Nextcloud with Cal/Cardav routing

Hello everyone,
i'm trying to set up the correct routing for Cal/Cardav, but unfortunately there is still something wrong with the Traefik configuration. Everything works except Cal/Cardav.

  • The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips
  • Your web server is not properly set up to resolve "/.well-known/caldav". Further information can be found in the documentation.
  • Your web server is not properly set up to resolve "/.well-known/carddav". Further information can be found in the documentation.
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.entrypoints=http"
      - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.example.com`)"
      - "traefik.http.routers.nextcloud.middlewares=nextcloud-https-redirect,nextcloud-dav"
      - "traefik.http.routers.nextcloud-secure.entrypoints=https"
      - "traefik.http.routers.nextcloud-secure.rule=Host(`nextcloud.example.com`)"
      - "traefik.http.routers.nextcloud-secure.tls=true"
      - "traefik.http.routers.nextcloud-secure.tls.certresolver=http"
      - "traefik.http.routers.nextcloud-secure.service=nextcloud"
      - "traefik.http.middlewares.nextcloud-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
      - "traefik.docker.network=proxy"
      - "traefik.http.middlewares.nextcloud-dav.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
      - "traefik.http.middlewares.nextcloud-dav.redirectregex.replacement=https://$$1/remote.php/dav/"
      - "traefik.http.middlewares.nextcloud-dav.redirectregex.permanent=true"
    networks:

Hi,

i think, your middleware "nextcloud-dav" is in the wrong router, it should be in the router nextcloud-secure,
not nextcloud.

These are my headers:

- "traefik.http.middlewares.nc-header.headers.referrerPolicy=no-referrer"
- "traefik.http.middlewares.nc-header.headers.stsSeconds=31536000"
- "traefik.http.middlewares.nc-header.headers.forceSTSHeader=true"
- "traefik.http.middlewares.nc-header.headers.stsPreload=true"
- "traefik.http.middlewares.nc-header.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.nc-header.headers.browserXssFilter=true"
- "traefik.http.middlewares.nc-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
- "traefik.http.routers.nextcloud-secure.middlewares=nextcloud-rep,nc-header"

I hope i could help.

1 Like

Thank you! I was able to fix it. All errors are gone :slight_smile:

    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      - "traefik.http.middlewares.nextcloud-https.redirectscheme.scheme=https"
      - "traefik.http.routers.nextcloud-http.entrypoints=http"
      - "traefik.http.routers.nextcloud-http.rule=Host(`nextcloud.duckdns.org`)"
      - "traefik.http.routers.nextcloud-http.middlewares=nextcloud-https@docker"
      - "traefik.http.routers.nextcloud.entrypoints=https"
      - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.duckdns.org`)"
      - "traefik.http.routers.nextcloud.tls=true"
      - "traefik.http.routers.nextcloud.tls.certresolver=http"
      - "traefik.http.routers.nextcloud.middlewares=nextcloud-dav,secHeaders@file"
      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
      - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
      - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/"

Traefik dynamic.yml

http:
  middlewares:
    secHeaders:
      headers:
        browserXssFilter: true
        contentTypeNosniff: true
        frameDeny: true
        sslRedirect: true
        #HSTS Configuration
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 31536000
        customFrameOptionsValue: "SAMEORIGIN"

    https-redirect:
      redirectScheme:
        scheme: https
1 Like

Great :+1:

Could you show us your complete docker-compose.yml? I have still some problems with nextcloud:
The reverse proxy header configuration is incorrect, or you are accessing Nextcloud from a trusted proxy

Ok, i still have this message, although i adjusted the nextcloud config.php (i think) correctly. trusted_proxy wants to know the IP address of the traefik interface

'trusted_proxies' => array ('172.19.0.1'),
'forwarded-for-headers' => array ('HTTP_X_FORWARDED_FOR'),

docker network inspect *your-traefik-proxy-network* --format='{{(index .IPAM.Config 0).Gateway}}'

I still see this error, also with 172.31.0.1 as trusted proxy.

1 Like

Can someone please help. Im searching for tree hours now....

Got nextcloud issue with not properly set up to resolve "/.well-known/cal and carddav" and HTTP header is not set to at least "15552000"

when i change
- "traefik.http.routers.nextcloud-app.middlewares=nextcloud-dav"
to
- "traefik.http.routers.nextcloud-app-secure.middlewares=nextcloud-dav"

The nextcloud website does not load.

These are my labels:

  - "traefik.enable=true"
  - "traefik.http.routers.nextcloud-app.entrypoints=web-secure"
  - "traefik.http.routers.nextcloud-app.rule=Host(`cloud.hostname.de`)"
  - "traefik.http.middlewares.nextcloud-dav.redirectscheme.scheme=https"
  - "traefik.http.routers.nextcloud-app.middlewares=nextcloud-dav"
  - "traefik.http.routers.nextcloud-app-secure.entrypoints=web-secure"
  - "traefik.http.routers.nextcloud-app-secure.rule=Host(`cloud.hostname.de`)"
  - "traefik.http.routers.nextcloud-app-secure.tls=true"
  - "traefik.http.routers.nextcloud-app-secure.tls.certresolver=default"
  - "traefik.http.routers.nextcloud-app-secure.service=nextcloud-app"
  - "traefik.http.services.nextcloud-app.loadbalancer.server.port=80"
  - "traefik.docker.network=traefik"
  - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
  - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/"
  - "traefik.http.middlewares.nextcloud-dav.headers.stsincludesubdomains=false"
  - "traefik.http.middlewares.nextcloud-dav.headers.stspreload=true"
  - "traefik.http.middlewares.nextcloud-dav.headers.stsseconds=31536000"
  - "traefik.http.middlewares.nextcloud-dav.headers.isdevelopment=false"

i do not have a traefik dynamic.yml. is this my mistake?

Try changing

  - "traefik.http.routers.nextcloud-app.entrypoints=web-secure"
  - "traefik.http.routers.nextcloud-app.rule=Host(`cloud.hostname.de`)"
  - "traefik.http.middlewares.nextcloud-dav.redirectscheme.scheme=https"
  - "traefik.http.routers.nextcloud-app.middlewares=nextcloud-dav"

to

  - "traefik.http.routers.nextcloud-app.entrypoints=web"
  - "traefik.http.routers.nextcloud-app.rule=Host(`cloud.hostname.de`)"
  - "traefik.http.middlewares.nextcloud-redirect.redirectscheme.scheme=https"
  - "traefik.http.routers.nextcloud-app.middlewares=nextcloud-redirect"

I think you listen on the wrong entrypoint for redirect and add the redirect-to-https middleware to the same name middleware you use with web-secure for headers.


Now there are even more errors.

I think i have way too much labels. What can i delete?

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.