Problems with NC 14.0.3 - caldav, carddav

  • Your web server is not properly set up to resolve “/.well-known/caldav”. Further information can be found in the documentation.
  • Your web server is not properly set up to resolve “/.well-known/carddav”. Further information can be found in the documentation.
  • The “Referrer-Policy” HTTP header is not set to “no-referrer”, “no-referrer-when-downgrade”, “strict-origin” or “strict-origin-when-cross-origin”. This can leak referer information. See the W3C Recommendation :arrow_upper_right:.

I am running 14.0.3 stable, tried adding the Lines

  • lines from ralcazar to file /etc/apache2/sites-available/default-ssl.conf
  • and the lines from the manual here to .htaccess

nothing worked

Nextcloud version _14.0.3:
Operating system and version _raspbian stretch:
Apache or nginx version _apache2 2.4.25-3+deb9u5
PHP version _php7.0 7.0.30-0+deb9u1

Thunderbird error message:

JavaScript error: resource://messagingmenu/modules/MessagingMenuModule.jsm, line 795: ReferenceError: indicator is not defined
console.error: Lightning:
[calCachedCalendar] replay action failed: null, uri=https://domain/nextcloud/remote.php/caldav/calendars/user/pers%C3%B6nlich, result=2147500037, operation=[xpconnect wrapped calIOperation]

That should normally do it. You run Nextcloud in a subfolder?
Check the logfiles as well, there you can see who and where the .well-known-stuff is called and the error message. Perhaps the service discovery checks without ssl?

Yes, it is in the subfolder /var/www/nextcloud .

I finally found out, that the config file /etc/apache2/sites-available/000-default.conf is responsible for my configuration. The well-known and no-referrer warnings are gone now. :smiley:

How can I split the config file, to create a separate nextcloud.conf?

Sadly, I still get errors from lightning in thunderbird. How can I fix it?

At the Nextcloud debug log is:
Sabre\DAV\Exception\NotAuthenticated: No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured

Thanks

In apache environment it’s recommended to have the NC instance outside the webserver folder and isolated.
If you place it in /var/www/nextcould you should have a file /etc/apache2/sites-available/nextcloud.conf (do not use default-ssl.conf).

Here is my conf file

Alias /nextcloud /var/www/nextcloud/

<Directory /var/www/nextcloud/>

SSLRenegBufferSize 10486000

Options +FollowSymlinks
AllowOverride All

Dav off

SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
SSLRequireSSL

Header always set Strict-Transport-Security “max-age=31536000; includeSubdomains; preload”

Redirect 301 /.well-known/carddav https://MyServer/nextcloud/remote.php/dav
Redirect 301 /.well-known/caldav https://MyServer/nextcloud/remote.php/dav

About the auth error be sure that you have enabled in apache the modules auth_basic, headers, ssl, rewrite, php and mod_env (see .htaccess modules in NC folder)

Hope it helps

My nextcloud data folder is outside www ( /var/nextclouddata ), but the whole nc folder can be moved when using apache?

How can I move the nextcloud folder outside the www folder?

I found the temporary fix for the thunderbird errors.
network.cookie.same-site.enabled=false

My nextcloud.conf looks like this now

Alias /nextcloud /var/www/nextcloud/ 
<Directory /var/www/nextcloud/>

SSLRenegBufferSize 10486000

Options +FollowSymlinks
AllowOverride All

<IfModule mod_dav.c>
  Dav off
</IfModule>

SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
SSLRequireSSL
</Directory>
   Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
   Header set Referrer-Policy "no-referrer"

Redirect 301 /.well-known/carddav https://domain/nextcloud/remote.php/dav
Redirect 301 /.well-known/caldav https://domain/nextcloud/remote.php/dav

@ralcazar
about the auth error, at /etc/apache2/mods-enabled/ is enabled:
headers.load , ssl.load , php7.0.load , env.load , auth_basic.load , rewrite.load , …

At the .htaccess:

 ...
  <IfModule mod_env.c>
    # Add security and privacy related headers
    Header set X-Content-Type-Options "nosniff"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Robots-Tag "none"
    Header set X-Download-Options "noopen"
    Header set X-Permitted-Cross-Domain-Policies "none"
    Header set Referrer-Policy "no-referrer"
    SetEnv modHeadersAvailable true
  </IfModule>
  ...

Looks ok, or I miss something?

Thanks