fdelmas
December 20, 2016, 1:27pm
1
Hello All,
I used to have OwnCloud 9.1 and I was using it with the KeeWeb Application (desktop app) : the KeeWeb desktop app was configured to use the WebDav folder to access the .kdbx file. Every works fine.
Then I migrated to NextCloud 10.2 and now to 11.0 and the same thing (same conf as it is the same server) do not work. I’m getting an 503 Error on my KeeWeb Application.
If I try to access the WebDav folder on Windows Explorer, It works fine.
I did the same test on a fresh Nexcloud Installation with Ubuntu 16.04 /Maria DB/ PHP7 and I had the same 503 error.
Nextcloud11
Ubuntu 14.04 LTS
Apache 2.4
PHP 5.6
NextCloud.Conf APACHE file :
Alias /owncloud “/var/www/owncloud/”
<VirtualHost *:80>
ServerName XXX
Redirect permanent / https://XXX
<VirtualHost *:443>
ServerName XXX
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomain$
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/XX-cert.pem
SSLCertificateKeyFile /etc/apache2/ssl/XX-private.key
DocumentRoot /var/www/owncloud/
<Directory /var/www/owncloud>
AllowOverride All
order allow,deny
Allow from all
All help will be great
Thanks
tflidd
December 20, 2016, 8:09pm
2
503 is a server error, you should get some error messages in your webserver logs.
fdelmas
December 22, 2016, 7:20am
3
Thanks,
After searching in the Apache logs, i found those error :
[Tue Dec 20 08:25:39.616911 2016] [authz_core:error] [pid 11852] [client XXXX:51958] AH01630: client denied by server configuration: /var/www/owncloud/data/.ocdata
tflidd
December 23, 2016, 7:46pm
4
This error is expected, it just checks if the data-directory is protected against direct access.
The config-snipped of apache looks a bit incomplete, some tags seem to be missing (cf. https://docs.nextcloud.com/server/11/admin_manual/installation/source_installation.html#apache-configuration-label ).
One more thing, the Order allow,deny
-statements are from Apache 2.2, instead of
Order allow,deny
Allow from all
it should be
Require all granted
-> https://httpd.apache.org/docs/2.4/upgrading.html
fdelmas
December 27, 2016, 7:43am
5
Thanks.
I modified my apache config with :
Alias /owncloud “/var/www/owncloud/”
<VirtualHost *:80>
ServerName XXX
Redirect permanent / https://XXX/
<VirtualHost *:443>
ServerName XXX
Header always set Strict-Transport-Security “max-age=15552000; includeSubDomains; preload”
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/XX-cert.pem
SSLCertificateKeyFile /etc/apache2/ssl/XX-private.key
DocumentRoot /var/www/owncloud/
<Directory /var/www/owncloud>
Require all granted
Satisfy Any
Options +FollowSymlinks
AllowOverride All
Dav off
SetEnv HOME /var/www/owncloud
SetEnv HTTP_HOME /var/www/owncloud
And I checked that the followings modules are activated :
a2enmod rewrite
a2enmod headers
a2enmod env
a2enmod dir
a2enmod mime
But I still get the 503 Error.
vco1
December 27, 2016, 8:21am
6
Not using KeeWeb here, but I had severe issues with WebDav and Nextcloud 11. I migrated from OC9.1 to NC10 and NC11. Apart from the sync client not working on Mac OS, I also noted that I couldn’t save files through webdav on Mac OS X. That worked perfectly fine on OC.
The messages in the log files weren’t very informative. Went straight to the server instead of through HAProxy, to make sure that wasn’t the cause of the problems. Didn’t make any difference.
I could save files via webdav, but everything ended up as 0 (zero) byte files.
After spending several hours on this issue, and disappointed that the sync client didn’t work either, I decided to revert back to a working(!) ownCloud. I’ll return if NC is more mature, or at least the bugs have been fixed.
tflidd
December 27, 2016, 10:10am
7
If it worked in NC 10 and only the update broke it (same apache configuration, same system, same php), you should better create a bug report.
fdelmas
December 27, 2016, 10:12am
8
In my case it worked with OC 9.1 but did not work when I migrate to NC 10. Same Apache conf, system and PHP).
And just to clarify, Webdav access works with Windows Explorer, but not with Keeweb app.
tflidd
December 27, 2016, 10:46am
9
All that sounds a bit like this issue, where DAVdroid couldn’t handle CSFR tokens:
I just migrated from Owncloud to Nextcloud today. I did so by installing Nextcloud and then importing my Database into Nextcloud. So far, Nextcloud works wonderfully but the only thing that doesn’t work is Davdroid, which is an app on Android I use to sync my calendar and contacts with my phone. Authentication passes in Davdroid, it’s even able to see which calendars I have. When it goes to fetch data from my contacts, it all falls apart.
Error output is below. Note I changed “https” to “httpx”…
You can try to add the user agent string of KeeWeb to the list of incompatible clients such as the OS X finder:
nextcloud:master
← nextcloud:add-exemption-for-osx
opened 03:16PM - 08 Sep 16 UTC
Some user agents are notorious and don't really properly follow HTTP
specificat… ions. For those, have an automated opt-out. Since the protection
for remote.php is applied in base.php as starting point we need to opt out
here.
Fixes https://github.com/nextcloud/server/issues/223
Fixes https://github.com/nextcloud/server/issues/1237
In combination with https://github.com/nextcloud/server/pull/797
fdelmas
December 27, 2016, 1:16pm
10
Thanks I’ll try this tomorrow.
Do you know how can I get the user agent string for Keeweb ?
I did not find it on Google.
tflidd
December 27, 2016, 1:25pm
11
Apache logs the user agent string by default in the access.log.
fdelmas
December 28, 2016, 8:10am
12
Ok, I had nothing on the access.log of Apache. I’m still searching.
tflidd
December 28, 2016, 12:15pm
13
There is the combined
log format which should contain the user agent string:
https://httpd.apache.org/docs/2.4/logs.html
fdelmas
December 29, 2016, 7:17am
14
It works
I had to modify the base.php file with the user agent as you said.
Thanks a lot Tfidd !
tflidd
December 29, 2016, 7:42am
15
Are you using this app? There was already an issue reported:
fdelmas
December 29, 2016, 8:07am
16
No, i’m using the desktop app, not the Web app.
tflidd
December 29, 2016, 9:34am
17
Perhaps notify them as well. Your solution is just a workaround not a real fix.