Nextcloud with Cal/Cardav routing

broken.pipe · April 17, 2020, 10:45am

Hello everyone,
i'm trying to set up the correct routing for Cal/Cardav, but unfortunately there is still something wrong with the Traefik configuration. Everything works except Cal/Cardav.

The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips
Your web server is not properly set up to resolve "/.well-known/caldav". Further information can be found in the documentation.
Your web server is not properly set up to resolve "/.well-known/carddav". Further information can be found in the documentation.

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.entrypoints=http"
      - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.example.com`)"
      - "traefik.http.routers.nextcloud.middlewares=nextcloud-https-redirect,nextcloud-dav"
      - "traefik.http.routers.nextcloud-secure.entrypoints=https"
      - "traefik.http.routers.nextcloud-secure.rule=Host(`nextcloud.example.com`)"
      - "traefik.http.routers.nextcloud-secure.tls=true"
      - "traefik.http.routers.nextcloud-secure.tls.certresolver=http"
      - "traefik.http.routers.nextcloud-secure.service=nextcloud"
      - "traefik.http.middlewares.nextcloud-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
      - "traefik.docker.network=proxy"
      - "traefik.http.middlewares.nextcloud-dav.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
      - "traefik.http.middlewares.nextcloud-dav.redirectregex.replacement=https://$$1/remote.php/dav/"
      - "traefik.http.middlewares.nextcloud-dav.redirectregex.permanent=true"
    networks:

mirko3107 · April 18, 2020, 11:48am

Hi,

i think, your middleware "nextcloud-dav" is in the wrong router, it should be in the router nextcloud-secure,
not nextcloud.

These are my headers:

- "traefik.http.middlewares.nc-header.headers.referrerPolicy=no-referrer"
- "traefik.http.middlewares.nc-header.headers.stsSeconds=31536000"
- "traefik.http.middlewares.nc-header.headers.forceSTSHeader=true"
- "traefik.http.middlewares.nc-header.headers.stsPreload=true"
- "traefik.http.middlewares.nc-header.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.nc-header.headers.browserXssFilter=true"
- "traefik.http.middlewares.nc-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
- "traefik.http.routers.nextcloud-secure.middlewares=nextcloud-rep,nc-header"

I hope i could help.

broken.pipe · April 18, 2020, 12:01pm

Thank you! I was able to fix it. All errors are gone

    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      - "traefik.http.middlewares.nextcloud-https.redirectscheme.scheme=https"
      - "traefik.http.routers.nextcloud-http.entrypoints=http"
      - "traefik.http.routers.nextcloud-http.rule=Host(`nextcloud.duckdns.org`)"
      - "traefik.http.routers.nextcloud-http.middlewares=nextcloud-https@docker"
      - "traefik.http.routers.nextcloud.entrypoints=https"
      - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.duckdns.org`)"
      - "traefik.http.routers.nextcloud.tls=true"
      - "traefik.http.routers.nextcloud.tls.certresolver=http"
      - "traefik.http.routers.nextcloud.middlewares=nextcloud-dav,secHeaders@file"
      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
      - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
      - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/"

Traefik dynamic.yml

http:
  middlewares:
    secHeaders:
      headers:
        browserXssFilter: true
        contentTypeNosniff: true
        frameDeny: true
        sslRedirect: true
        #HSTS Configuration
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 31536000
        customFrameOptionsValue: "SAMEORIGIN"

    https-redirect:
      redirectScheme:
        scheme: https

mirko3107 · April 18, 2020, 2:13pm

Great

Could you show us your complete docker-compose.yml? I have still some problems with nextcloud:
The reverse proxy header configuration is incorrect, or you are accessing Nextcloud from a trusted proxy

broken.pipe · April 18, 2020, 3:25pm

Ok, i still have this message, although i adjusted the nextcloud config.php (i think) correctly. trusted_proxy wants to know the IP address of the traefik interface

'trusted_proxies' => array ('172.19.0.1'),
'forwarded-for-headers' => array ('HTTP_X_FORWARDED_FOR'),

docker network inspect *your-traefik-proxy-network* --format='{{(index .IPAM.Config 0).Gateway}}'

mirko3107 · April 18, 2020, 4:08pm

I still see this error, also with 172.31.0.1 as trusted proxy.

sebastian · January 19, 2023, 9:31pm

Can someone please help. Im searching for tree hours now....

Got nextcloud issue with not properly set up to resolve "/.well-known/cal and carddav" and HTTP header is not set to at least "15552000"

when i change
- "traefik.http.routers.nextcloud-app.middlewares=nextcloud-dav"
to
- "traefik.http.routers.nextcloud-app-secure.middlewares=nextcloud-dav"

The nextcloud website does not load.

These are my labels:

  - "traefik.enable=true"
  - "traefik.http.routers.nextcloud-app.entrypoints=web-secure"
  - "traefik.http.routers.nextcloud-app.rule=Host(`cloud.hostname.de`)"
  - "traefik.http.middlewares.nextcloud-dav.redirectscheme.scheme=https"
  - "traefik.http.routers.nextcloud-app.middlewares=nextcloud-dav"
  - "traefik.http.routers.nextcloud-app-secure.entrypoints=web-secure"
  - "traefik.http.routers.nextcloud-app-secure.rule=Host(`cloud.hostname.de`)"
  - "traefik.http.routers.nextcloud-app-secure.tls=true"
  - "traefik.http.routers.nextcloud-app-secure.tls.certresolver=default"
  - "traefik.http.routers.nextcloud-app-secure.service=nextcloud-app"
  - "traefik.http.services.nextcloud-app.loadbalancer.server.port=80"
  - "traefik.docker.network=traefik"
  - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
  - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/"
  - "traefik.http.middlewares.nextcloud-dav.headers.stsincludesubdomains=false"
  - "traefik.http.middlewares.nextcloud-dav.headers.stspreload=true"
  - "traefik.http.middlewares.nextcloud-dav.headers.stsseconds=31536000"
  - "traefik.http.middlewares.nextcloud-dav.headers.isdevelopment=false"

i do not have a traefik dynamic.yml. is this my mistake?

bluepuma77 · January 19, 2023, 10:51pm

Try changing

  - "traefik.http.routers.nextcloud-app.entrypoints=web-secure"
  - "traefik.http.routers.nextcloud-app.rule=Host(`cloud.hostname.de`)"
  - "traefik.http.middlewares.nextcloud-dav.redirectscheme.scheme=https"
  - "traefik.http.routers.nextcloud-app.middlewares=nextcloud-dav"

to

  - "traefik.http.routers.nextcloud-app.entrypoints=web"
  - "traefik.http.routers.nextcloud-app.rule=Host(`cloud.hostname.de`)"
  - "traefik.http.middlewares.nextcloud-redirect.redirectscheme.scheme=https"
  - "traefik.http.routers.nextcloud-app.middlewares=nextcloud-redirect"

I think you listen on the wrong entrypoint for redirect and add the redirect-to-https middleware to the same name middleware you use with web-secure for headers.

sebastian · January 20, 2023, 8:19am

Now there are even more errors.

I think i have way too much labels. What can i delete?

Topic		Replies	Views
Middleware does not exist with nextcloud Traefik v2 docker	5	710	October 26, 2024
Nextcloud behind Traefik2 - how? Traefik v2 docker	2	13508	November 3, 2021
Problem with cyphers and HSTS Traefik v2 docker	0	1711	November 25, 2019
Router not Generated Traefik v2 docker	0	345	February 24, 2021
Nextcloud / Traefik uncooperative (redirecting to https://_/) Traefik v1 docker	2	3065	July 1, 2021

Nextcloud with Cal/Cardav routing

Related topics