Unavoidable security & setup warnings with NC 21 update

It’s index.php not public.php. Should be

RewriteRule ^.well-known/webfinger /nextcloud/index.php/.well-known/webfinger [R=301,L]
RewriteRule ^.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo [R=301,L]

1 Like

Do you have AllowOverride All option for your nextcloud directory in httpd.conf file?
Also try to put full server name instead of %{SERVER_NAME}

But these are working in httpd.conf:

Redirect 301 /.well-known/carddav “/nextcloud/remote.php/dav”
Redirect 301 /.well-known/caldav “/nextcloud/remote.php/dav”

Why the other not?

I tried the add the AllowOverride All in httpd.conf and add the lines to .htaccess, but no effect.
I’m confused.

Edit to your actual path.

DocumentRoot "/var/www/html/nextcloud"
<Directory /var/www/html/nextcloud>
  Require all granted
  AllowOverride All

Then .htaccess file inside of nextloud folder will be considered by apache

1 Like

hmm, does not work. the dav redirect is working from httpd.conf. .htaccess is read from nextcloud folder. .htcaccess is read from root too.
So why is this well-known/webfinger and nodeinfo not picked up from public.php?

Double-check the posts above - the nginx config changes for webfinger and nodeinfo use index.php and not public.php

1 Like

@kchan101, I tried index.php too, without luck. And Nextcloud docs say public.php.
Dav is working well, but webfinger and nodeinfo, not.
https://www.mysite.com/.well-known/webfinger brings me to the dashboard of Nextcloud when I set the redirect to index.php. If I set it back to public.php, .well-known/webfinger redirects to:
https://www.mysite.com/nextcloud/.well-known/webfinger.
But still a security warning in Nextcloud settings.

Does anyone with this kind of setup has got it working?

Ubuntu server, Apache, php7.4-fpm, Nextcloud 21 in subdir as conf-available /nextcloud.

The docs only seem to document entries for caldav/carddav. Besides using index.php rather than public.php, the format of the rewrite is also different. I have the following entries which got rid of the warnings:

RewriteRule ^.well-known/carddav /nextcloud/remote.php/dav/ [R=301,L]
RewriteRule ^.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L]
RewriteRule ^.well-known/webfinger /nextcloud/index.php/.well-known/webfinger [R=301,L]
RewriteRule ^.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo [R=301,L]

Don’t forget to also restart httpd.

Can you post the entries you have?

1 Like

I’ve found it here: General troubleshooting — Nextcloud latest Administration Manual latest documentation
and on other Nextcloud decs pages. I will try your suggestion. It differs from the docs in the way that it redirects to .well-known too.

That link is for NC19 documentation. As you’ve already alluded to in a post above, the API changed in NC21.

Yes, it is working now! Thank you so much kchan101! This is the redirect part in my httpd.conf:

Redirect 301 /.well-known/carddav “/nextcloud/remote.php/dav”
Redirect 301 /.well-known/caldav “/nextcloud/remote.php/dav”
Redirect 301 /.well-known/webfinger “/nextcloud/index.php/.well-known/webfinger”
Redirect 301 /.well-known/nodeinfo “/nextcloud/index.php/.well-known/nodeinfo”

Thanks a lot.

3 Likes

What do you think would be entries for nginx then? I tried:

rewrite ^/.well-known/webfinger /index.php?service=webfinger last;
rewrite ^/.well-known/nodeinfo /index.php?service=nodeinfo last;

and

location ^~ /.well-known/webfinger {
        return 301 $scheme://$host/index.php/webfinger;
    }
    
location ^~ /.well-known/nodeinfo {
        return 301 $scheme://$host/index.php/nodeinfo;
    }

with no success :frowning:

Miyamoto has already given above the nginx config in post marked as “Solution”

Otherwise, your second config is missing a path element

location ^~ /.well-known/webfinger {
return 301 $scheme://$host/index.php/.well-known/webfinger;
}

location ^~ /.well-known/nodeinfo {
return 301 $scheme://$host/index.php/.well-known/nodeinfo;
}

Yes I tried his solution with no effect. and just tried yours, some warnings.

Is your install under a nextcloud subdirectory?

Maybe you need

location ^~ /.well-known/webfinger {
return 301 $scheme://$host/nextcloud/index.php/.well-known/webfinger;
}

location ^~ /.well-known/nodeinfo {
return 301 $scheme://$host/nextcloud/index.php/.well-known/nodeinfo;
}

Tried this too. no effect. Funny thing is there is no problem with caldav and carddav with exact same formating.

I’m having the same problems, though with Docker, which for some reason has a different/older nginx.conf.

However, the approved solution (Miyamoto) works as far as nginx redirects are concerned, but https://my.nextcloud.com/index.php/.well-known/nodeinfo ALSO returns 403. I’ve looked elsewhere, and the checks seem to be looking for a HTTP 200. So, something else might be incorrect, but maybe not nginx.

I too am having this same issue. NC 21 on Ubuntu 20.04, proxied through a separate VM running Apache as a reverse proxy. Cannot figure out how to get rid of the webfinger error.

To those of us who are still having problems with “.well-known”:

  1. Do you have Social and/or Federation installed and enabled?
  2. Do you get 403 or 404 when hitting https://my.nextcloud.com/.well-known/i-am-the-wurst ?
  1. Can’t even install social, get an error message about extraction failing. Federation yes, but I tried disabling it and I still get the error message in admin
  2. No, I get a white page that just says: {“message”:“i-am-the-wurst not supported”}

Appears there’s an official issue for this bug too: Security and config warnings · Issue #25753 · nextcloud/server · GitHub