You are not logged in.

#1 2023-09-07 07:26:50

drankinatty
Member
From: Nacogdoches, Texas
Registered: 2009-04-24
Posts: 73
Website

Nextcloud warnings "/.well-known/xxx" not resolved by wiki or docs

New Nextcloud 27.0.2 on 6.4.12-arch1-1 Apache/2.4.57 (Unix) OpenSSL/3.1.2 mod_fcgid/2.3.9 PHP/8.1.23. All works except when cache is enabled (see other post). However, any time I visit the admin settings and the status checks run, I get warnings (informational) about:

  Your web server is not properly set up to resolve "/.well-known/webfinger". Further information can be found in the documentation.
  Your web server is not properly set up to resolve "/.well-known/nodeinfo". Further information can be found in the documentation.
  Your web server is not properly set up to resolve "/.well-known/caldav". Further information can be found in the documentation.
  Your web server is not properly set up to resolve "/.well-known/carddav". Further information can be found in the documentation.
  <snip>

I have my install accessible from the /nextcloud directory off the document root.

The wiki and the warning refer to documentation for Nextcloud - Service Discovery where they address the install in /nextcloud on Apache and the documentation says to include the following in the .htaccess file in the document root.

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule ^\.well-known/carddav /nextcloud/remote.php/dav [R=301,L]
  RewriteRule ^\.well-known/caldav /nextcloud/remote.php/dav [R=301,L]
  RewriteRule ^\.well-known/webfinger /nextcloud/index.php/.well-known/webfinger [R=301,L]
  RewriteRule ^\.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo [R=301,L]
</IfModule>

So editing /etc/webapps/nextcloud/.htaccess (which is symlinked from /usr/share/webapps/nextcloud/.htaccess) I've tried adding the rules (now shown commented with only the original contents acive) as:

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT} DavClnt
  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/carddav /nextcloud/remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L]
  # RewriteRule ^\.well-known/webfinger /nextcloud/index.php/.well-known/webfinger [R=301,L]
  # RewriteRule ^\.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo [R=301,L]
  # RewriteRule ^/\.well-known/carddav /nextcloud/remote.php/dav/ [R=301,L]
  # RewriteRule ^/\.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L]
  # RewriteRule ^/\.well-known/webfinger /nextcloud/index.php/.well-known/webfinger [R=301,L]
  # RewriteRule ^/\.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
  RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>

Whether the suggested rules are uncommented or not makes no difference to the nextcloud Admin Settings checks and the same warnings are shown regardless. There is also the question about the existing rules having no leading "/" before the \.well-known/... so I've tried both ways, but am not sure which one is syntactically correct. (makes no difference either way)

I also created a .htaccess file in the actual document root /srv/http/htdocs just to make sure I wasn't misreading the documentation on which file required the addition, but sadly no, that makes no difference either. (file removed)

So how do I resolve these .well-known/xxx warnings?

Last edited by drankinatty (2023-09-07 07:28:18)


David C. Rankin, J.D.,P.E.

Offline

#2 2023-09-08 05:43:06

drankinatty
Member
From: Nacogdoches, Texas
Registered: 2009-04-24
Posts: 73
Website

Re: Nextcloud warnings "/.well-known/xxx" not resolved by wiki or docs

The solution requires editing /etc/httpd/conf/extra/httpd-ssl.conf and before the closing tab of </VirtualHost> at the end, add:

# Nextcloud well-known links
 <IfModule mod_headers.c>
   Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; strict-origin; preload"
   Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav
   Redirect 301 /.well-known/caldav /nextcloud/remote.php/dav
   Redirect 301 /.well-known/webfinger /nextcloud/index.php/.well-known/webfinger
   Redirect 301 /.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo
 </IfModule>

(the Strict-Transport-Security can also be set in /etc/httpd/conf/httpd.conf - it just solves another of the Admin warnings you will receive)

This solution was provided by Nextcloud help from Ihr Webserver ist nicht richtig konfiguriert um “/.well-known/irgendwas aufzulösen. from my post there of New Install 27.0.2 on PHP8.1 Archlinux, APCu fails, .well-known warnings. This is a pool solution, so the packager will need to figure out how to do this on a webapp/nextcloud basis.

This has been added to the discussion page of the wiki.


David C. Rankin, J.D.,P.E.

Offline

Board footer

Powered by FluxBB