Hello everyone,
i'm trying to set up the correct routing for Cal/Cardav, but unfortunately there is still something wrong with the Traefik configuration. Everything works except Cal/Cardav.
The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips
Your web server is not properly set up to resolve "/.well-known/caldav". Further information can be found in the documentation.
Your web server is not properly set up to resolve "/.well-known/carddav". Further information can be found in the documentation.
labels:
- "traefik.enable=true"
- "traefik.http.routers.nextcloud.entrypoints=http"
- "traefik.http.routers.nextcloud.rule=Host(`nextcloud.example.com`)"
- "traefik.http.routers.nextcloud.middlewares=nextcloud-https-redirect,nextcloud-dav"
- "traefik.http.routers.nextcloud-secure.entrypoints=https"
- "traefik.http.routers.nextcloud-secure.rule=Host(`nextcloud.example.com`)"
- "traefik.http.routers.nextcloud-secure.tls=true"
- "traefik.http.routers.nextcloud-secure.tls.certresolver=http"
- "traefik.http.routers.nextcloud-secure.service=nextcloud"
- "traefik.http.middlewares.nextcloud-https-redirect.redirectscheme.scheme=https"
- "traefik.http.services.nextcloud.loadbalancer.server.port=80"
- "traefik.docker.network=proxy"
- "traefik.http.middlewares.nextcloud-dav.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
- "traefik.http.middlewares.nextcloud-dav.redirectregex.replacement=https://$$1/remote.php/dav/"
- "traefik.http.middlewares.nextcloud-dav.redirectregex.permanent=true"
networks:
Hi,
i think, your middleware "nextcloud-dav" is in the wrong router, it should be in the router nextcloud-secure,
not nextcloud.
These are my headers:
- "traefik.http.middlewares.nc-header.headers.referrerPolicy=no-referrer"
- "traefik.http.middlewares.nc-header.headers.stsSeconds=31536000"
- "traefik.http.middlewares.nc-header.headers.forceSTSHeader=true"
- "traefik.http.middlewares.nc-header.headers.stsPreload=true"
- "traefik.http.middlewares.nc-header.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.nc-header.headers.browserXssFilter=true"
- "traefik.http.middlewares.nc-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
- "traefik.http.routers.nextcloud-secure.middlewares=nextcloud-rep,nc-header"
I hope i could help.
1 Like
Thank you! I was able to fix it. All errors are gone
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.middlewares.nextcloud-https.redirectscheme.scheme=https"
- "traefik.http.routers.nextcloud-http.entrypoints=http"
- "traefik.http.routers.nextcloud-http.rule=Host(`nextcloud.duckdns.org`)"
- "traefik.http.routers.nextcloud-http.middlewares=nextcloud-https@docker"
- "traefik.http.routers.nextcloud.entrypoints=https"
- "traefik.http.routers.nextcloud.rule=Host(`nextcloud.duckdns.org`)"
- "traefik.http.routers.nextcloud.tls=true"
- "traefik.http.routers.nextcloud.tls.certresolver=http"
- "traefik.http.routers.nextcloud.middlewares=nextcloud-dav,secHeaders@file"
- "traefik.http.services.nextcloud.loadbalancer.server.port=80"
- "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
- "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/"
Traefik dynamic.yml
http:
middlewares:
secHeaders:
headers:
browserXssFilter: true
contentTypeNosniff: true
frameDeny: true
sslRedirect: true
#HSTS Configuration
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
customFrameOptionsValue: "SAMEORIGIN"
https-redirect:
redirectScheme:
scheme: https
1 Like
Great
Could you show us your complete docker-compose.yml? I have still some problems with nextcloud:
The reverse proxy header configuration is incorrect, or you are accessing Nextcloud from a trusted proxy
Ok, i still have this message, although i adjusted the nextcloud config.php (i think) correctly. trusted_proxy wants to know the IP address of the traefik interface
'trusted_proxies' => array ('172.19.0.1'),
'forwarded-for-headers' => array ('HTTP_X_FORWARDED_FOR'),
docker network inspect *your-traefik-proxy-network* --format='{{(index .IPAM.Config 0).Gateway}}'
I still see this error, also with 172.31.0.1 as trusted proxy.
1 Like
Can someone please help. Im searching for tree hours now....
Got nextcloud issue with not properly set up to resolve "/.well-known/cal and carddav" and HTTP header is not set to at least "15552000"
when i change
- "traefik.http.routers.nextcloud-app.middlewares=nextcloud-dav"
to
- "traefik.http.routers.nextcloud-app-secure.middlewares=nextcloud-dav"
The nextcloud website does not load.
These are my labels:
- "traefik.enable=true"
- "traefik.http.routers.nextcloud-app.entrypoints=web-secure"
- "traefik.http.routers.nextcloud-app.rule=Host(`cloud.hostname.de`)"
- "traefik.http.middlewares.nextcloud-dav.redirectscheme.scheme=https"
- "traefik.http.routers.nextcloud-app.middlewares=nextcloud-dav"
- "traefik.http.routers.nextcloud-app-secure.entrypoints=web-secure"
- "traefik.http.routers.nextcloud-app-secure.rule=Host(`cloud.hostname.de`)"
- "traefik.http.routers.nextcloud-app-secure.tls=true"
- "traefik.http.routers.nextcloud-app-secure.tls.certresolver=default"
- "traefik.http.routers.nextcloud-app-secure.service=nextcloud-app"
- "traefik.http.services.nextcloud-app.loadbalancer.server.port=80"
- "traefik.docker.network=traefik"
- "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
- "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/"
- "traefik.http.middlewares.nextcloud-dav.headers.stsincludesubdomains=false"
- "traefik.http.middlewares.nextcloud-dav.headers.stspreload=true"
- "traefik.http.middlewares.nextcloud-dav.headers.stsseconds=31536000"
- "traefik.http.middlewares.nextcloud-dav.headers.isdevelopment=false"
i do not have a traefik dynamic.yml. is this my mistake?
Try changing
- "traefik.http.routers.nextcloud-app.entrypoints=web-secure"
- "traefik.http.routers.nextcloud-app.rule=Host(`cloud.hostname.de`)"
- "traefik.http.middlewares.nextcloud-dav.redirectscheme.scheme=https"
- "traefik.http.routers.nextcloud-app.middlewares=nextcloud-dav"
to
- "traefik.http.routers.nextcloud-app.entrypoints=web"
- "traefik.http.routers.nextcloud-app.rule=Host(`cloud.hostname.de`)"
- "traefik.http.middlewares.nextcloud-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.nextcloud-app.middlewares=nextcloud-redirect"
I think you listen on the wrong entrypoint for redirect and add the redirect-to-https middleware to the same name middleware you use with web-secure for headers.
Now there are even more errors.
I think i have way too much labels. What can i delete?
system
Closed
January 23, 2023, 8:20am
10
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.