NC13: caldav + macos/ios issue, android works

SlothNas · May 21, 2018, 5:56pm

I have setup my NC13 behind a nginx reverse-proxy using docker. I can connect to caldav/carddav using OpenSync on Android but I cannot establish a connection on macos or ios. I spend the entire day searching for a solution and did not succeed. What I did so far:

Disabled 2FA-Auth
Disabled Bruteforce Defense (+ deleted corresponding db)
Tried various combinations in the MacOs online account settings (automatic/manual/advanced)
Updated to Nextcloud 13
Commented out $authPlugin->addBackend($bearerAuthPlugin); in /nextcloud/apps/dav/appinfo/v1/webdav.php
Installed Baikal and tested if caldav works with another system (it did not)

The NGINX access.log says:
xyz.com xx.yy.zz.aaa - - [21/May/2018:17:38:31 +0000] “PROPFIND /remote.php/dav/principal/users/XYZ HTTP/1.1” 401 569 “-” “Mac+OS+X/10.13.4 (17E199) CalendarAgent/399.2.2”
nextcloud.log does not note anything about the login attempt.

This and the fact that baikal did not work either, makes me believe, that there is something wrong with my nginx: The settings for nextcloud are:
server {
server_name example.xyz;
listen 80 ;
client_max_body_size 5000M;
access_log /var/log/nginx/access.log vhost;
return 301 https://$host$request_uri;
}
server {
server_name example.xyz;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
client_max_body_size 5000M;
server_tokens off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ‘xxyyzz’;
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/example.xyz.crt;
ssl_certificate_key /etc/nginx/certs/example.xyz.key;
ssl_dhparam /etc/nginx/certs/example.xyz.dhparam.pem;
add_header Strict-Transport-Security “max-age=31536000”;

location ^~ /.well-known/acme-challenge/ {
auth_basic off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}

location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location / {
proxy_pass http://example.xyz;
}
}
I really would apreciate your help in this matter. I love nextcloud and want to continue working with it.

Bernie_O · May 22, 2018, 1:15pm

What happens, if you visit https://example.xyz/.well-known/caldav ?

SlothNas · May 22, 2018, 5:41pm

I get redirected to https://example.xyz/remote.php/dav
Then my browser asks me for login credentials
Then it says: “This is the WebDAV interface. It can only be accessed by WebDAV clients such as the Nextcloud desktop sync client.”

Bernie_O · May 22, 2018, 9:39pm

That’s very good that service discovery is working.

The following works for me and friends of mine very reliable:

delete eventuelly existing caldav accounts using your nextcloud-instance (example.xyz) from your clients (Mac/iOS).
to add a caldav-account on your iOS-device:
go to “settings” --> “accounts+passwords” --> “add account” --> “other” --> “add caldav account”
As server enter only the domain name nothing else (in your example this would be “example.xyz”). Also enter username and password for the nextcloud user and hit “proceed” in the upper right corner.
to add an caldav-account on your Mac:
go to “system preferences” --> “internet accounts” --> “other” --> “add caldav account” (I am not in front of my Mac right now - might be slightly differently).
Then choose automatic configuration. As username enter USERNAME@example.xyz (where USERNAME is your Nextcloud username) and the according password.

SlothNas · May 23, 2018, 6:31am

Bernie you are my hero. Honestly. I am so happy that it finally works. I could swear that I tried this already but now all the sudden it stated working. Thanks man. I wish you a wonderful day.

Closed