Repost: Problem about caldav carddav

Copaxy · June 1, 2021, 5:46pm

Nextcloud version : 21.0.2
Operating system and version: OMV5
Apache or nginx version: v2.9.3
PHP version: 7.3.27-1

I don’t know why my last topic disapeard but nvm, here is it again

Hello,

I have a raspberry pi 4 with Openmediavault installed with portainer and Nginx as a Docker compose installed.

when i try to login in my nextcloud then i type in my admin user information and password but it is stuck in login. The circle symbol is running but nothing happens. Only when i refresh the page during login then suddenly i am logged in.
This also stps me from login on my nextcloud app on my phone becuause i cannot pass the login becuause i cannot refresh the page.

Also i have the /.well-known/caldav" “/.well-known/carddav” problem and fail to fix it.
I red the documentation and other posts and “solutions” but i don’t understand anything and it is very confusing.
I already fail to find my nginx.config file, because i use nginx docker not direct install with apache. So i don’t find the location of it.

My docker-compose is this:

version: '2'

volumes:
  nextcloud:
  db:

services:
  db:
    image: yobasystems/alpine-mariadb:latest
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    restart: always
    volumes:
      - /var/lib/ncdata2/database2:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD="MyPassword"
      - MYSQL_PASSWORD="MyPassword"
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud

  app:
    build: .
    ports:
      - 8080:80
    links:
      - db
    volumes:
      - /var/lib/ncdata2/nextcloud2:/var/www/html
    restart: always

And my Dockerfile is this:

FROM nextcloud:apache

RUN apt-get update && apt-get install -y procps smbclient && rm -rf /var/lib/apt/lists/*

Does someone know how i can find the nginx.config file and how i can fix the well known …problem and why my login is so bugged? I literaly have to interrupt the login and refresh to get to my dashboard. I never had all those problems before. I have no idea what is going on there.

If someone could lighten me up for what and why this is happening would already be a good beginning to understand what is going on.

Copaxy · June 2, 2021, 1:46pm

Does no one have a idea?

Copaxy · June 3, 2021, 11:51pm

I tried to edit the nextcloud.conf file but no luck

upstream php-handler {
    server unix:/var/run/php/php7.3-fpm.sock;
}

server {
    listen 80;
    server_name my domain;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    add_header Strict-Transport-Security "max-age=15768000;includeSubDomains;";
    #
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Robots-Tag "none" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header Referrer-Policy "no-referrer" always;

    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    root /usr/share/nginx/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
    # last;

    location = /.well-known/carddav {
      return 301 $scheme://$host:$server_port/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host:$server_port/remote.php/dav;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    location / {
        rewrite ^ /index.php;
    }

    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
        deny all;
    }
    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
        fastcgi_split_path_info ^(.+?\.php)(\/.*)$;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
        #fastcgi_read_timeout 1200;
    }

    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
        try_files $uri/ =404;
        index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)
        # Before enabling Strict-Transport-Security headers please read into
        # this topic first.
        # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Robots-Tag "none" always;
        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        
        # Optional: Don't log access to assets
        access_log off;
    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
        try_files $uri /index.php$request_uri;
        # Optional: Don't log access to other assets
        access_log off;
    }
}

I dont know what to do anymore. I tried to read as much as possible about virtual host configuration but the hell i dont know how to continue and how to start…it is really frustrating.

Does someone have a idea how to solve my problem and please share it to me?

SimonWolf · June 4, 2021, 2:34am

I am having the same issue.
Look at what nursoda told me, it was really helpful.
Couldn’t find a solution for Apache jet but I will post it if I find one.

For NginX however he posted a possible solution. Maybe try it.

Copaxy · June 4, 2021, 1:17pm

Thank you very much for giving me some hints. I now have an idea what is the problem, but i still cannot solve it. It seems like nursoda is also using nginx. Maybe i ping him here and ask if he has a clue what i am doing wrong.

Copaxy · June 4, 2021, 1:44pm

@nursoda

Hi i have red your comments ins SimonWolfs topic and i saw that you use also nginx. Maybe you have a idea what i am doing wrong.
I also use nginx but as docker and nextcloud in portainer as a docker as shown in my top post.

my docker-compose from nginx looks like this:

version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    environment:
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "Myuser"
      DB_MYSQL_PASSWORD: "Mypassword"
      DB_MYSQL_NAME: "Mydatabase"
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
  db:
    image: 'yobasystems/alpine-mariadb:latest'
    environment:
      MYSQL_ROOT_PASSWORD: 'Mypassword'
      MYSQL_DATABASE: 'Mydatabase'
      MYSQL_USER: 'Myuser'
      MYSQL_PASSWORD: 'Mypassword'
    volumes:
      - ./data/mysql:/var/lib/mysql

and my nginx.conf looks like this:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
# 
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

My nextcloud.conf. looks like this:

upstream php-handler {
    server unix:/var/run/php/php7.3-fpm.sock;
}

server {
    listen 80;
    server_name mysubdomain.mydomain.de;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    add_header Strict-Transport-Security "max-age=15768000;includeSubDomains;";
    #
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Robots-Tag "none" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header Referrer-Policy "no-referrer" always;

    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    root /usr/share/nginx/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
     last;

    location = /.well-known/carddav {
      return 301 $scheme://$host:$server_port/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host:$server_port/remote.php/dav;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    location / {
        rewrite ^ /index.php;
    }

    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
        deny all;
    }
    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
        fastcgi_split_path_info ^(.+?\.php)(\/.*)$;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
        #fastcgi_read_timeout 1200;
    }

    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
        try_files $uri/ =404;
        index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)
        # Before enabling Strict-Transport-Security headers please read into
        # this topic first.
        # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Robots-Tag "none" always;
        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        
        # Optional: Don't log access to assets
        access_log off;
    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
        try_files $uri /index.php$request_uri;
        # Optional: Don't log access to other assets
        access_log off;
    }
}

my nextcloud docker-compose looks like this:

version: '2'

volumes:
  nextcloud:
  db:

services:
  db:
    image: yobasystems/alpine-mariadb:latest
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    restart: always
    volumes:
      - /var/lib/ncdata2/database2:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=Mypassword
      - MYSQL_PASSWORD=Mypassword
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud

  app:
    build: .
    ports:
      - 8080:80
    links:
      - db
    volumes:
      - /var/lib/ncdata2/nextcloud2:/var/www/html
    restart: always

My nextcloud config.php looks like this:

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'instanceid' => '',
  'passwordsalt' => '',
  'secret' => '',
  'trusted_domains' => 
  array (
    0 => 'mysubdomain.mydomain.de',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '21.0.2.1',
  'overwrite.cli.url' => 'https://mysubdomain.mydomain.de',
  'dbname' => 'nextcloud',
  'dbhost' => 'db',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'Mypassword',
  'installed' => true,
  'app_install_overwrite' => 
  array (
    0 => 'dicomviewer',
  ),
);

When i run your curl -kI https://YOURSERVERNAME/.well-known/carddav from your post then i get this output:

HTTP/2 301 
server: openresty
date: Fri, 04 Jun 2021 13:36:05 GMT
content-type: text/html; charset=iso-8859-1
location: http://mysubdomain.mydomain.de/remote.php/dav/
referrer-policy: no-referrer
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: none
x-xss-protection: 1; mode=block
strict-transport-security: max-age=63072000; preload
x-served-by: mysubdomain.mydomain.de

And same as SimonWolf i have the https issue i guess.
I hope i could probide to you the necessary information needed to let you understand what i have done. But if you need anything more just say it and i post it.

I don’t know where i do a mistake. Do you have a idea or a hint?

Also i get a phone number region error. I found the code i need to add in the samplephp file in the nextcloud folder but i don’t know where to add it.

SimonWolf · June 4, 2021, 1:49pm

Be sure not to share your instanceid, passwordsalt and secret

Phone number anywhere in the config.php like this:
"default_phone_region": "DE",

Copaxy · June 4, 2021, 2:28pm

Oh okey i will edit it, thanks

nursoda · June 4, 2021, 4:20pm

Your issue is with the Proxy on the HOST, not the NGINX config IN the NC container.
Please post your host proxy config (or just try to add the line proxy_redirect http:// https://; within your location / {}).

Copaxy · June 4, 2021, 4:51pm

Ahh okey, so it is on the Host…

stupid question but how do i find the proxy config on the host?

nursoda · June 4, 2021, 5:36pm

Well, in the Nginx Proxy Manager to be exact. I don’t use such tools. Proxying using NGINX is not that complicated that I’d introduce another layer of complexity using a graphical proxy manager.

Copaxy · June 4, 2021, 6:17pm

I can find a nginx folder (not the docker container folder) on my host and there is also a folder proxy inside the nginx folder but they are all empty. I never edited or added a proxy setting to my host (raspberry pi) i just top installed nginx (docker) to manage my dockers. Before i installed it as a docker i never used the proxy settings.
Maybe i first have to create a proxy setting file and then add the proxy_redirect http:// https://; or do i have to do something different?

The only thing i find about this is that if i want to connect my host to a proxy, i have to create three environment variables ("http_proxy ", "https_proxy ", and "no_proxy ") in the /etc/environment area and set username and password for the proxy i want to connect.
But you dont mean that right?

nursoda · June 4, 2021, 11:39pm

Frankly I don’t know. I never used docker nor a proxy within. But I see from your nginx docker-compose, that you use this image: jc21/nginx-proxy-manager:latest. And as far as I can tell that’s some proxy with a graphical user interface. I cannot tell what you’d have to do in that container nor what happens on your host.

You should sketch your networks and bindings graphically, and try to understand each component: How is your host connected to the internet? Directly? Is the nginx container taking these internet connections? It is terminating TLS? That would be official:443->ngnx->app:80. If so, you need to configure something like proxy_redirect http:// https://; in your nginx container, either using variables or the GUI.

For me it was easier to use the host-natively installed NGINX as pure app router that terminates TLS and forwards traffic unencryptedly to the containers. The example config suffices to contact the server but needs the additional statements below for the header rewrites, and one to omit the default file size / upload limit.

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name YOUR.SERVER.COM;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    ssl_certificate /etc/letsencrypt/live/YOUR.SERVER.COM/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/YOUR.SERVER.COM/privkey.pem;
    location / {
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;" always;
        client_max_body_size 0;
        proxy_pass http://YOUR-SERVER'S-INTERNAL-IP;
        proxy_redirect http:// https://;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto "https";
    }
}

With such setup (which can perfectly fine happen in a Docker container instead of a natively installed NGINX, termination is done on the internet-facng NGINX, and all other (app specific) handling is done in containers’ NGINX (or any webservice). The internet-facng NGINX handles multiple domains and routes each of them to a corresponding app container (containing a more or less complete linux system in case of my lxc so it rather feels like virtualization than real app containers as you did build using Docker).

Sorry, but I cannot help you any further.

Copaxy · June 5, 2021, 9:29am

nursoda:

Frankly I don’t know. I never used docker nor a proxy within. But I see from your nginx docker-compose, that you use this image: jc21/nginx-proxy-manager:latest. And as far as I can tell that’s some proxy with a graphical user interface. I cannot tell what you’d have to do in that container nor what happens on your host.

You should sketch your networks and bindings graphically, and try to understand each component: How is your host connected to the internet? Directly? Is the nginx container taking these internet connections? It is terminating TLS? That would be official:443->ngnx->app:80. If so, you need to configure something like proxy_redirect http:// https://; in your nginx container, either using variables or the GUI.

For me it was easier to use the host-natively installed NGINX as pure app router that terminates TLS and forwards traffic unencryptedly to the containers. The example config suffices to contact the server but needs the additional statements below for the header rewrites, and one to omit the default file size / upload limit.
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name YOUR.SERVER.COM;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    ssl_certificate /etc/letsencrypt/live/YOUR.SERVER.COM/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/YOUR.SERVER.COM/privkey.pem;
    location / {
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;" always;
        client_max_body_size 0;
        proxy_pass http://YOUR-SERVER'S-INTERNAL-IP;
        proxy_redirect http:// https://;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto "https";
    }
}
With such setup (which can perfectly fine happen in a Docker container instead of a natively installed NGINX, termination is done on the internet-facng NGINX, and all other (app specific) handling is done in containers’ NGINX (or any webservice). The internet-facng NGINX handles multiple domains and routes each of them to a corresponding app container (containing a more or less complete linux system in case of my lxc so it rather feels like virtualization than real app containers as you did build using Docker).

Sorry, but I cannot help you any further.

Ahh okey now i get a idea what you mean. Yeah i slowly understand what you mean by your setup and how mine is different. I also now understand what you mean with the proxy stuff.
Thank you for helping me and give me that much help
i guess now i just have to understand my system how what works with what and who and add the missing configure for https. I think i can work with that.

I will keep things updated here if i can find a solution. Maybe i just overlooked something.

Copaxy · June 6, 2021, 7:29pm

Okey one Problem is solved now. I had to go in my nginx UI and go under proxy hosts to my subdomain i foreward, then past in these lines:

location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }

Then the problem was solved. I guess i also could have done it by directly pasting it in the config file for my forwarding under my dockercontainer folder in the folder proxy_host with the config files inside. Edit them with nano and then put this under location{

Thanks to all who helped me