Nextcloud and CalDAV

nextcloud
v7

(Dan) #1

NethServer Version: 7.6
Module: nethserver-nextcloud

I’m scratching my head trying to figure out how to get the .well-known/caldav and related paths to redirect to Nextcloud, so that certain clients (specifically, the calendar app on macOS) can use the Nextcloud calendar. Their documentation says to create a root-level .htaccess file that looks like this:

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule ^/\.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
  RewriteRule ^/\.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json [QSA,L]
  RewriteRule ^/\.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
  RewriteRule ^/\.well-known/carddav /nextcloud/remote.php/dav/ [R=301,L]
  RewriteRule ^/\.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L]
</IfModule>

Created that file, but no dice–Nextcloud still reports, " Your web server is not properly set up to resolve “/.well-known/caldav”. Further information can be found in the documentation." So I figured that AllowOverride was disabled, and I’d need to add these changes to the appropriate template fragment.

I copied /etc/e-smith/templates/etc/httpd/conf.d/default-virtualhost.inc/40nextcloud into templates-custom, and put the relevant lines in there as follows:

#
# 40nextcloud
#
RewriteEngine On
RewriteCond %\{HTTPS\} !=on
RewriteRule ^/nextcloud(/.*)?$  https://%\{HTTP_HOST\}/nextcloud$1  [L,R=301]

  RewriteRule ^/\.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
  RewriteRule ^/\.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json [QSA,L]
  RewriteRule ^/\.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
  RewriteRule ^/\.well-known/carddav /nextcloud/remote.php/dav/ [R=301,L]
  RewriteRule ^/\.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L]
Redirect 301 /ocm-provider /nextcloud/ocm-provider
Redirect 301 /ocs-provider /nextcloud/ocs-provider

Did signal-event nethserver-httpd-update, but Nextcloud is still reporting the same error. curl https://mydomain/.well-known/caldav returns a 404. I’m obviously missing something basic–any ideas?


Help with resolving Nextcloud warning - Your web server is not properly set up to resolve "/.well-known/carddav and caldav
Help with resolving Nextcloud warning - Your web server is not properly set up to resolve "/.well-known/carddav and caldav
(Dan) #2

bump.


(Rob Bosch) #3

@support_team any ideas?


(Dan) #4

@dev_team? Anyone? Is Nextcloud really this much of a second-class citizen?


(Davide Principi) #5

IIRC we discussed a similar topic in the past:

We could set up man 8 alternatives or as you proposed implement a switch with a prop to decide what web application controls the rendez-vous vhost alias “/.well-known/something”.

Let’s continue that discussion…


(Dan) #6

It’s not the same as was raised there, but is definitely related. And it’s comments in that thread like this:

that make me say the devs are treating Nextcloud like a second-class citizen in this regard. And the mention of:

…still hasn’t happened five months later. As of now, there’s no supported/documented way to make Nextcloud work the way it’s supposed to. I’m happy to document it if I can figure out how to do it, but Apache config changes that seem like they should do what I need, don’t, and the server logs don’t seem to be helping track down what’s going on. Where do I look from here?


#7

@danb35 is it just macos your issue is with? I have calendars working in ios.


(Dan) #8

Yes, it’s with macOS–they work fine in iOS and Android. macOS appears to need the .well-known paths to go to the right place, and as yet I haven’t been able to make that happen.


(Dan) #9

Well, perhaps some progress, but still stuck. There was a conflicting (albeit undocumented–the docs discuss config settings for ActiveSync, but not for DAV) configuration setting for sogo, even though I’d expect the default virtualhost would be parsed first.

Is there any way to increase the verbosity of the access log, or otherwise figure out what Apache’s actually trying to serve in response to the request? This is all I’m seeing there:

172.69.210.24 - - [11/Apr/2019:06:26:18 -0400] "GET /.well-known/caldav HTTP/1.1" 404 216 "-" "curl/7.54.0"

And the output from curl:

$ curl https://www.familybrown.org/.well-known/caldav
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /.well-known/caldav was not found on this server.</p>
</body></html>

(Markus Neuberger) #10

I added the following at the end of /etc/httpd/conf.d/zz_nextcloud.conf and restarted httpd and it seems to work (at least with curl and in the Nextcloud admin check).

Redirect 301 /.well-known/host-meta /nextcloud/public.php?service=host-meta
Redirect 301 /.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json
Redirect 301 /.well-known/webfinger /nextcloud/public.php?service=webfinger
Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav/
Redirect 301 /.well-known/caldav /nextcloud/remote.php/dav/

(Dan) #11

Thanks for the pointer, I’ll have to try it once I get home.

Edit: Confirmed, this is working–at least to the point of getting rid of the error on the admin page. macOS calendar still isn’t working, though–might need to head over there to see what’s up.

Edit 2: I just tried replacing the Redirect 301 lines in zz_nextcloud.conf with the RewriteRule lines recommended in the Nextcloud docs–and after that, it’s back to not working at all. Not sure why this is, but I’m wondering if the difference has anything to do with the macOS calendar not working (perhaps it doesn’t follow 301 redirects?).


(Markus Neuberger) #12

SoGO and Webtop use “Redirect” too for caldav/carddav but I never tested macOS calendar.

According to the Nextcloud docs it should work.


(Dan) #13

Yep, and those are the instructions I’m following. Caveat that on a Neth installation, the “username” in the server path will be the UUID, but you can get that out of the Nextcloud web GUI. But this is what I get when I try it:

image

access_log isn’t very helpful:

172.69.210.24 - - [11/Apr/2019:18:47:44 -0400] "PROPFIND /remote.php/dav/principals/users/9ea222d8-a9c4-1037-923c-01a044b2ff54/ HTTP/1.1" 404 16 "-" "Mac+OS+X/10.12.6 (16G1918) CalendarAgent/386"

OTOH, error_log has an interesting-looking entry:

[Thu Apr 11 18:47:44.717204 2019] [proxy_fcgi:error] [pid 4397] [client 172.69.210.24:44302] AH01071: Got error 'Primary script unknown\n'

Makes it look like some kind of PHP error, but I don’t see any separate log files for PHP–would they be somewhere other than /var/log/?


(Markus Neuberger) #14

I don’t use macOS but I tested with Thunderbird now and I had to enter a specific calendar url like the personal calendar for admin:

https://testserver.domain.local/nextcloud/remote.php/dav/calendars/admin/personal/

Are you sure you need the UUID? In browser it works with usernames.


(Dan) #15

Thunderbird works just fine, but (according to the Nextcloud docs), the URL/path is different for the macOS calendar. Fortunately, that path is exposed through the Nextcloud UI:
image

The Nextcloud calendar works just fine with iOS without any redirects at all, but I haven’t yet been able to get it working with macOS.


(Markus Neuberger) #16

You’re right, I only tried with Nextcloud admin and for admin the username is used, users have the UUID in the url.

From your screenshot server path “/nextcloud” could be missing before “/remote.php…” like /nextcloud/remote.php/dav/calendars/16aaa022-f0fd-1038-84e1-a75662eb7fc8/personal/


(Dan) #17

Bingo. I had it in the “server address” box, and /remote.php... in the “server path” box. Changing the “server path” to /nextcloud/remote.php/... lets it log in, and the calendar items appear on the macOS calendar. Perfect.

So, how to write this up? I’m thinking a custom template fragment (maybe 15dav for zz_nextcloud.conf) with logic adding those redirects if {nextcloud}{Dav} = "enabled". Better would be to make sure that {webtop}{Dav} or ${sogod}{Dav} aren’t also enabled.


(Markus Neuberger) #18

Did you test if it works without the redirect?

If not a custom template should do it. I don’t think you need to respect webtop and sogo in a custom template.


(Dan) #19

Not as such, but it’d be a good stepping stone to a PR for the nethserver-nextcloud package.

Yes, and it doesn’t unfortunately. iOS calendar works just fine, but macOS doesn’t. I don’t know why macOS needs the .well-known paths to work if you’re entering the full path to Nextcloud, but it appears that it does.


(Markus Neuberger) #20

That’s true.