Security and setup warnings after installation

🚧 Installation
1

Hi there:

I just installed nextcloud v26 with lighttpd on my openwrt router(raspberry pi) , most things are working properly except some warnings:

image
image1722×391 32.6 KB

  1. for two warnings below:
  • Your web server is not properly set up to resolve “/.well-known/caldav”.
  • Your web server is not properly set up to resolve “/.well-known/carddav”.

I added the following lines in lighttpd.conf , it removed webfinger and nodeinfo warning but caldav and carddav warnings are still there.

url.rewrite= ("^/\.well-known/carddav" => "/remote.php/dav",
	"^/\.well-known/caldav" => "/remote.php/dav",
	"^/\.well-known/webfinger" => "/index.php/.well-known/webfinger",
	"^/\.well-known/nodeinfo" => "/index.php/.well-known/nodeinfo")

How to remove them?

  1. Webdav seems does not work.
    I copy the link in next cloud:
    image
    but I am not able to connect in Windows 10:
    image

  2. memory cache problem:
    there is no php8-perl-apcu module available for openwrt, but I saw php8-mod-opcache. can I use this module?

  3. sodium warning: I already have php8-pecl-sodium installed but the error won’t go away.

Thanks for any inputs!

2

Go through the logfiles and check what errors you get. There has been some fiddeling around with nginx, so there is a version in the documentation, but not for lighttpd. sabredav seems to support lighttpd (Webservers - sabre/dav), and Nextcloud uses this (or a modified form of it).
And some use it for Nextcloud and shared some experience:
Lighttpd Nextcloud config - #22 by krs

3

Thanks. From the log I can see some errors regarding internet connection. However the internet is connected. I believe this is the root cause:

image
image2686×368 32 KB 

[internet_connection_check] Error: GuzzleHttp\Exception\RequestException: cURL error 61: Unrecognized content encoding type. libcurl understands identity content encodings. (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://nextcloud.com/ at <<closure>>

 0. /opt/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php line 158
    GuzzleHttp\Handler\CurlFactory::createRejection("*** sensitive parameters replaced ***")
 1. /opt/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php line 110
    GuzzleHttp\Handler\CurlFactory::finishError(["GuzzleHttp\\Handler\\CurlHandler"], "*** sensitive parameters replaced ***", ["GuzzleHttp\\Handler\\CurlFactory"])
 2. /opt/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlHandler.php line 47
    GuzzleHttp\Handler\CurlFactory::finish(["GuzzleHttp\\Handler\\CurlHandler"], "*** sensitive parameters replaced ***", ["GuzzleHttp\\Handler\\CurlFactory"])
 3. /opt/nextcloud/lib/private/Http/Client/DnsPinMiddleware.php line 150
    GuzzleHttp\Handler\CurlHandler->__invoke("*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***")
 4. /opt/nextcloud/3rdparty/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php line 35
    OC\Http\Client\DnsPinMiddleware->OC\Http\Client\{closure}("*** sensitive parameters replaced ***")
 5. /opt/nextcloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php line 31
    GuzzleHttp\PrepareBodyMiddleware->__invoke("*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***")
 6. /opt/nextcloud/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php line 71
    GuzzleHttp\Middleware::GuzzleHttp\{closure}("*** sensitive parameters replaced ***")
 7. /opt/nextcloud/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php line 107
    GuzzleHttp\RedirectMiddleware->__invoke("*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***")
 8. /opt/nextcloud/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php line 73
    GuzzleHttp\RedirectMiddleware->checkRedirect("*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***")
 9. /opt/nextcloud/3rdparty/guzzlehttp/promises/src/FulfilledPromise.php line 41
    GuzzleHttp\RedirectMiddleware->GuzzleHttp\{closure}("*** sensitive parameters replaced ***")
10. /opt/nextcloud/3rdparty/guzzlehttp/promises/src/TaskQueue.php line 48
    GuzzleHttp\Promise\FulfilledPromise::GuzzleHttp\Promise\{closure}("*** sensitive parameters replaced ***")
11. /opt/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 248
    GuzzleHttp\Promise\TaskQueue->run(true)
12. /opt/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 224
    GuzzleHttp\Promise\Promise->invokeWaitFn()
13. /opt/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 269
    GuzzleHttp\Promise\Promise->waitIfPending()
14. /opt/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 226
    GuzzleHttp\Promise\Promise->invokeWaitList()
15. /opt/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 62
    GuzzleHttp\Promise\Promise->waitIfPending()
16. /opt/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php line 187
    GuzzleHttp\Promise\Promise->wait()
17. /opt/nextcloud/lib/private/Http/Client/Client.php line 226
    GuzzleHttp\Client->request("get", "http://www.nextcloud.com/", ["/opt/nextcloud ... "])
18. /opt/nextcloud/apps/settings/lib/Controller/CheckSetupController.php line 211
    OC\Http\Client\Client->get("http://www.nextcloud.com/")
19. /opt/nextcloud/apps/settings/lib/Controller/CheckSetupController.php line 193
    OCA\Settings\Controller\CheckSetupController->isSiteReachable("www.nextcloud.com")
20. /opt/nextcloud/apps/settings/lib/Controller/CheckSetupController.php line 876
    OCA\Settings\Controller\CheckSetupController->hasInternetConnectivityProblems()
21. /opt/nextcloud/lib/private/AppFramework/Http/Dispatcher.php line 230
    OCA\Settings\Controller\CheckSetupController->check()
22. /opt/nextcloud/lib/private/AppFramework/Http/Dispatcher.php line 137
    OC\AppFramework\Http\Dispatcher->executeController(["OCA\\Settings\ ... "], "check")
23. /opt/nextcloud/lib/private/AppFramework/App.php line 183
    OC\AppFramework\Http\Dispatcher->dispatch(["OCA\\Settings\ ... "], "check")
24. /opt/nextcloud/lib/private/Route/Router.php line 315
    OC\AppFramework\App::main("OCA\\Settings\\ ... r", "check", ["OC\\AppFramewo ... "], ["settings.CheckSetup.check"])
25. /opt/nextcloud/lib/base.php line 1055
    OC\Route\Router->match("/settings/ajax/checksetup")
26. /opt/nextcloud/index.php line 36
    OC::handleRequest()

GET /index.php/settings/ajax/checksetup
from 192.168.10.28 by admin at 2023-04-17T03:09:01+00:00
4
  1. fixed the first issue by changing ‘gzip’ to ‘identity’ in client.php
$options[RequestOptions::HEADERS]['Accept-Encoding'] = 'gzip';

  1. Now just need to find out what is wrong on webdav

  2. Fixed by using redis for local and distributed cache

  3. Seems no way unless nextcloud developer make change or openwrt compile php with ./configure --with-password-argon2