so the credential provided are wrong or not validated at all. Did you installed the webserver manually or with any bundle/control panel? also if you perform a trace ip from the domain what ip you see? your machine ip or a different one? ( like behind cloudflare ) ? if you do not see your remote machine ip is most likely a refuse from the the proxy in the middle.

LarryLite · May 30, 2020, 11:21am

I dont really need the nginx. I was just testing arround with it. Guess its better to turn it off and just use the apache.

LarryLite · May 30, 2020, 11:24am

I installed it manually. When i perform the traceip i see the IP of the maschine ( most likely because the reverse proxy and the webserver are on the same). I decide to just use the apache, like devnull sayed. That works just fine.