Ios caldav client not syncing

ℹ️ Support
1

Nextcloud version (eg, 20.0.5): 25.0.2
Operating system and version (eg, Ubuntu 20.04): helm chart from https://nextcloud.github.io/helm/ - chart version nextcloud-3.3.6

The issue you are facing:

Hi,

When I try and connect an iphone (iOS 15.5) to caldav, I get the annoying generic error message “Cannot connection using SSL”. I don’t believe it’s actually an SSL error as I see successful connections in the logs. The following is what I see when I configure the client as recommended (i.e. just use the hostname as the server name and let the /.well-known/ endpoints do the redirect).

10.1.137.177 - - [03/Feb/2023:11:45:36 +0000] "PROPFIND /remote.php/dav HTTP/1.1" 401 2007 "-" "iOS/15.5 (19F77) accountsd/1.0"
10.1.137.177 - dan [03/Feb/2023:11:45:36 +0000] "PROPFIND /remote.php/dav HTTP/1.1" 207 1342 "-" "iOS/15.5 (19F77) accountsd/1.0"
10.1.137.177 - - [03/Feb/2023:11:45:37 +0000] "PROPFIND / HTTP/1.1" 405 2058 "-" "iOS/15.5 (19F77) accountsd/1.0"
10.1.137.177 - - [03/Feb/2023:11:45:37 +0000] "PROPFIND /principals/ HTTP/1.1" 405 836 "-" "iOS/15.5 (19F77) accountsd/1.0"
10.1.137.177 - - [03/Feb/2023:11:45:38 +0000] "PROPFIND /calendar/dav/dan/user/ HTTP/1.1" 405 836 "-" "iOS/15.5 (19F77) accountsd/1.0"

Because this is running in k8s, there is an nginx ingress controller acting as a reverse proxy, but I believe I have all the .well-knownredirects configured correctly:

      location /.well-known/carddav {
          return 301 $scheme://$host/remote.php/dav;
      }

      location /.well-known/caldav {
          return 301 $scheme://$host/remote.php/dav;
      }
      location /.well-known/webfinger {
          return 301 $scheme://$host/public.php?service=webfinger;

As you can see from the logs, it successfully performs a PROPFIND against /remote.php/dav, but then starts to try query endpoints that are not prefixed with /remote.php/dav, which seems to be the cause of the problem.

Therefore I started to wonder if the response in /remote.php/dav have some incorrect links, so I grabbed the output from that endpoint, which can be seen here:

As you can see, all <d:href> tags look correct to me. At which point I’m stuck and not sure where to look next.

It’s worth noting that I’m syncing successfully with other clients (korgnaiser, thunderbird).

Any suggests would be most appreciated.

Thanks,
Dan.

2

Hi,

I’ve made some progress here, it appears my problem was a compound of 2 issues:

  1. CORS restricting allowed methods:

I had the annotation nginx.ingress.kubernetes.io/enable-cors: true set in my ingress configuration (ingress-nginx/annotations.md at main · kubernetes/ingress-nginx · GitHub), which in turn sets the following response header:

access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS

This was particularly a problem when the client is trying it hit the OPTIONS /remote.php/dav/principals/users/dan endpoint. Unsetting this allowed all the needed verbs.

allow: OPTIONS, GET, HEAD, DELETE, PROPFIND, PUT, PROPPATCH, COPY, MOVE, REPORT
  1. Automatic URL detection not working

Despite the offical docs (https://docs.nextcloud.com/server/19/user_manual/pim/sync_ios.html), stating just the base hostname is needed, this doesn’t seem to be the case. The hint from the comments here: How to add NextCloud Calendar to iphone - #7 by j-ed gave me the answer. I had to add the /remote.php/dav/principals/users/<username>/ suffix.

1 Like