How to resolve .well-known/webfinger -

Hello y’all
Hope everything is ok.
I need your help please. How can i get ride this warningsd please ?

Your web server is not properly configured to resolve “/.well-known/webfinger”. More information can be found on our documentation.
Your web server is not properly configured to resolve “/.well-known/nodeinfo”. More information can be found on our documentation.
Your web server is not configured correctly to resolve “/.well-known/caldav”. More information can be found on our documentation.
Your web server is not configured correctly to resolve “/.well-known/carddav”. More information can be found on our documentation.

Hi,

why don’t you do what the message tells you? “More information can be found on our documentation” → Go to docs.nextcloud.com, switch to admin documentation and search for e.g. .well-known, find this page:

https://docs.nextcloud.com/server/stable/admin_manual/issues/general_troubleshooting.html#service-discovery

:wink:

I’ve seen that but i don’t know which .htaccess file it is talking about.
Nextcloud isn’t the only web instance.
To access to next its like xxx.teamber.fr/nextcloud.

Let me quote from the documentation:

If your Nextcloud instance is installed in a subfolder called nextcloud and you’re running Apache create or edit the .htaccess file within the document root of your Web server and add the following lines:

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule ^/\.well-known/carddav /nextcloud/remote.php/dav [R=301,L]
  RewriteRule ^/\.well-known/caldav /nextcloud/remote.php/dav [R=301,L]
  RewriteRule ^/\.well-known/webfinger /nextcloud/index.php/.well-known/webfinger [R=301,L]
  RewriteRule ^/\.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo [R=301,L]
</IfModule>
1 Like

These warnings about webfinger and nodeinfo drove me nuts.

It does not seem to be the case here, but since I found this through web search on my way to find a solution, I allow myself to add some additional info (that is not yet in the manual, at the time of this writing), so that others might find the cause quicker.

/.well-known/caldavand /.well-known/carddav are usually straight forward, but for the afore mentioned endpoints I always got the warning message despite the redirection working and the requests being handled by index.php.

Background: in order for any endpoint (other than caldav and carddav) to return a positive result, these endpoints need to be registered by an app. Otherwise, even if redirected correctly, index.php would return a 404 status code alongside the special response header x-nextcloud-well-known and the content {"message":"webfinger not supported"}.

For nodeinfo, the endpoint is handled by the social app which I had installed but not enabled. Hence the endpoint was not returning a 200 status code, but rather a 404.

The reason I got a warning in the Administrative Settings overview was that I had configured a special 404 error page in my web server. Hence, the special response header x-nextcloud-well-known was not forwarded to the client and the test would not recognize that the endpoint was indeed resolved correctly.

My PR for the documentation also contain some useful curl command to diagnose the redirection for

I hope this may help others to track down the issue they may face. Even it is not a custom error page, understanding the requirements for the test to succeed might be useful in finding the issue.

3 Likes

Hi there,
I also have this issue with .well-known files, especially in combination with the social app and some kind of “inconsistencies” in documentations and threads.

For social app there are posts that say, webfinger needs to configured to:

/path/public.php/.well-known/webfinger [QSA,L]

But in this case the general settings page is complaining about wrong configured .well-known/webfinger again…

Btw: thanks to @martin-rueegg and his answer, this helped out a lot to solve the generic setup (not social-app related).

Best & Thanks,
Matthias

Thanks a lot for posting the curl lines.
Now, I solved my redirection problem and for webfinger and nodeinfo I get X-NEXTCLOUD-WELL-KNOWN: 1, and {"message":"webfinger not supported"}. (And 404 because I don’t have social installed.)
But, still in the nextcloud admin page I get these warnings! Also, if I install social, I still get the nodeinfo warning, although with curl I get a response 200 then.
Why is this? What exactly is the admin tool testing for?
And why do I get this warning, if for my system this has no relevance? I don’t want irrelevant warnings, can I switch it off?

Hi @pkoevesdi

As far as I know, you cannot disable the test in settings or config. You’d have to remove the code that is running the test.

Maybe check in the Network tab of your browser’s developer console (e.g. F12 in Firefox) and check if you detect any differences to the curl requests you have made.

  • These are some of the requests when loading the page /settings/admin/overview:

    Please note the first set of requests that are all redirected wit 301. Then further down you’ll see the two requests for webfinger and nodeinfo: The former is responded with a 404, the latter with 200.

  • These are the details of the first webfinger request:


    (You will notice the Location header in the response, indicating the address of the redirect target.)

  • These are the details of the second webfinger request:


    (You will notice the X-NEXTCLOUD-WELL-KNOWN: 1 header in the response, indicating the request has been handled by index.php.)

  • And finally, this is the response content, that is kinda irrelevant here:

Hope this helps.

Warm regards,
Martin.

Hi @blindzero

Please note, that the redirection has changed over time. Current versions (as of v21) use

https://example.com/index.php/.well-known/webfinger

or

https://example.com/path/to/nextcloud/index.php/.well-known/webfinger

as endpoint.

Redirection is then dependent on your webserver.

For Apache, the official redirection at the time of this writing is

RewriteRule ^.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]

Which includes everything under /.well-known/ except SSL certificate validation endpoints. Hence it is also applied for webfinger and nodeinfo. However, this is not really a redirect in the sense that a respons is sent to the client/browser. It is redirected internally, hence the answer is directly served under e.g. /.well-known/webfinger

Hey, thank You very much! But as far as I can see, what You describe are just other means to see the response that also curl delivered me.
The problem was (!) that I got all expected responses, but still had (!) these warnings in the webgui. But, now, some hours later, they are gone, I have the green tick mark. Don’t know what changed now, maybe some cache somewhere…

Yes, you are absolutely right, it was just another way to see the response.

The reason why I did it was because you might have used curl from another computer, or your browser might have some proxy settings or use a vpn or whatever. It would also have shown if cache was involved.

The tactic is to first always test as close to the source as possible (in this case with curl as it is very transparent) and then move closer to the destination (in this case the browser).

I’m glad it’s working now. Yes, cache could very well be an issue (both on the server side as well as in the browser. It’s always a good practice to also test using a private/incognito window and disable cache there).

Hi there @martin-rueegg,

I am exhausting myself here. The webfinger issue popped-up again after a while and after upgrading to NC 29.0.1. I realised I have entered your suggestions on my .htaccess file and have these on mod_rewrite.c

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT} DavClnt
  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
  RewriteRule ^ocm-provider/?$ index.php [QSA,L]
  RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>

The line below has been in my .htaccess file from the beginning.

  RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]

My server’s .well-known issues have been mitigated by the entering the following in my default-ssl.conf file.

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule ^\.well-known/carddav /nextcloud/remote.php/dav [R=301,L]
  RewriteRule ^\.well-known/caldav /nextcloud/remote.php/dav [R=301,L]
  RewriteRule ^\.well-known/webfinger /nextcloud/index.php/.well-known/webfinger [R=301,L]
  RewriteRule ^\.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo [R=301,L]
</IfModule>

I am not sure what I am missing here. Do you have any insights? Cheers.