Hello everyone,
i'm trying to set up the correct routing for Cal/Cardav, but unfortunately there is still something wrong with the Traefik configuration. Everything works except Cal/Cardav.
- The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips
- Your web server is not properly set up to resolve "/.well-known/caldav". Further information can be found in the documentation.
- Your web server is not properly set up to resolve "/.well-known/carddav". Further information can be found in the documentation.
labels:
- "traefik.enable=true"
- "traefik.http.routers.nextcloud.entrypoints=http"
- "traefik.http.routers.nextcloud.rule=Host(`nextcloud.example.com`)"
- "traefik.http.routers.nextcloud.middlewares=nextcloud-https-redirect,nextcloud-dav"
- "traefik.http.routers.nextcloud-secure.entrypoints=https"
- "traefik.http.routers.nextcloud-secure.rule=Host(`nextcloud.example.com`)"
- "traefik.http.routers.nextcloud-secure.tls=true"
- "traefik.http.routers.nextcloud-secure.tls.certresolver=http"
- "traefik.http.routers.nextcloud-secure.service=nextcloud"
- "traefik.http.middlewares.nextcloud-https-redirect.redirectscheme.scheme=https"
- "traefik.http.services.nextcloud.loadbalancer.server.port=80"
- "traefik.docker.network=proxy"
- "traefik.http.middlewares.nextcloud-dav.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
- "traefik.http.middlewares.nextcloud-dav.redirectregex.replacement=https://$$1/remote.php/dav/"
- "traefik.http.middlewares.nextcloud-dav.redirectregex.permanent=true"
networks:
Hi,
i think, your middleware "nextcloud-dav" is in the wrong router, it should be in the router nextcloud-secure,
not nextcloud.
These are my headers:
- "traefik.http.middlewares.nc-header.headers.referrerPolicy=no-referrer"
- "traefik.http.middlewares.nc-header.headers.stsSeconds=31536000"
- "traefik.http.middlewares.nc-header.headers.forceSTSHeader=true"
- "traefik.http.middlewares.nc-header.headers.stsPreload=true"
- "traefik.http.middlewares.nc-header.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.nc-header.headers.browserXssFilter=true"
- "traefik.http.middlewares.nc-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
- "traefik.http.routers.nextcloud-secure.middlewares=nextcloud-rep,nc-header"
I hope i could help.
1 Like
Thank you! I was able to fix it. All errors are gone 
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.middlewares.nextcloud-https.redirectscheme.scheme=https"
- "traefik.http.routers.nextcloud-http.entrypoints=http"
- "traefik.http.routers.nextcloud-http.rule=Host(`nextcloud.duckdns.org`)"
- "traefik.http.routers.nextcloud-http.middlewares=nextcloud-https@docker"
- "traefik.http.routers.nextcloud.entrypoints=https"
- "traefik.http.routers.nextcloud.rule=Host(`nextcloud.duckdns.org`)"
- "traefik.http.routers.nextcloud.tls=true"
- "traefik.http.routers.nextcloud.tls.certresolver=http"
- "traefik.http.routers.nextcloud.middlewares=nextcloud-dav,secHeaders@file"
- "traefik.http.services.nextcloud.loadbalancer.server.port=80"
- "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
- "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/"
Traefik dynamic.yml
http:
middlewares:
secHeaders:
headers:
browserXssFilter: true
contentTypeNosniff: true
frameDeny: true
sslRedirect: true
#HSTS Configuration
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
customFrameOptionsValue: "SAMEORIGIN"
https-redirect:
redirectScheme:
scheme: https
Great 
Could you show us your complete docker-compose.yml? I have still some problems with nextcloud:
The reverse proxy header configuration is incorrect, or you are accessing Nextcloud from a trusted proxy
Ok, i still have this message, although i adjusted the nextcloud config.php (i think) correctly. trusted_proxy wants to know the IP address of the traefik interface
'trusted_proxies' => array ('172.19.0.1'),
'forwarded-for-headers' => array ('HTTP_X_FORWARDED_FOR'),
docker network inspect *your-traefik-proxy-network* --format='{{(index .IPAM.Config 0).Gateway}}'
I still see this error, also with 172.31.0.1 as trusted proxy.
1 Like