server {
listen 127.0.0.1:82;
server_name 127.0.0.1;
# Add headers to serve security related headers
# Use ‘proxy_set_header’ (not ‘add_header’) as the headers have to be passed through a proxy.
proxy_set_header Strict-Transport-Security “max-age=15768000; includeSubDomains; always;”;
proxy_set_header X-Content-Type-Options “nosniff; always;”;
proxy_set_header X-XSS-Protection “1; mode=block; always;”;
proxy_set_header X-Robots-Tag none;
proxy_set_header X-Download-Options noopen;
proxy_set_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /var/www;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you’re planning to use this app. #rewrite ^/.well-known/host-meta /nextcloud/public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json /nextcloud/public.php?service=host-meta-json last;
location = /nextcloud/.well-known/carddav {
return 301 $scheme://$host/nextcloud/remote.php/dav;
}
location = /nextcloud/.well-known/caldav {
return 301 $scheme://$host/nextcloud/remote.php/dav;
}
location /.well-known/acme-challenge { }
location ^~ /nextcloud {
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported. #pagespeed off;
location /nextcloud {
rewrite ^ /nextcloud/index.php$uri;
}
location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/nextcloud/(?:.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34]).php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
# Important: disable HTTPS, otherwise no log in will be possible! #fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
# Raise timeout values.
# This is especially important when the Nextcloud setup runs into timeouts (504 gateway errors)
fastcgi_read_timeout 600;
fastcgi_send_timeout 600;
fastcgi_connect_timeout 600;
fastcgi_request_buffering off;
# Pass PHP variables directly to PHP.
# This is usually done in the php.ini. For more flexibility, these variables are configured in the nginx config.
# All the PHP parameters have to be set in one fastcgi_param. When using more ‘fastcgi_param PHP_VALUE’ directives, the last one will override all the others.
fastcgi_param PHP_VALUE “open_basedir=/var/www:/tmp/:/var/nextcloud_data:/dev/urandom:/proc/meminfo
upload_max_filesize = 10G
post_max_size = 10G
max_execution_time = 3600
output_buffering = off”;
# Make sure that the real IP of the remote host is passed to PHP.
fastcgi_param REMOTE_ADDR $http_x_real_ip;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* .(?:css|js|woff2?|svg|gif)$ {
try_files $uri /nextcloud/index.php$uri$is_args$args;
proxy_set_header Cache-Control “public, max-age=15778463”;
# Add headers to serve security related headers
# Again use ‘proxy_set_header’ (not ‘add_header’) as the headers have to be passed through a proxy.
proxy_set_header Strict-Transport-Security “max-age=15768000; includeSubDomains; preload;”;
proxy_set_header X-Content-Type-Options nosniff; #proxy_set_header X-Frame-Options “SAMEORIGIN”;
proxy_set_header X-XSS-Protection “1; mode=block”;
proxy_set_header X-Robots-Tag none;
proxy_set_header X-Download-Options noopen;
proxy_set_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don’t log access to assets
access_log off;
}
location ~* .(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /nextcloud/index.php$uri$is_args$args;
# Optional: Don’t log access to other assets
access_log off;
}
}
}
Adding anything to your .htacces won’t help if you have NC installed in a subdir
Hello. Could you explain why? Cause Nextcloud installation manual says it should work in .htacces by adding subfolder to all paths (in my case it is /var/www/nextcloud). But you’re right - for me, it is also doesn’t work.
Uhmmm… And the warning about the ocm-provider is really the only warning you see in the admin panel?? There are quite some things wrong and others are not good for security reasons.
For the ocm-provider message to disappear, this line:
@Azimoth and other nginx users from this thread: could you please also synchronize your nginx configuration with the one from the link and report back, if it is working then?
Don’t forget to reload the nginx configuration after changing it with:
What would these error messages cause? What exactly does it mean if the install can’t find ocs or ocm providers? I’ve had the well-know caldav and carddav warnings since day one and have calendars and contacts syncing correctly on every device I use inside and outside of my network, iOS, Android, Windows, and MacOS. Are we searching for a problem which doesn’t actually exist apart from a couple of error messages?
Regarding the ocs-|ocm-provider: as long as you don’t use the ocs-|ocm-api this is true. It may be used by client software like the mobile apps or apps within Nextcloud. So those might not work properly if the api can’t be found.
In the apache.conf and in sites-available
Redirect 301 /ocm-provider/ /nextcloud/ocm-provider/
Redirect 301 /ocs-provider/ /nextcloud/ocs-provider/
In the apache.conf and in sites-available
Alias /ocm-provider “/var/www/nextcloud/ocm-provider/”
Alias /ocs-provider “/var/www/nextcloud/ocs-provider/”
RewriteEngine on
RewriteRule ^/ocm-provider /nextcloud/ocm-provider/ [R=301,L]
RewriteRule ^/ocs-provider /nextcloud/ocs-provider/ [R=301,L]
I’M using:
Ubuntu 18.04
Apache2
and my Nextcloud is 15.05 - in the folder /var/www/nextcloud
Thank you Bernie_O. I just use full links to the Nextcloud CalDav and CardDav servers as I have always done with other such servers. I use xxxx.synology.me:XXXX/nextcloud/remote.php/dav/principals/users/xxxx and that picks up both my addressbooks and calendars on all devices both inside and outside of my network. Not sure why it is necessary to do anything more - or have it flagged as an error should you wish not to bother with auto-discovery.
I have gone back to Nextcloud version 15.0.4 for now. Given that the ocs and ocm issue hasn’t occurred before (I’ve upgraded my install several times) I’m hoping the Nextcloud guys will sort it for the next update.
I found a solution! To set up NC I followed this guide
and the author updated the config files to deal with these warnings.
It turns out, I was in the “wrong” config file. @Bernie_O’s solution works, but it has (in this case) to be inserted in the config of the gateway host, not the virtual host’s config.
How did you setup Nextcloud? Are you running Nextcloud behind a reverse proxy? Can you post a link to your output of nginx -T (don‘t Post it entirely here, because it will be a lot of text!).
Adding
Redirect 301 /ocm-provider/ /nextcloud/ocm-provider/
Redirect 301 /ocs-provider/ /nextcloud/ocs-provider/
to the end of /etc/apache2/sites-available/nextcloud.conf and restarting apache2 (service apache2 restart) worked for me!
A .htaccess file only affects the directory it’s placed in as well as all subdirs. Hence adding any options to the .htaccess in your subdir won’t affect any requests outside that folder (e.g. /ocm-provider).
@zamarax do you have a .htaccess in your webroot possibly overwriting your virtualhost.conf?
