1. The problem I’m having:
Hi everyone, hope all is well. I ran into an issue in Nextcloud. In my admin overview I only have these two issues.
- Your web server is not properly set up to resolve “/.well-known/webfinger”.
- Your web server is not properly set up to resolve “/.well-known/nodeinfo”.
It happened when I was added new configs for the forbidden everything was perfect. Then i saw a new redir webfinger from the link below thought i needed it. I added it in and it triggered the error. I tried everything from restoring from proxmox backup, removing the webfinger config in caddy, adding rewrites in the /var/www/html/.htcaccess
no dice.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^/\.well-known/carddav /nextcloud/remote.php/dav [R=301,L]
RewriteRule ^/\.well-known/caldav /nextcloud/remote.php/dav [R=301,L]
RewriteRule ^/\.well-known/webfinger /nextcloud/index.php/.well-known/webfinger [R=301,L]
RewriteRule ^/\.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo [R=301,L]
</IfModule>
3. Caddy version: 2.7.6
4. How I installed and ran Caddy: Docker/Portainer
a. Compose file:
version: "3.8"
services:
caddy:
image: caddy:latest
container_name: caddy
restart: unless-stopped
ports:
- 80:80
- 443:443
- 443:443/udp
volumes:
- /home/ubuntu/docker/caddy/Caddyfile:/etc/caddy/Caddyfile
- /home/ubuntu/docker/caddy/site:/srv
- /home/ubuntu/docker/caddy/caddy_data:/data
- /home/ubuntu/docker/caddy/caddy_config:/config
labels:
- com.centurylinklabs.watchtower.monitor-only=true
networks:
- dmz
networks:
dmz:
external: true
b. My complete Caddy config:
example.com {
reverse_proxy 192.168.0.1:8040
root * /var/www/html
file_server
encode zstd gzip
redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
redir /.well-known/webfinger /public.php?service=webfinger 301
php_fastcgi 127.0.0.1:2019 {
}
header {
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security max-age=31536000;
# keep referrer data off of HTTP connections
Referrer-Policy no-referrer-when-downgrade
}
# .htaccess / data / config / ... shouldn't be accessible from outside
@forbidden {
path /.htaccess
path /data/*
path /config/*
path /db_structure
path /.xml
path /README
path /3rdparty/*
path /lib/*
path /templates/*
path /occ
path /console.php
}
handle @forbidden {
respond 404
}
}
5. Links to relevant resources:
I added this line from @ arvigeus caddy config and its was tiggered the issue.
redir /.well-known/webfinger /public.php?service=webfinger 301