NC11 WebDav for KeeWeb

fdelmas · December 20, 2016, 1:27pm

Hello All,

I used to have OwnCloud 9.1 and I was using it with the KeeWeb Application (desktop app) : the KeeWeb desktop app was configured to use the WebDav folder to access the .kdbx file. Every works fine.

Then I migrated to NextCloud 10.2 and now to 11.0 and the same thing (same conf as it is the same server) do not work. I’m getting an 503 Error on my KeeWeb Application.

If I try to access the WebDav folder on Windows Explorer, It works fine.

I did the same test on a fresh Nexcloud Installation with Ubuntu 16.04 /Maria DB/ PHP7 and I had the same 503 error.

Nextcloud11
Ubuntu 14.04 LTS
Apache 2.4
PHP 5.6

NextCloud.Conf APACHE file :
Alias /owncloud “/var/www/owncloud/”
<VirtualHost *:80>
ServerName XXX
Redirect permanent / https://XXX

<VirtualHost *:443>
ServerName XXX

Header always set Strict-Transport-Security "max-age=15552000; includeSubDomain$

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/XX-cert.pem
SSLCertificateKeyFile /etc/apache2/ssl/XX-private.key
DocumentRoot /var/www/owncloud/
<Directory /var/www/owncloud>

AllowOverride All
order allow,deny
Allow from all

All help will be great

Thanks

tflidd · December 20, 2016, 8:09pm

503 is a server error, you should get some error messages in your webserver logs.

fdelmas · December 22, 2016, 7:20am

Thanks,

After searching in the Apache logs, i found those error :

[Tue Dec 20 08:25:39.616911 2016] [authz_core:error] [pid 11852] [client XXXX:51958] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata

tflidd · December 23, 2016, 7:46pm

This error is expected, it just checks if the data-directory is protected against direct access.

The config-snipped of apache looks a bit incomplete, some tags seem to be missing (cf. https://docs.nextcloud.com/server/11/admin_manual/installation/source_installation.html#apache-configuration-label).

One more thing, the Order allow,deny-statements are from Apache 2.2, instead of

Order allow,deny
Allow from all

it should be

Require all granted

-> https://httpd.apache.org/docs/2.4/upgrading.html

fdelmas · December 27, 2016, 7:43am

Thanks.

I modified my apache config with :

Alias /owncloud “/var/www/owncloud/”
<VirtualHost *:80>
ServerName XXX
Redirect permanent / https://XXX/

<VirtualHost *:443>
ServerName XXX

Header always set Strict-Transport-Security “max-age=15552000; includeSubDomains; preload”

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/XX-cert.pem
SSLCertificateKeyFile /etc/apache2/ssl/XX-private.key
DocumentRoot /var/www/owncloud/

<Directory /var/www/owncloud>
Require all granted
Satisfy Any

Options +FollowSymlinks
AllowOverride All

Dav off

SetEnv HOME /var/www/owncloud
SetEnv HTTP_HOME /var/www/owncloud

And I checked that the followings modules are activated :
a2enmod rewrite
a2enmod headers
a2enmod env
a2enmod dir
a2enmod mime

But I still get the 503 Error.

vco1 · December 27, 2016, 8:21am

Not using KeeWeb here, but I had severe issues with WebDav and Nextcloud 11. I migrated from OC9.1 to NC10 and NC11. Apart from the sync client not working on Mac OS, I also noted that I couldn’t save files through webdav on Mac OS X. That worked perfectly fine on OC.
The messages in the log files weren’t very informative. Went straight to the server instead of through HAProxy, to make sure that wasn’t the cause of the problems. Didn’t make any difference.
I could save files via webdav, but everything ended up as 0 (zero) byte files.
After spending several hours on this issue, and disappointed that the sync client didn’t work either, I decided to revert back to a working(!) ownCloud. I’ll return if NC is more mature, or at least the bugs have been fixed.

tflidd · December 27, 2016, 10:10am

If it worked in NC 10 and only the update broke it (same apache configuration, same system, same php), you should better create a bug report.

fdelmas · December 27, 2016, 10:12am

In my case it worked with OC 9.1 but did not work when I migrate to NC 10. Same Apache conf, system and PHP).

And just to clarify, Webdav access works with Windows Explorer, but not with Keeweb app.

tflidd · December 27, 2016, 10:46am

All that sounds a bit like this issue, where DAVdroid couldn’t handle CSFR tokens:

You can try to add the user agent string of KeeWeb to the list of incompatible clients such as the OS X finder:

github.com/nextcloud/server

Add exemptions for incompatible UAs

nextcloud:master ← nextcloud:add-exemption-for-osx

opened 03:16PM - 08 Sep 16 UTC

LukasReschke

+15 -1

Some user agents are notorious and don't really properly follow HTTP specificat…ions. For those, have an automated opt-out. Since the protection for remote.php is applied in base.php as starting point we need to opt out here. Fixes https://github.com/nextcloud/server/issues/223 Fixes https://github.com/nextcloud/server/issues/1237 In combination with https://github.com/nextcloud/server/pull/797

fdelmas · December 27, 2016, 1:16pm

Thanks I’ll try this tomorrow.

Do you know how can I get the user agent string for Keeweb ?

I did not find it on Google.

tflidd · December 27, 2016, 1:25pm

Apache logs the user agent string by default in the access.log.

fdelmas · December 28, 2016, 8:10am

Ok, I had nothing on the access.log of Apache. I’m still searching.

tflidd · December 28, 2016, 12:15pm

There is the combined log format which should contain the user agent string:
https://httpd.apache.org/docs/2.4/logs.html

fdelmas · December 29, 2016, 7:17am

It works

I had to modify the base.php file with the user agent as you said.

Thanks a lot Tfidd !

tflidd · December 29, 2016, 7:42am

Are you using this app? There was already an issue reported:

fdelmas · December 29, 2016, 8:07am

No, i’m using the desktop app, not the Web app.

tflidd · December 29, 2016, 9:34am

Perhaps notify them as well. Your solution is just a workaround not a real fix.