/.well-known/webfinger

I searched a bit now and stumbled across this github issue:

You could try the commands daita posted:
[…]what do you have when opening
https://your.domain.tld/.well-known/webfinger?resource=acct:YOUR-USERNAME@your.domain.tld

And check the reachability from your server it self via command line command:
curl -H "Accept: application/ld+json" -X GET https://your.domain.tld/nextcloud/apps/social/@YOUR-USERNAME/

.well-known needs to be at the root:

https://your.domain.tld/.well-known/[...]

Ah, sorry. Changed that. Thanks for the hint!

Hello,

https://your.domain.tld/.well-known/webfinger?resource=acct:YOUR-USERNAME@your.domain.tld
also gives me an internal server error (as mentioned in 3)

curl -H “Accept: application/ld+json” -X GET https://your.domain.tld/nextcloud/apps/social/@YOUR-USERNAME/ gives me this (i cleared my domain and account):

{"@context":[“https://www.w3.org/ns/activitystreams"],“id”:“https://my.domain/nextcloud/index.php/apps/social/@acct”,“type”:“Person”,“url”:“https://my.domain/nextcloud/index.php/apps/social/@acct”,“icon”:{“id”:“https://my.domain/nextcloud/index.php/documents/avatar/bb837e45-965d-4dd7-b3e5-82b2dc401490”,“type”:“Image”,“url”:“https://my.domain/nextcloud/index.php/avatar/acct/128”,“mediaType”:"",“mimeType”:"",“localCopy”:“avatar”},“local”:true,“aliases”:["@acct",“users/acct”],“preferredUsername”:“acct”,“name”:"",“inbox”:“https://my.domain/nextcloud/index.php/apps/social/@acct/inbox”,“outbox”:“https://my.domain/nextcloud/index.php/apps/social/@acct/outbox”,“account”:“acct@my.domain”,“following”:“https://my.domain/nextcloud/index.php/apps/social/@acct/following”,“followers”:“https://my.domain/nextcloud/index.php/apps/social/@acct/followers”,“endpoints”:{“sharedInbox”:“https://my.domain/nextcloud/index.php/apps/social/inbox”},“publicKey”:{“id”:“https://my.domain/nextcloud/index.php/apps/social/@acct#main-key”,“owner”:“https://my.domain/nextcloud/index.php/apps/social/@acct”,“publicKeyPem”:"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnT9+E2kKkuyy95ZaCVy5\nSxO9R2zazjTj6KqZ5oPnTYuALFmJNbyb8wywS8rsik+wJdHXPsC0QOpBFXx7kRl7\nrtxlgHzkObwEetVPmbi3O+Th6KLPeNoLit2wyJAyBFsaNtzGqiLnG8P6D4KNKQMJ\nD/I+NMBC8g8OgUeZMgR7234yZy8oZ0m+X/av8hdpzqVrnWFsIELkLc6g4Zq5RrSS\nUfqG8gDOggvg5XQs5FG3/luUy96Egp/PaDmYRpS0FT0eM7a8MTTQSRKXA75VPI+b\nR44KpUG/jI7fjel5tdCeRgE9Wy+Cm9OEbcAQMF0PeHaD2M7n2JuA9Kkj4/5lZH7y\ndwIDAQAB\n-----END PUBLIC KEY-----\n”}}

(Looks quite similar to dabbills.)

We will release v0.1.2 of the app today or tomorrow which might fix your issue.

1 Like

Okay, then i will wait.
Thank you all for your immediate support!

/.well-know/webfinger … the google web finger ?? :rofl:

Unfortunately, the update to v0.1.2 did not solve the issue.

I noticed another strange behaviour: sometimes my admin-panel tells me, /.well-known/caldav+carddav were not properly setup up. one minute later, they are.

Hm.

I do have a similar issuesince I moved my NC instances behind a HaProxy instance. The SSL handling is done by HaProxy and the request is internall forwarded over http. When the page then requests /caldav then NC responds with a 301 redirect to a http URL instead of a https URL. I wonder how I could force NC to always use https URLs when it builds redirect responses like this.

If Nextcloud is sitting behind a proxy you need to set overwriteprotocol in config.php like:
'overwriteprotocol' => 'https',

I do have that, but still the redirect locations are coming without them.

Hmm… after thinking a bit longer about it, I think this is a webserver issue. Because the redirects to the /.well-known URLs are handled by .htaccess files (if you are using apache) or by the nginx configuration (if you are using nginx).
With nginx configuration I could help. Which webserver are you using?

Good point, that’s it. I’m using Apache and will sort that one out and report back about how I got it resolved.

Here is how it works in .htaccess:

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT}  DavClnt
  RewriteRule ^$         https://%{SERVER_NAME}/remote.php/webdav/          [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/host-meta https://%{SERVER_NAME}/public.php?service=host-meta [QSA,L]
  RewriteRule ^\.well-known/host-meta\.json https://%{SERVER_NAME}/public.php?service=host-meta-json [QSA,L]
  RewriteRule ^\.well-known/webfinger https://%{SERVER_NAME}/public.php?service=webfinger [QSA,L]
  RewriteRule ^\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) https://%{SERVER_NAME}/remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.*
  RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>

Probably not the most elegant solution but it’s working.

1 Like

Hello jurgenhaas and Bernie_O,

i tried the same on my .htaccess and now the error-messages in admin-panel are gone, redirection works; thank you!

But i still can’t follow other fediverse-instances and get a missing resource on blank screen (as above in 3 and 8) for app/social.

I will follow the issues on https://github.com/nextcloud/social/issues/ as it now seems to be an issue of app/social.

Thank you all. (Do i have to close this issue, an if so: how?)

did some test using a subfolder for the installation of nextcloud, can confirm it works.

I just had to put generate a .htaccess file at the root of the webfolder:

RewriteEngine on
RewriteRule ^\.well-known/webfinger https://test.pontapreta.net/nextcloud/public.php?service=webfinger [QSA,L]

It is not the cleanest solution as it does some redirection and this should be hidden with some proxy stuff, but it works™

For those using nginx try this in /sites-available/…
location = /.well-known/webfinger {
rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
}

1 Like

Hello all,

I am getting this error and I’ve tried the following settings below but still failing. Could it be because I’m using self-signed certificate?

RewriteRule ^.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
RewriteRule ^.well-known/webfinger https://${SERVER_NAME}/public.php?service=webfinger [QSA,L]

here’s part of my httpd.conf setting:
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
Satisfy Any
Require all granted

Dav off

SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud

that is also my problem.

carddav and caldav work fine

this is my nginx config:

  location = /.well-known/webfinger {
      rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
  }
  location = /.well-known/carddav {
      return 301 /remote.php/dav;
  }
  location = /.well-known/caldav {
      return 301 /remote.php/dav;
  }
  location / {
      include                     snippets.d/proxy_generic;
      proxy_pass                  http://10.77.77.106:8082;
  }

(post withdrawn by author, will be automatically deleted in 48 hours unless flagged)