/.well-known/webfinger

Hi Schmu!

My .htacces in root-folder /var/www/html is:

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} DavClnt
RewriteRule ^$ /remote.php/webdav/ [L,R=302]
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteRule ^.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
RewriteRule ^.well-known/host-meta.json /nextcloud/public.php?service=host-meta-json [QSA,L]
RewriteRule ^.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
RewriteRule ^.well-known/carddav /nextcloud/remote.php/dav/ [R=301,L]
RewriteRule ^.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L]

RewriteRule ^remote/(.) remote.php [QSA,L]
RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.
- [R=404,L]
RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.*
RewriteRule ^(?:.|autotest|occ|issue|indie|db_|console).* - [R=404,L]

(I copied that part from .htacces in /nextcloud and added my subfolder.)

Behaviour:

https://my.domain/.well-known/webfinger points to “internal server error”, showing my ip and ePdJOv0lhZvy37wAU5cI

https://my.domain/nextcloud/public.php?service=webfinger gives me “missing resource” on blank screen

https://my.domain/.well-known/carddav points to https://my.domain/nextcloud/remote.php/dav/ and “This is the WebDAV interface. It can only be accessed by WebDAV clients such as the Nextcloud desktop sync client.” on blank screen.

Thank you!

Just to get more background information:

  1. your server is running fine apart from that error message?
  2. you see this error message in the logs and in the admin overview only?

Do you actually need the social app? Does the app work right now?

  1. yes, it does (as far as i can see) and
  2. yes, in data/nextcloud.log and the admin-panel.

I actually don’t need the app (but i’d like to).
Right now, i can post, but i cant follow other fediverse-instances. If i try, my log shows a error message as mentioned in my first post. (and of course the instance i wanted to follow shows a error message).

Thanks.

I searched a bit now and stumbled across this github issue:

You could try the commands daita posted:
[…]what do you have when opening
https://your.domain.tld/.well-known/webfinger?resource=acct:YOUR-USERNAME@your.domain.tld

And check the reachability from your server it self via command line command:
curl -H "Accept: application/ld+json" -X GET https://your.domain.tld/nextcloud/apps/social/@YOUR-USERNAME/

.well-known needs to be at the root:

https://your.domain.tld/.well-known/[...]

Ah, sorry. Changed that. Thanks for the hint!

Hello,

https://your.domain.tld/.well-known/webfinger?resource=acct:YOUR-USERNAME@your.domain.tld
also gives me an internal server error (as mentioned in 3)

curl -H “Accept: application/ld+json” -X GET https://your.domain.tld/nextcloud/apps/social/@YOUR-USERNAME/ gives me this (i cleared my domain and account):

{"@context":[“https://www.w3.org/ns/activitystreams"],“id”:“https://my.domain/nextcloud/index.php/apps/social/@acct”,“type”:“Person”,“url”:“https://my.domain/nextcloud/index.php/apps/social/@acct”,“icon”:{“id”:“https://my.domain/nextcloud/index.php/documents/avatar/bb837e45-965d-4dd7-b3e5-82b2dc401490”,“type”:“Image”,“url”:“https://my.domain/nextcloud/index.php/avatar/acct/128”,“mediaType”:"",“mimeType”:"",“localCopy”:“avatar”},“local”:true,“aliases”:["@acct",“users/acct”],“preferredUsername”:“acct”,“name”:"",“inbox”:“https://my.domain/nextcloud/index.php/apps/social/@acct/inbox”,“outbox”:“https://my.domain/nextcloud/index.php/apps/social/@acct/outbox”,“account”:“acct@my.domain”,“following”:“https://my.domain/nextcloud/index.php/apps/social/@acct/following”,“followers”:“https://my.domain/nextcloud/index.php/apps/social/@acct/followers”,“endpoints”:{“sharedInbox”:“https://my.domain/nextcloud/index.php/apps/social/inbox”},“publicKey”:{“id”:“https://my.domain/nextcloud/index.php/apps/social/@acct#main-key”,“owner”:“https://my.domain/nextcloud/index.php/apps/social/@acct”,“publicKeyPem”:"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnT9+E2kKkuyy95ZaCVy5\nSxO9R2zazjTj6KqZ5oPnTYuALFmJNbyb8wywS8rsik+wJdHXPsC0QOpBFXx7kRl7\nrtxlgHzkObwEetVPmbi3O+Th6KLPeNoLit2wyJAyBFsaNtzGqiLnG8P6D4KNKQMJ\nD/I+NMBC8g8OgUeZMgR7234yZy8oZ0m+X/av8hdpzqVrnWFsIELkLc6g4Zq5RrSS\nUfqG8gDOggvg5XQs5FG3/luUy96Egp/PaDmYRpS0FT0eM7a8MTTQSRKXA75VPI+b\nR44KpUG/jI7fjel5tdCeRgE9Wy+Cm9OEbcAQMF0PeHaD2M7n2JuA9Kkj4/5lZH7y\ndwIDAQAB\n-----END PUBLIC KEY-----\n”}}

(Looks quite similar to dabbills.)

We will release v0.1.2 of the app today or tomorrow which might fix your issue.

1 Like

Okay, then i will wait.
Thank you all for your immediate support!

/.well-know/webfinger … the google web finger ?? :rofl:

Unfortunately, the update to v0.1.2 did not solve the issue.

I noticed another strange behaviour: sometimes my admin-panel tells me, /.well-known/caldav+carddav were not properly setup up. one minute later, they are.

Hm.

I do have a similar issuesince I moved my NC instances behind a HaProxy instance. The SSL handling is done by HaProxy and the request is internall forwarded over http. When the page then requests /caldav then NC responds with a 301 redirect to a http URL instead of a https URL. I wonder how I could force NC to always use https URLs when it builds redirect responses like this.

If Nextcloud is sitting behind a proxy you need to set overwriteprotocol in config.php like:
'overwriteprotocol' => 'https',

I do have that, but still the redirect locations are coming without them.

Hmm… after thinking a bit longer about it, I think this is a webserver issue. Because the redirects to the /.well-known URLs are handled by .htaccess files (if you are using apache) or by the nginx configuration (if you are using nginx).
With nginx configuration I could help. Which webserver are you using?

Good point, that’s it. I’m using Apache and will sort that one out and report back about how I got it resolved.

Here is how it works in .htaccess:

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT}  DavClnt
  RewriteRule ^$         https://%{SERVER_NAME}/remote.php/webdav/          [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/host-meta https://%{SERVER_NAME}/public.php?service=host-meta [QSA,L]
  RewriteRule ^\.well-known/host-meta\.json https://%{SERVER_NAME}/public.php?service=host-meta-json [QSA,L]
  RewriteRule ^\.well-known/webfinger https://%{SERVER_NAME}/public.php?service=webfinger [QSA,L]
  RewriteRule ^\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) https://%{SERVER_NAME}/remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.*
  RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>

Probably not the most elegant solution but it’s working.

1 Like

Hello jurgenhaas and Bernie_O,

i tried the same on my .htaccess and now the error-messages in admin-panel are gone, redirection works; thank you!

But i still can’t follow other fediverse-instances and get a missing resource on blank screen (as above in 3 and 8) for app/social.

I will follow the issues on https://github.com/nextcloud/social/issues/ as it now seems to be an issue of app/social.

Thank you all. (Do i have to close this issue, an if so: how?)

did some test using a subfolder for the installation of nextcloud, can confirm it works.

I just had to put generate a .htaccess file at the root of the webfolder:

RewriteEngine on
RewriteRule ^\.well-known/webfinger https://test.pontapreta.net/nextcloud/public.php?service=webfinger [QSA,L]

It is not the cleanest solution as it does some redirection and this should be hidden with some proxy stuff, but it works™

For those using nginx try this in /sites-available/…
location = /.well-known/webfinger {
rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
}

1 Like