/.well-known/webfinger

Arrappathor · January 2, 2019, 7:33pm

Hello,

If this is a duplicate please tell me, but/because others seem to have had my/a similar error

But their solution seems not to be mine.

My system is a NC 15 fresh install in subfolder /nextcloud on raspbian stretch with apache2 and app social activated.

I get the following error:

[public] Error: Exception: The requested uri(/.well-known/webfinger) cannot be processed by the script ‘/nextcloud/public.php’) at
0. /var/www/html/nextcloud/lib/private/AppFramework/Http/Request.php line 810
getRawPathInfo()

/var/www/html/nextcloud/public.php line 45
getPathInfo()

/.well-known/webfinger
from XX.XXX.XXX.XXX at 2019-01-02T18:59:24+00:00

Dein Web-Server ist nicht richtig eingerichtet um “/.well-known/webfinger” aufzulösen. Weitere Informationen findest Du in der Dokumentation.

I worked through this
https://docs.nextcloud.com/server/14/go.php?to=admin-setup-well-known-URL
(as mentioned in the admin-panel) and for caldav/carddav the redirecting sends me to the correct dav-url. at least my browser tells my so.
but not for webfinger. No redirecting, just: missing resource.

Any hints?
Thanks in advance!

Schmu · January 3, 2019, 8:07am

Hi,

Could you please post your web server config (the file which covers .well-known/caldav and .well-known/webfinger) so we can check that?
Maybe we see something.

Arrappathor · January 3, 2019, 9:07am

Hi Schmu!

My .htacces in root-folder /var/www/html is:

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} DavClnt
RewriteRule ^$ /remote.php/webdav/ [L,R=302]
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteRule ^.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
RewriteRule ^.well-known/host-meta.json /nextcloud/public.php?service=host-meta-json [QSA,L]
RewriteRule ^.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
RewriteRule ^.well-known/carddav /nextcloud/remote.php/dav/ [R=301,L]
RewriteRule ^.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L]

RewriteRule ^remote/(.) remote.php [QSA,L]
RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/. - [R=404,L]
RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.*
RewriteRule ^(?:.|autotest|occ|issue|indie|db_|console).* - [R=404,L]

(I copied that part from .htacces in /nextcloud and added my subfolder.)

Behaviour:

https://my.domain/.well-known/webfinger points to “internal server error”, showing my ip and ePdJOv0lhZvy37wAU5cI

https://my.domain/nextcloud/public.php?service=webfinger gives me “missing resource” on blank screen

https://my.domain/.well-known/carddav points to https://my.domain/nextcloud/remote.php/dav/ and “This is the WebDAV interface. It can only be accessed by WebDAV clients such as the Nextcloud desktop sync client.” on blank screen.

Thank you!

Schmu · January 3, 2019, 9:37am

Just to get more background information:

your server is running fine apart from that error message?
you see this error message in the logs and in the admin overview only?

Do you actually need the social app? Does the app work right now?

Arrappathor · January 3, 2019, 9:52am

yes, it does (as far as i can see) and
yes, in data/nextcloud.log and the admin-panel.

I actually don’t need the app (but i’d like to).
Right now, i can post, but i cant follow other fediverse-instances. If i try, my log shows a error message as mentioned in my first post. (and of course the instance i wanted to follow shows a error message).

Thanks.

Schmu · January 3, 2019, 10:23am

I searched a bit now and stumbled across this github issue:

You could try the commands daita posted:
[…]what do you have when opening
https://your.domain.tld/.well-known/webfinger?resource=acct:YOUR-USERNAME@your.domain.tld

And check the reachability from your server it self via command line command:
curl -H "Accept: application/ld+json" -X GET https://your.domain.tld/nextcloud/apps/social/@YOUR-USERNAME/

Cult · January 3, 2019, 10:29am

.well-known needs to be at the root:

https://your.domain.tld/.well-known/[...]

Schmu · January 3, 2019, 10:36am

Ah, sorry. Changed that. Thanks for the hint!

Arrappathor · January 3, 2019, 10:53am

Hello,

https://your.domain.tld/.well-known/webfinger?resource=acct:YOUR-USERNAME@your.domain.tld
also gives me an internal server error (as mentioned in 3)

curl -H “Accept: application/ld+json” -X GET https://your.domain.tld/nextcloud/apps/social/@YOUR-USERNAME/ gives me this (i cleared my domain and account):

(Looks quite similar to dabbills.)

Cult · January 3, 2019, 10:55am

We will release v0.1.2 of the app today or tomorrow which might fix your issue.

Arrappathor · January 3, 2019, 10:56am

Okay, then i will wait.
Thank you all for your immediate support!

stratege1401 · January 3, 2019, 2:03pm

/.well-know/webfinger … the google web finger ??

Arrappathor · January 5, 2019, 8:14pm

Unfortunately, the update to v0.1.2 did not solve the issue.

I noticed another strange behaviour: sometimes my admin-panel tells me, /.well-known/caldav+carddav were not properly setup up. one minute later, they are.

Hm.

jurgenhaas · January 6, 2019, 4:10pm

I do have a similar issuesince I moved my NC instances behind a HaProxy instance. The SSL handling is done by HaProxy and the request is internall forwarded over http. When the page then requests /caldav then NC responds with a 301 redirect to a http URL instead of a https URL. I wonder how I could force NC to always use https URLs when it builds redirect responses like this.

Bernie_O · January 6, 2019, 4:38pm

If Nextcloud is sitting behind a proxy you need to set overwriteprotocol in config.php like:
'overwriteprotocol' => 'https',

jurgenhaas · January 6, 2019, 5:02pm

I do have that, but still the redirect locations are coming without them.

Bernie_O · January 6, 2019, 5:05pm

Hmm… after thinking a bit longer about it, I think this is a webserver issue. Because the redirects to the /.well-known URLs are handled by .htaccess files (if you are using apache) or by the nginx configuration (if you are using nginx).
With nginx configuration I could help. Which webserver are you using?

jurgenhaas · January 6, 2019, 5:13pm

Good point, that’s it. I’m using Apache and will sort that one out and report back about how I got it resolved.

jurgenhaas · January 6, 2019, 5:25pm

Here is how it works in .htaccess:

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT}  DavClnt
  RewriteRule ^$         https://%{SERVER_NAME}/remote.php/webdav/          [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/host-meta https://%{SERVER_NAME}/public.php?service=host-meta [QSA,L]
  RewriteRule ^\.well-known/host-meta\.json https://%{SERVER_NAME}/public.php?service=host-meta-json [QSA,L]
  RewriteRule ^\.well-known/webfinger https://%{SERVER_NAME}/public.php?service=webfinger [QSA,L]
  RewriteRule ^\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) https://%{SERVER_NAME}/remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.*
  RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>

Probably not the most elegant solution but it’s working.

Arrappathor · January 7, 2019, 8:02am

Hello jurgenhaas and Bernie_O,

i tried the same on my .htaccess and now the error-messages in admin-panel are gone, redirection works; thank you!

But i still can’t follow other fediverse-instances and get a missing resource on blank screen (as above in 3 and 8) for app/social.

I will follow the issues on https://github.com/nextcloud/social/issues/ as it now seems to be an issue of app/social.

Thank you all. (Do i have to close this issue, an if so: how?)