I can't solve this problem

nemo87 · May 24, 2025, 8:24am

After updating to version 30 I get this error:

as per link, I inserted it on my .htaccess:

But I keep seeing the same error, could you tell me how to fix it?

jtr · May 24, 2025, 2:24pm

Depends on some things. Unfortunately you overlooked the support template so we don’t have enough information about your environment to answer.

Creating a custom .htaccess in your web root is only necessary if you’ve deployed Nextcloud in a subdirectory.

wwe · May 24, 2025, 3:37pm

this topic was discussed often setup_warning_wellknown please use search and describe what you tried so far and add logs

nemo87 · May 24, 2025, 9:55pm

I installed nextcloud 30.0.11 on raspberry pi 4 8 gb ram with Bullseye installed, installed apache2 server and mariaDB 10.6.22, php 8.4, my nextcloud is in: /var/www/nextcloud and file idem file .htaccess, The error above is the first time I’ve encountered it I don’t use nginx

I also tried to insert the recommended lines in the file: /etc/apache2/apache2.conf

but nothing..

awelzel · May 25, 2025, 8:03am

As already mentioned here:

Nextcloud will maintain .htaccess on its own - usually there is no need to edit it manually.

To generate a new file:

cd /var/www/nextcloud
sudo -u www php occ maintenance:update:htaccess

Where /var/www/nextcloud is the root of your Nextcloud installation and www is the user used for your nextcloud hosting.

In this generated file you should then see the following section:

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT} DavClnt
  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
  RewriteRule ^ocm-provider/?$ index.php [QSA,L]
  RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>

If this does not work, maybe your Apache site configuration does not allow overriding options using .htaccess. The virtual host configuration should contain a directory definition similar to this:

        <Directory /var/www/nextcloud>
                Options +SymlinksIfOwnerMatch
                AllowOverride All
                Require all granted
                # Fix possible sync errors in Nextcloud for big files
                LimitRequestBody 0
        </Directory>

The important line here is AllowOverride All - this tells Apache, that options can be overridden using .htaccess.

Also keep in mind to enable the rewrite module in Apache.

nemo87 · May 25, 2025, 2:03pm

bb77 · May 25, 2025, 2:10pm

try www-data instead of www

nemo87 · May 25, 2025, 4:16pm

awelzel · May 25, 2025, 7:44pm

Maybe there was a misunderstanding. Do NOT use www but the user which YOUR machine uses (probabbly www-data).

So something like this:

cd /var/www/nextcloud
sudo -u www-data php occ maintenance:update:htaccess

And if www-data is also not correct, then YOU have to check, what user YOUR system uses.

And no, there is no need to use chown either. And if your Nextcloud is not at /var/www/nextcloud, you need to use the correct path of course!

nemo87 · May 25, 2025, 9:03pm

I keep getting the error… here is my .htaccess file:

<IfModule mod_headers.c>
  <IfModule mod_setenvif.c>
    <IfModule mod_fcgid.c>
       SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
       RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
    <IfModule mod_proxy_fcgi.c>
       SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>
    <IfModule mod_lsapi.c>
      SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
      RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
  </IfModule>
<IfModule mod_env.c>
    # Add security and privacy related headers
 # Avoid doubled headers by unsetting headers in "onsuccess" table,
    # then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
    Header onsuccess unset Referrer-Policy
    Header always set Referrer-Policy "no-referrer"
 Header onsuccess unset X-Content-Type-Options
    Header always set X-Content-Type-Options "nosniff"
Header onsuccess unset X-Frame-Options
    Header always set X-Frame-Options "SAMEORIGIN"
 Header onsuccess unset X-Permitted-Cross-Domain-Policies
    Header always set X-Permitted-Cross-Domain-Policies "none"
 Header onsuccess unset X-Robots-Tag
    Header always set X-Robots-Tag "noindex, nofollow"
Header onsuccess unset X-XSS-Protection
    Header always set X-XSS-Protection "1; mode=block"
SetEnv modHeadersAvailable true
  </IfModule>
# Add cache control for static resources
  <FilesMatch "\.(css|js|mjs|svg|gif|png|jpg|webp|ico|wasm|tflite)$">
    <If "%{QUERY_STRING} =~ /(^|&)v=/">
      Header set Cache-Control "max-age=15778463, immutable"
    </If>
    <Else>
      Header set Cache-Control "max-age=15778463"
    </Else>
  </FilesMatch>
 # Let browsers cache OTF and WOFF files for a week
  <FilesMatch "\.(otf|woff2?)$">
    Header set Cache-Control "max-age=604800"
  </FilesMatch>
</IfModule>

<IfModule mod_php.c>
  php_value mbstring.func_overload 0
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true
  </IfModule>
</IfModule>

<IfModule mod_mime.c>
  AddType image/svg+xml svg svgz
  AddType application/wasm wasm
  AddEncoding gzip svgz
  # Serve ESM javascript files (.mjs) with correct mime type
  AddType text/javascript js mjs
</IfModule>

<IfModule mod_dir.c>
  DirectoryIndex index.php index.html
</IfModule>

<IfModule pagespeed_module>
  ModPagespeed Off
</IfModule>

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT} DavClnt
  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
  RewriteRule ^ocm-provider/?$ index.php [QSA,L]
  RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>

# Clients like xDavv5 on Android, or Cyberduck, use chunked requests.
# When FastCGI or FPM is used with apache, requests arrive to Nextcloud without any content.
# This leads to the creation of empty files.
# The following directive will force the problematic requests to be buffered before being forwarded to Nextcloud.
# This way, the "Transfer-Encoding" header is removed, the "Content-Length" header is set, and the request content is proxied to Nextcloud.
# Here are more information about the issue:
#  - https://docs.cyberduck.io/mountainduck/issues/fastcgi/
#  - https://docs.nextcloud.com/server/latest/admin_manual/issues/general_troubleshooting.html#troubleshooting-webdav
<IfModule mod_setenvif.c>
  SetEnvIfNoCase Transfer-Encoding "chunked" proxy-sendcl=1
</IfModule>

# Apache disabled the sending of the server-side content-length header
# in their 2.4.59 patch updated which breaks some use-cases in Nextcloud.
# Setting ap_trust_cgilike_cl allows to bring back the usual behaviour.
# See https://bz.apache.org/bugzilla/show_bug.cgi?id=68973
<IfModule mod_env.c>
  SetEnv ap_trust_cgilike_cl
</IfModule>
<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT} DavClnt
  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
  RewriteRule ^ocm-provider/?$ index.php [QSA,L]
  RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>

AddDefaultCharset utf-8
Options -Indexes
#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####

ErrorDocument 403 /nextcloud/index.php/error/403
ErrorDocument 404 /nextcloud/index.php/error/404
    ```

And this my /etc/apache2/apache2.conf:


# This is the main Apache server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.4/ for detailed information about
# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
# hints.
#
#
# Summary of how the Apache 2 configuration works in Debian:
# The Apache 2 web server configuration in Debian is quite different to
# upstream's suggested way to configure the web server. This is because Debian's
# default Apache2 installation attempts to make adding and removing modules,
# virtual hosts, and extra configuration directives as flexible as possible, in
# order to make automating the changes and administering the server as easy as
# possible.

# It is split into several files forming the configuration hierarchy outlined
# below, all located in the /etc/apache2/ directory:
#
#       /etc/apache2/
#       |-- apache2.conf
#       |       `--  ports.conf
#       |-- mods-enabled
#       |       |-- *.load
#       |       `-- *.conf
#       |-- conf-enabled
#       |       `-- *.conf
#       `-- sites-enabled
#               `-- *.conf
#
#
# * apache2.conf is the main configuration file (this file). It puts the pieces
#   together by including all remaining configuration files when starting up the
#   web server.
#
# * ports.conf is always included from the main configuration file. It is
#   supposed to determine listening ports for incoming connections which can be
#   customized anytime.
#
# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
#   directories contain particular configuration snippets which manage modules,
#   global configuration fragments, or virtual host configurations,
#   respectively.
#
#   They are activated by symlinking available configuration files from their
#   respective *-available/ counterparts. These should be managed by using our
#   helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
#   their respective man pages for detailed information.
#
# * The binary is called apache2. Due to the use of environment variables, in
#   the default configuration, apache2 needs to be started/stopped with
#   /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
#   work with the default configuration.


# Global configuration
#

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE!  If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"

#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#Mutex file:${APACHE_LOCK_DIR} default

#

# The directory where shm and other runtime files will be stored.

#

DefaultRuntimeDir ${APACHE_RUN_DIR}

#

# PidFile: The file in which the server should record its process

# identification number when it starts.

# This needs to be set in /etc/apache2/envvars

#

PidFile ${APACHE_PID_FILE}

#

# Timeout: The number of seconds before receives and sends time out.

#

Timeout 300

#

# KeepAlive: Whether or not to allow persistent connections (more than

# one request per connection). Set to "Off" to deactivate.

#

KeepAlive On

#

# MaxKeepAliveRequests: The maximum number of requests to allow

# during a persistent connection. Set to 0 to allow an unlimited amount.

# We recommend you leave this number high, for maximum performance.

#

MaxKeepAliveRequests 100

#

# KeepAliveTimeout: Number of seconds to wait for the next request from the

# same client on the same connection.

#

KeepAliveTimeout 5

# These need to be set in /etc/apache2/envvars

User ${APACHE_RUN_USER}

Group ${APACHE_RUN_GROUP}

#

# HostnameLookups: Log the names of clients or just their IP addresses

# e.g., www.apache.org (on) or 204.62.129.132 (off).

# The default is off because it'd be overall better for the net if people

# had to knowingly turn this feature on, since enabling it means that

# each client request will result in AT LEAST one lookup request to the

# nameserver.

#

HostnameLookups Off

# ErrorLog: The location of the error log file.

# If you do not specify an ErrorLog directive within a <VirtualHost>

# container, error messages relating to that virtual host will be

# logged here. If you *do* define an error logfile for a <VirtualHost>

# container, that host's errors will be logged there and not here.

#

ErrorLog ${APACHE_LOG_DIR}/error.log

#

# LogLevel: Control the severity of messages logged to the error_log.

# Available values: trace8, ..., trace1, debug, info, notice, warn,

# error, crit, alert, emerg.

# It is also possible to configure the log level for particular modules, e.g.

# "LogLevel info ssl:warn"

#

LogLevel warn

# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

# Include list of ports to listen on
Include ports.conf


# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
       Options FollowSymLinks
       AllowOverride All
       Require all denied
</Directory>

<Directory /usr/share>
       AllowOverride All
       Require all granted
</Directory>

<Directory /var/www/>
       Options Indexes FollowSymLinks
       AllowOverride All
       Require all granted
</Directory>

#<Directory /srv/>
#       Options Indexes FollowSymLinks
#       AllowOverride All
#       Require all granted
#</Directory>




# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives.  See also the AllowOverride
# directive.
#
AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
       Require all denied
</FilesMatch>


#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

<Directory /var/www/nextcloud>
               Options +SymlinksIfOwnerMatch
               AllowOverride All
               Require all granted
               # Fix possible sync errors in Nextcloud for big files
               LimitRequestBody 0
       </Directory>

awelzel · May 26, 2025, 4:44am

Please do not just copy & paste your .htaccess here! This makes it really very hard to read!

If you want to add file contents here, please start with three backticks first (```) and then in a new line paste the content and then finish with a line with three backticks again.

I told you the relevant part - only this is important:

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT} DavClnt
  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
  RewriteRule ^ocm-provider/?$ index.php [QSA,L]
  RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>

nemo87 · May 26, 2025, 5:56am

I apologize for the mistake, I added the part you suggested but I still get the error at the beginning of the post

awelzel · May 26, 2025, 6:00pm

Can you please EDIT your post and put three backticks ( ``` ) in front of your .htaccess file and the same at the end? Then at least it is readable.

Like this (just without any spaces at the beginning of each line):

    ```
    the content of your .htaccess file goes here
  
    last line of your .htaccess file
    ```

Things to check in general:

Do you even use Apache? Yes this might sound silly - but maybe you are using NGINX and don’t realize that.
Is the rewrite module in Apache enabled (sudo a2enmod rewrite)?

And again: you do NOT need to edit .htaccess at all - just CHECK it, if it was generated correctly.

nemo87 · May 27, 2025, 4:30pm

Yes, the file is regenerated, and I restarted the apache2 server
I only installed apache2, if NGINX was installed because some package needed certain dependencies I don’t know… is there a way to verify this?

awelzel · May 27, 2025, 5:22pm

And did you verify the the rewrite module is active?

sudo a2enmod rewrite

nemo87 · May 27, 2025, 9:39pm

It keeps giving the same error

awelzel · May 28, 2025, 5:30pm

Sorry, I am out of options here.

Maybe Problems with the .htaccess file after updating to 29.0.0 - #4 by NeurohrByteS can help you.

NeurohrByteS · May 28, 2025, 5:53pm

I feel pinged… but actually I had that same error a couple of days ago on one of my four instances.

My solution was to

Backup your .htaccess file
Add below snippet as its own separate block
Remove all other RewriteRules from the .well-known links you just added (i.e. ignore the acme-challenge, but remove the other webfinger rewrites)

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule ^\.well-known/carddav /remote.php/dav [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav [R=301,L]
  RewriteRule ^\.well-known/webfinger /index.php/.well-known/webfinger [R=301,L]
  RewriteRule ^\.well-known/nodeinfo /index.php/.well-known/nodeinfo [R=301,L]
</IfModule>

Curiously a couple of days later php occ maintenance:update:htaccess worked as intended (and reset my manual changes without the error popping up again). Maybe some caching issue?

Long term I will probably create a new instance and restore a backup, since this is my oldest instance. Something seems to have gone wrong after two Linux distribution updates.

nemo87 · May 28, 2025, 10:50pm

NeurohrByteS:

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule ^\.well-known/carddav /remote.php/dav [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav [R=301,L]
  RewriteRule ^\.well-known/webfinger /index.php/.well-known/webfinger [R=301,L]
  RewriteRule ^\.well-known/nodeinfo /index.php/.well-known/nodeinfo [R=301,L]
</IfModule>

Even so I get the error

RAlm · May 28, 2025, 11:18pm

Instead of .htaccess give Apache’s include directory a try. Same block of rules but in a .conf file.