Multiple problems : Mails, WebDav, caldav & cardav

Hey,

First, I want to express my gratitude to the Nextcloud team and the entire community. You’re all doing a great job !

I’ve recently followed the fork owncloud -> nextcloud when I received my new server hardware. I’ve successfully installed Nextcloud for Debian 10 Buster. But I’m still facing some problems… I’m convinced most of them are relating to the server configuration. Before exposing you my troubles, let’s talk about my environment :
• Debian 10 Buster
• Apache2 server
• Nextcloud installation outside of web root
• Data folder outside of Nextcloud root
• Data are on a ZFS drive
• Workstation on Windows 10

I’m not understanding everything relating to apache2 configuration. I’m facing difficulties with the server configuration files, cause I have 2 differents files in sites-available folder : nextcloud.conf & nexcloud-le-ssl.conf. If I well understand, these configurations are overwrited by .htaccess inside the Nextcloud folder. Can you explain me in which way some of these 2 files in my web directory are useless ? Precision : both of these files has the directive “Dav On”.

Well, let’s talk about problems…

Mails
I’m trying to send mails on Nextcloud settings through an OVH account, but it’s not working. Here is the message I receive in admin panel :

WebDav
I cannot connect through WebDav, I’m receiving a 401 authentication error. It’s the same error with windows shell, explorer, and CyberDuck.

Caldav & Cardav
I also have the traditional error “Your Web server is not set up properly to resolve /.well-known/caldav/ or /.well-known/carddav/”

Investigations
I’m quite sure all these problems can be solved with a good configuration of my .htaccess. I’ve read a lot of topics on this forum and on Internet but I cannot find a good example matching to my configuration, and I was not able to solve this problem by myself. It looks like WebDav and mail problems are both relating to this ******* .htaccess file. In particular, I think these troubles are relating to mod_headers and mod_rewrite. Here is the content of my .htaccess :

.htaccess SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1 RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1 # Add security and privacy related headers Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" Header set X-Robots-Tag "none" Header set X-Download-Options "noopen" Header set X-Permitted-Cross-Domain-Policies "none" Header set Referrer-Policy "no-referrer" SetEnv modHeadersAvailable true

Add cache control for static resources

<FilesMatch “.(css|js|svg|gif)$”>
Header set Cache-Control “max-age=15778463”

Let browsers cache WOFF files for a week

<FilesMatch “.woff2?$”>
Header set Cache-Control “max-age=604800”



php_value mbstring.func_overload 0
php_value default_charset ‘UTF-8’
php_value output_buffering 0

SetEnv htaccessWorking true



RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} DavClnt
RewriteRule ^$ /remote.php/webdav/ [L,R=302]
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^.well-known/host-meta /public.php?service=host-meta [QSA,L]
RewriteRule ^.well-known/host-meta.json /public.php?service=host-meta-json [QSA,L]
RewriteRule ^.well-known/webfinger /public.php?service=webfinger [QSA,L]
RewriteRule ^.well-known/carddav /remote.php/dav/ [R=301,L]
RewriteRule ^.well-known/caldav /remote.php/dav/ [R=301,L]
RewriteRule ^remote/(.) remote.php [QSA,L]
RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.
- [R=404,L]
RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.*
RewriteRule ^(?:.|autotest|occ|issue|indie|db_|console).* - [R=404,L]


AddType image/svg+xml svg svgz
AddEncoding gzip svgz


DirectoryIndex index.php index.html

AddDefaultCharset utf-8
Options -Indexes

ModPagespeed Off

DO NOT CHANGE ANYTHING ABOVE THIS LINE

ErrorDocument 403 /nextcloud/
ErrorDocument 404 /nextcloud/

Options -MultiViews
RewriteRule ^core/js/oc.js$ index.php [PT,E=PATH_INFO:$1]
RewriteRule ^core/preview.png$ index.php [PT,E=PATH_INFO:$1]
RewriteCond %{REQUEST_FILENAME} !.(css|js|svg|gif|png|html|ttf|woff2?|ico|jpg|jpeg)$
RewriteCond %{REQUEST_FILENAME} !core/img/favicon.ico$
RewriteCond %{REQUEST_FILENAME} !core/img/manifest.json$
RewriteCond %{REQUEST_FILENAME} !/remote.php
RewriteCond %{REQUEST_FILENAME} !/public.php
RewriteCond %{REQUEST_FILENAME} !/cron.php
RewriteCond %{REQUEST_FILENAME} !/core/ajax/update.php
RewriteCond %{REQUEST_FILENAME} !/status.php
RewriteCond %{REQUEST_FILENAME} !/ocs/v1.php
RewriteCond %{REQUEST_FILENAME} !/ocs/v2.php
RewriteCond %{REQUEST_FILENAME} !/robots.txt
RewriteCond %{REQUEST_FILENAME} !/updater/
RewriteCond %{REQUEST_FILENAME} !/ocs-provider/
RewriteCond %{REQUEST_FILENAME} !/ocm-provider/
RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.*
RewriteRule . index.php [PT,E=PATH_INFO:$1]

SetEnv front_controller_active true DirectorySlash off

In addition, there is my nextcloud.conf inside apache directory :

nextcloud.conf

<VirtualHost *:443>
ServerAdmin photo@.fr
DocumentRoot /Nextcloud/
ServerName nc.
.fr
ServerAlias www.nc.*****.fr
Alias /nextcloud “/Nextcloud/”

<Directory /Nextcloud/>
Options FollowSymlinks Multiviews
AllowOverride All
Require all granted

Dav on

Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"

SetEnv HOME /Nextcloud
SetEnv HTTP_HOME /Nextcloud

RewriteEngine on RewriteCond %{SERVER_NAME} =nc.*****.fr [OR] RewriteCond %{SERVER_NAME} =www.nc.*****.fr RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Any help will be much appreciated ! Thank’s in advance for your advice :slight_smile:

XetYr

Up ? :slight_smile:

Nextcloud should be in the web root, and the data folder outside it.

These are your site configs. I’m not sure what you mean by saying they are useless?

On your mail issue, you are failing SMTP authentication. The error is 5.7.1 client was not authenticated. This error is returned from the MTA, so it’s not taking your credentials.

Hey Karl,

Sorry for my late answer, I was working hard these days…

I’ve totally uninstall and re-install a fresh version of Nextcloud 17 on my system. Now I’ve the Nextcloud folder inside the web root, and maybe I’ve understood something concerning the apache configs files. Today I’ve only 1 of them, with the good configuration according to Mozzila advices. SSLLabs is now providing me a A+ rate ! :smile:

I can not explain why, but the WebDav protocol is now working. I felt it was slow, so I added a Redis cache in addition of the APCu and it’s increasing considerably the response time of WebDav service. In that way, do you think I must take a look on OPcache ?

In another way, SMTP authentication is still disturbed, returning the 5.7.1 error. Have you any idea I can investigate on ?