Your web server is not properly set up to resolve "/ocm-provider/"

server {
listen 127.0.0.1:82;
server_name 127.0.0.1;
# Add headers to serve security related headers
# Use ‘proxy_set_header’ (not ‘add_header’) as the headers have to be passed through a proxy.
proxy_set_header Strict-Transport-Security “max-age=15768000; includeSubDomains; always;”;
proxy_set_header X-Content-Type-Options “nosniff; always;”;
proxy_set_header X-XSS-Protection “1; mode=block; always;”;
proxy_set_header X-Robots-Tag none;
proxy_set_header X-Download-Options noopen;
proxy_set_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /var/www;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you’re planning to use this app.
#rewrite ^/.well-known/host-meta /nextcloud/public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /nextcloud/public.php?service=host-meta-json last;
location = /nextcloud/.well-known/carddav {
return 301 $scheme://$host/nextcloud/remote.php/dav;
}
location = /nextcloud/.well-known/caldav {
return 301 $scheme://$host/nextcloud/remote.php/dav;
}
location /.well-known/acme-challenge { }

location ~ ^/(?:ocm-provider|ocs-provider).* {
rewrite ^ /nextcloud$request_uri;
}

location ^~ /nextcloud {
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location /nextcloud {
rewrite ^ /nextcloud/index.php$uri;
}
location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/nextcloud/(?:.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34]).php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
# Important: disable HTTPS, otherwise no log in will be possible!
#fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
# Raise timeout values.
# This is especially important when the Nextcloud setup runs into timeouts (504 gateway errors)
fastcgi_read_timeout 600;
fastcgi_send_timeout 600;
fastcgi_connect_timeout 600;
fastcgi_request_buffering off;
# Pass PHP variables directly to PHP.
# This is usually done in the php.ini. For more flexibility, these variables are configured in the nginx config.
# All the PHP parameters have to be set in one fastcgi_param. When using more ‘fastcgi_param PHP_VALUE’ directives, the last one will override all the others.
fastcgi_param PHP_VALUE “open_basedir=/var/www:/tmp/:/var/nextcloud_data:/dev/urandom:/proc/meminfo
upload_max_filesize = 10G
post_max_size = 10G
max_execution_time = 3600
output_buffering = off”;
# Make sure that the real IP of the remote host is passed to PHP.
fastcgi_param REMOTE_ADDR $http_x_real_ip;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* .(?:css|js|woff2?|svg|gif)$ {
try_files $uri /nextcloud/index.php$uri$is_args$args;
proxy_set_header Cache-Control “public, max-age=15778463”;
# Add headers to serve security related headers
# Again use ‘proxy_set_header’ (not ‘add_header’) as the headers have to be passed through a proxy.
proxy_set_header Strict-Transport-Security “max-age=15768000; includeSubDomains; preload;”;
proxy_set_header X-Content-Type-Options nosniff;
#proxy_set_header X-Frame-Options “SAMEORIGIN”;
proxy_set_header X-XSS-Protection “1; mode=block”;
proxy_set_header X-Robots-Tag none;
proxy_set_header X-Download-Options noopen;
proxy_set_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don’t log access to assets
access_log off;
}
location ~* .(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /nextcloud/index.php$uri$is_args$args;
# Optional: Don’t log access to other assets
access_log off;
}
}
}

Adding anything to your .htacces won’t help if you have NC installed in a subdir

Hello. Could you explain why? Cause Nextcloud installation manual says it should work in .htacces by adding subfolder to all paths (in my case it is /var/www/nextcloud). But you’re right - for me, it is also doesn’t work.

    location /.well-known/acme-challenge { }

    location ~ ^\/(?:ocm-provider|ocs-provider).* {
        rewrite ^ /nextcloud$request_uri;
    }

    location ^~ /nextcloud {

The warnings still persist. My config is surprisingly similar to @space01, I assume, we followed the same guide.

Uhmmm… And the warning about the ocm-provider is really the only warning you see in the admin panel?? There are quite some things wrong and others are not good for security reasons.

For the ocm-provider message to disappear, this line:

needs to be changed to:

location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|ocm-provider\/.+)\.php(?:$|\/) {

As well there is a complete location block missing.

Like the warning in the admin panel, I also suggest to synchronize your configuration with the one from the official documentation for running nginx in a subdir of webroot: https://docs.nextcloud.com/server/stable/admin_manual/installation/nginx.html#nextcloud-in-a-subdir-of-nginx

@Azimoth and other nginx users from this thread: could you please also synchronize your nginx configuration with the one from the link and report back, if it is working then?

Don’t forget to reload the nginx configuration after changing it with:

nginx -s reload

What would these error messages cause? What exactly does it mean if the install can’t find ocs or ocm providers? I’ve had the well-know caldav and carddav warnings since day one and have calendars and contacts syncing correctly on every device I use inside and outside of my network, iOS, Android, Windows, and MacOS. Are we searching for a problem which doesn’t actually exist apart from a couple of error messages?

Regarding the ocs-|ocm-provider: as long as you don’t use the ocs-|ocm-api this is true. It may be used by client software like the mobile apps or apps within Nextcloud. So those might not work properly if the api can’t be found.

The well-known redirects aka service-discovery are very helpful, if it comes to synchronising with Apple-devices.
See here: https://docs.nextcloud.com/server/14/admin_manual/issues/general_troubleshooting.html#service-discovery
and here: NC13: caldav + macos/ios issue, android works

Hi Pleas help me the error persists after trying:

In the apache.conf and in sites-available
Redirect 301 /ocm-provider/ /nextcloud/ocm-provider/
Redirect 301 /ocs-provider/ /nextcloud/ocs-provider/

In the apache.conf and in sites-available
Alias /ocm-provider “/var/www/nextcloud/ocm-provider/”
Alias /ocs-provider “/var/www/nextcloud/ocs-provider/”

RewriteEngine on RewriteRule ^/ocm-provider /nextcloud/ocm-provider/ [R=301,L] RewriteRule ^/ocs-provider /nextcloud/ocs-provider/ [R=301,L]

I’M using:
Ubuntu 18.04
Apache2
and my Nextcloud is 15.05 - in the folder /var/www/nextcloud

Please HELP!

Thank you Bernie_O. I just use full links to the Nextcloud CalDav and CardDav servers as I have always done with other such servers. I use xxxx.synology.me:XXXX/nextcloud/remote.php/dav/principals/users/xxxx and that picks up both my addressbooks and calendars on all devices both inside and outside of my network. Not sure why it is necessary to do anything more - or have it flagged as an error should you wish not to bother with auto-discovery.

I have gone back to Nextcloud version 15.0.4 for now. Given that the ocs and ocm issue hasn’t occurred before (I’ve upgraded my install several times) I’m hoping the Nextcloud guys will sort it for the next update.

could you please also synchronize your nginx configuration with the one from the link and report back, if it is working then?

Not really, as this breaks my setup with letsencrypt. :frowning:

These are the only warnings, besides the hint that one should update beyond php7.0, which is not included in Debian Stretch repos.

The solution of @m4ntic0r did not change things either…

I found a solution! To set up NC I followed this guide

and the author updated the config files to deal with these warnings.

It turns out, I was in the “wrong” config file. @Bernie_O’s solution works, but it has (in this case) to be inserted in the config of the gateway host, not the virtual host’s config.

Thanks for your help anyways!

Both solution (nginx) from Azimoth and Bernie_O works for me. The warnings are gone. Thanks a lot.

Hi Bernie_O,

I configured my NC following your link, and I have the nextcloud.conf file configured properly as you wrote, but the problem persists.

Any other idea please?
Thank you.
Omar

How did you setup Nextcloud? Are you running Nextcloud behind a reverse proxy? Can you post a link to your output of nginx -T (don‘t Post it entirely here, because it will be a lot of text!).

Hi Bernie_O,

Thank you for your prompt reply.

Here below some output lines from the command “nginx -T”.

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

configuration file /etc/nginx/nginx.conf:

user www-data;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
server_names_hash_bucket_size 64;
upstream php-handler {
server unix:/run/php/php7.3-fpm.sock;
}
set_real_ip_from 127.0.0.1;
set_real_ip_from 192.168.1.0/24;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
include /etc/nginx/mime.types;
#include /etc/nginx/proxy.conf;
include /etc/nginx/ssl.conf;
include /etc/nginx/header.conf;
include /etc/nginx/optimization.conf;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] “$request” ’
'$status $body_bytes_sent “$http_referer” ’
'"$http_user_agent" “$http_x_forwarded_for” ’
'"$host" sn="$server_name" ’
'rt=$request_time ’
'ua="$upstream_addr" us="$upstream_status" ’
'ut="$upstream_response_time" ul="$upstream_response_length" ’
‘cs=$upstream_cache_status’ ;
access_log /var/log/nginx/access.log main;
sendfile on;
send_timeout 3600;
tcp_nopush on;
tcp_nodelay on;
open_file_cache max=500 inactive=10m;
open_file_cache_errors on;
keepalive_timeout 65;
reset_timedout_connection on;
server_tokens off;
resolver 208.67.222.222 208.67.220.220 valid=30s;
resolver_timeout 5s;
include /etc/nginx/conf.d/*.conf;
}

configuration file /etc/nginx/conf.d/nextcloud.conf:

server {
listen 80;
listen [::]:80;
server_name <my_fqdn>;
# enforce https
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name <my_fqdn>;

# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings below might be redundant
ssl_certificate /etc/letsencrypt/live/<my_fqdn>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<my_fqdn>/privkey.pem;

# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;

# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;

# Path to the root of your installation
root /var/www/;

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
# rewrite ^/.well-known/host-meta /nextcloud/public.php?service=host-meta
# last;
#rewrite ^/.well-known/host-meta.json
# /nextcloud/public.php?service=host-meta-json last;

# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
# rewrite ^/.well-known/webfinger /nextcloud/public.php?service=webfinger last;

location = /.well-known/carddav {
    return 301 $scheme://$host/nextcloud/remote.php/dav;
}

location = /.well-known/caldav {
    return 301 $scheme://$host/nextcloud/remote.php/dav;
}

location /.well-known/acme-challenge { }

location ~ ^/(?:ocm-provider|ocs-provider).* {
    rewrite ^ /nextcloud$request_uri;
}

location ^~ /nextcloud {

    # set max upload size
    client_max_body_size 10240M;
    # turns out the optimization conf already set the fast buffer size so I just nixed that from my conf
    #fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    location /nextcloud {
        rewrite ^ /nextcloud/index.php$request_uri;
    }

    location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
        deny all;
    }

    location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|ocm-provider\/.+)\.php(?:$|\/) {
        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^\/nextcloud\/(?:ocs-provider|ocm-provider)(?:$|\/) {
        return 301 $scheme://$host/nextcloud/ocs-provider/;
        return 301 $scheme://$host/nextcloud/ocm-provider/;
        #return 301 https://$server_name$request_uri;
        try_files $uri/ =404;
        index index.php;
    }

    location ~ ^\/nextcloud\/(?:updater|ocs-provider|ocm-provider)(?:$|\/) {
        try_files $uri/ =404;
        index index.php;
    }

I am quite sure it could be improved to avoid the error message :slight_smile:

Thank you again.
Best Regards,
Omar

Delete that block entirely:

It is wrong and doomed to fail (requests for oc(m|s)-provider.* get always redirected to /nextcloud/ocs-provider/$)!

Hi Bernie_O,

Following your last suggestion, I no longer have the error message. Great! :grinning:

Thank you so much.
Best Regards,
Omar

1 Like

Adding
Redirect 301 /ocm-provider/ /nextcloud/ocm-provider/
Redirect 301 /ocs-provider/ /nextcloud/ocs-provider/
to the end of /etc/apache2/sites-available/nextcloud.conf and restarting apache2 (service apache2 restart) worked for me!

Thanks!

1 Like

Was anyone able to find a real solution on Apache2? I tried both the rewrite rule and redirect rule and still the error persists.

A .htaccess file only affects the directory it’s placed in as well as all subdirs. Hence adding any options to the .htaccess in your subdir won’t affect any requests outside that folder (e.g. /ocm-provider).

@zamarax do you have a .htaccess in your webroot possibly overwriting your virtualhost.conf?

Given that the issue occurs for those of us who have Nextcloud installed in a subdirectory of our root web, why didn’t this work?

I did this as root on my Synology NAS:

mkdir /volume1/web/ocs-providers
mount --bind /volume1/web/nextcloud/ocs-providers /volume1/web/ocs-providers

I did the same with ocm-providers

volume1 is where everything lives on a Synology NAS with one volume.

It made no difference. Why?