Nextcloud Admin Settings > Security & setup warnings
-
@nebulon said in Nextcloud Admin Settings > Security & setup warnings:
@jdaviescoates have you tried to curl those paths?
Nope.
But sounds like perhaps something like the .htaccess code @vladimir-d shared should be added to the package?
@jdaviescoates one issue with this is, that this file may have been changed by the user as well as it gets rewritten by nextcloud if needed, like from a plugin. So I am not sure what a solid migration path would be.
For a start though, I don't quite understand what the expected paths should be and if that is the correct place to patch those up. At least my instance as well as newly installed ones do not face the issue while not having those htaccess changes. So something is still missing in the puzzle.
-
My
/app/data/htaccessis a bit different:<IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_USER_AGENT} DavClnt RewriteRule ^$ /remote.php/webdav/ [L,R=302] RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L] RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L] RewriteRule ^\.well-known/carddav https://%{HTTP_HOST}/remote.php/dav/ [R=301,L] RewriteRule ^\.well-known/caldav https://%{HTTP_HOST}/remote.php/dav/ [R=301,L] RewriteRule ^remote/(.*) remote.php [QSA,L] RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L] RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.* RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L] </IfModule> -
just a random guess, but perhaps you aren't using Nextcloud Talk @girish ?
I do and pretty sure @marcusquinn does too.
-
My
/app/data/htaccessis a bit different:<IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_USER_AGENT} DavClnt RewriteRule ^$ /remote.php/webdav/ [L,R=302] RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L] RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L] RewriteRule ^\.well-known/carddav https://%{HTTP_HOST}/remote.php/dav/ [R=301,L] RewriteRule ^\.well-known/caldav https://%{HTTP_HOST}/remote.php/dav/ [R=301,L] RewriteRule ^remote/(.*) remote.php [QSA,L] RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L] RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.* RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L] </IfModule>@girish Looks like you done have those lines to edit, so maybe they are put there by an add-on:
- RewriteRule ^\.well-known/webfinger /public.php?service=webfinger [QSA,L] - RewriteRule ^\.well-known/nodeinfo /public.php?service=nodeinfo [QSA,L] -
just a random guess, but perhaps you aren't using Nextcloud Talk @girish ?
I do and pretty sure @marcusquinn does too.
@jdaviescoates We are. Recommend it too, much simpler and more integrated than Rocket.Chat. Call quality is great with it too.
Web Design https://www.evergreen.je
Development https://brandlight.org
Life https://marcusquinn.com -
just a random guess, but perhaps you aren't using Nextcloud Talk @girish ?
I do and pretty sure @marcusquinn does too.
@jdaviescoates said in Nextcloud Admin Settings > Security & setup warnings:
just a random guess, but perhaps you aren't using Nextcloud Talk @girish ?
Indeed, we don't. We use Jitsi
So, maybe some migration within nextcloud is not patching htaccess correctly. -
@jdaviescoates We are. Recommend it too, much simpler and more integrated than Rocket.Chat. Call quality is great with it too.
@marcusquinn said in Nextcloud Admin Settings > Security & setup warnings:
Call quality is great with it too.
Yeah generally fine with 2-3 people in my experience. Haven't really had the opportunity or need to try it with large groups yet.
But, out of interest, have you got the Talk High Performance Back End set-up too?
-
@marcusquinn said in Nextcloud Admin Settings > Security & setup warnings:
Call quality is great with it too.
Yeah generally fine with 2-3 people in my experience. Haven't really had the opportunity or need to try it with large groups yet.
But, out of interest, have you got the Talk High Performance Back End set-up too?
@jdaviescoates Yes, although we don't use it for large meetings, just 1-2-1 calls and chat. It needs a small patch for over 100 users to allow for status updates, but otherwise a very happy solution that users like for its just-works simplicity. It's really become a self-hosted alternative to Signal. Recommended!
-
We sorted this issue by amending
/app/data/htaccess(/app/code/.htaccess) as follows:<IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_USER_AGENT} DavClnt RewriteRule ^$ /remote.php/webdav/ [L,R=302] RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L] RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L] - RewriteRule ^\.well-known/webfinger /public.php?service=webfinger [QSA,L] - RewriteRule ^\.well-known/nodeinfo /public.php?service=nodeinfo [QSA,L] + RewriteRule ^/\.well-known/webfinger /index.php/.well-known/webfinger [R=301,L] + RewriteRule ^/\.well-known/nodeinfo /index.php/.well-known/nodeinfo [R=301,L] RewriteRule ^\.well-known/carddav https://%{HTTP_HOST}/remote.php/dav/ [R=301,L] RewriteRule ^\.well-known/caldav https://%{HTTP_HOST}/remote.php/dav/ [R=301,L] RewriteRule ^remote/(.*) remote.php [QSA,L] RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L] RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.* RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L] </IfModule>@vladimir-d said in Nextcloud Admin Settings > Security & setup warnings:
We sorted this issue by amending
/app/data/htaccess(/app/code/.htaccess) as follows:<IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_USER_AGENT} DavClnt RewriteRule ^$ /remote.php/webdav/ [L,R=302] RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L] RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L] - RewriteRule ^\.well-known/webfinger /public.php?service=webfinger [QSA,L] - RewriteRule ^\.well-known/nodeinfo /public.php?service=nodeinfo [QSA,L] + RewriteRule ^/\.well-known/webfinger /index.php/.well-known/webfinger [R=301,L] + RewriteRule ^/\.well-known/nodeinfo /index.php/.well-known/nodeinfo [R=301,L] RewriteRule ^\.well-known/carddav https://%{HTTP_HOST}/remote.php/dav/ [R=301,L] RewriteRule ^\.well-known/caldav https://%{HTTP_HOST}/remote.php/dav/ [R=301,L] RewriteRule ^remote/(.*) remote.php [QSA,L] RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L] RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.* RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L] </IfModule>That worked for me too.
I wonder what caused it though. I have another install of Nextcloud that also has Nextcloud Talk installed and that htaccess has no mention of webfinger, so it must be something else
