Since I got no responses, I moved the topic to the support category.
I would delete this post, but it says I do not have the rights, can a Mod delete this post?
###############################################################
Hey there,
after some issues with my first nextcloud installation, I am near a state where I would consider it done 
BUT, the configcheck under settings/admin/overview is still giving me a warning that “/.well-known/caldav” and “/.well-known/carddav” could not be resolved.
Which I want to solve.
My setup is the following, I am running nextcloud in a docker container behind a traefik reverse proxy on an raspberry pi 4. I am using a domain (raspberrypi.mydomain.example.com with let’s encrypt) and switch to the different services based on the path (/nc for nextcloud).
I already consulted the documentation which had a passage in it for use with a traefik rev_prox, (which needed to be translated into traefik v2.0 syntax) but it did not solve my problem.
If I call the url raspberrypi.mydomain.example.com/nc/.well-known/caldav I get redirected to https://raspberrypi.mydomain.example.com/remote.php/dav/ and see a 404.
If however I call https://raspberrypi.mydomain.example.com/nc/remote.php/dav/, I get prompted This is the WebDAV interface. It can only be accessed by WebDAV clients such as the Nextcloud desktop sync client.
But the regex only (partially) works for the caldav part, because when I call http://raspberrypi.mydomain.example.com/nc/.well-known/carddav I get redirected to https://$1/remote.php/dav/ and not to the same url as the caldav version.
I checked the regex with the suggested Regex101 but it seems to be fine?
I noticed that only the “/nc” path is missing from the redirected url to the working https://raspberrypi.mydomain.example.com/nc/remote.php/dav/ my guess is that the removeServiceSelector middleware is removing the /nc part of the url before the redirectDAV middleware is abled to process the called url?
If that would be the case, what configuration would I need to prevent this from happening, but still keep the service selection by path?
Or is it something else, any ideas?
Those are my config files:
docker-compose.yml for traefik container
version: "3.1"
networks:
web:
external: true
services:
traefik:
image: traefik:v2.0.4
container_name: traefik
ports:
- "80:80"
- "443:443"
- "8080:8080"
environment:
- TZ=Europe/Berlin
- EXEC_PATH=/etc/traefik/domain_dns
- DOMAIN_TOKEN=d42d9cd98f00b204e9345998ecf8427e
- DOMAIN_NAME=mydomain.example.com
volumes:
- ./traefik.yml:/etc/traefik/traefik.yml
- ./dynamic_conf.yml:/etc/traefik/dynamic_conf.yml
- ./acme.json:/acme.json
- ./domain_dns:/etc/traefik/domain_dns
networks:
- web
docker-compose.yml for service containers
version: "3.1"
networks:
web:
external: true
internal:
external: false
services:
nextcloud:
#currently 16.0.6.1 Image
image: nextcloud:stable-apache
volumes:
- "./nc/data:/var/www/html/data"
- "./nc/custom_apps:/var/www/html/custom_apps"
- "./nc/config:/var/www/html/config"
environment:
- MYSQL_HOST=db
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=somepassword
networks:
- internal
- web
db:
image: linuxserver/mariadb:arm32v7-110.4.10mariabionic-ls42
restart: always
volumes:
- "./db:/config"
env_file:
- "db.env"
networks:
- internal
adminer:
image: adminer:4.7.4-standalone
restart: always
networks:
- internal
- web
traefik.yml
level: DEBUG
serversTransport:
insecureSkipVerify: true
entryPoints:
web:
address: ":80"
web-secure:
address: ":443"
api:
insecure: true
dashboard: true
providers:
file:
filename: "/etc/traefik/dynamic_conf.yml"
watch: true
certificatesResolvers:
sample:
acme:
email: admin@mydomain.example.com
storage: acme.json
dnsChallenge:
provider: exec
delayBeforeCheck: 0
dynamic_conf.yml
http:
routers:
redirectToHttps:
entyPoints:
- web
service: NeededButNeverUsed
rule: "HostRegexp(`{host:.+}`)"
middlewares:
- httpsredirect
nextcloud:
entryPoints:
- web-secure
service: nextcloud
rule: "Host(`raspberrypi.mydomain.example.com`) && PathPrefix(`/nc`)"
middlewares:
- redirectDAV
- removeServiceSelector
- ncSecHeader
tls:
certResolver: sample
adminer:
entryPoints:
- web-secure
service: adminer
rule: "Host(`raspberrypi.mydomain.example.com`) && PathPrefix(`/ad`)"
middlewares:
- removeServiceSelector
tls:
certResolver: sample
services:
NeededButNeverUsed:
loadBalancer:
servers:
- url: "http://192.1.2.3"
nextcloud:
loadBalancer:
servers:
- url: "http://nextcloud:80/"
adminer:
loadBalancer:
servers:
- url: "http://adminer:8080/"
middlewares:
httpsredirect:
redirectScheme:
scheme: https
removeServiceSelector:
stripPrefix:
prefixes:
- "/nc"
- "/ad"
forceSlash: false
ncSecHeader:
headers:
forceSTSHeader: true
stsPreload: true
stsSeconds: 15552000
contentTypeNosniff: true
browserXssFilter: true
sslHost: raspberrypi.mydomain.example.com
redirectDAV:
redirectRegex:
regex: "^https://(.*)/.well-known/(card|cal)dav"
replacement: "https://${1}/remote.php/dav/"
permanent: true
nextcloud config.php
<?php
$CONFIG = array (
'htaccess.RewriteBase' => '/',
'memcache.local' => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'instanceid' => 'asdfasdfadsf',
'trusted_domains' =>
array (
0 => 'nextcloud:80',
1 => 'raspberrypi.mydomain.example.com',
),
'trusted_proxies' =>
array (
0 => 'traefik',
),
'overwrite.cli.url' => 'https://raspberrypi.mydomain.example.com/nc',
'overwritehost' => 'raspberrypi.mydomain.example.com',
'overwritewebroot' => '/nc',
'overwriteprotocol' => 'https',
'passwordsalt' => 'asdfasdfasdfasdfasdfasdfasdfas',
'secret' => 'asdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdf',
'datadirectory' => '/var/www/html/data',
'dbtype' => 'mysql',
'version' => '16.0.5.1',
'dbname' => 'nextcloud',
'dbhost' => 'db',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'nextcloud',
'dbpassword' => 'asdfasdfasdf',
'installed' => true,
'maintenance' => false,
'theme' => '',
'loglevel' => 0,
'mysql.utf8mb4' => true,
);