EDIT
Nextcloud builds its own Webdav implementation, Sabredav.
Could it be the following nginx modules be interfering? --with-http_dav_module --add-module=/var/tmp/nginx-dav-ext-module
Someone knows how should I compile them dynamically? So i'm able to load/unload on runtime per virtual host config?
Thx :)
EDIT END
I’m running Ubuntu server 20.04
on a personal server where I deployed a manual install of Nextcloud
which is up and running properly except for webdav
.
The whole thing is running under nginx 1.19.3
, php-8.0
and FPM
.
Trying to mount nextcloud private directory through davfs:
# mount -t davfs https://drive.example.com/remote.php/dav/files/myuser/ /mnt
Please enter the username to authenticate with server
https:
Username: myuser
Please enter the password to authenticate user myuser with server
https:
Password:
/sbin/mount.davfs: Mounting failed.
Could not authenticate to server: rejected Basic challenge
Nextcloud logs related to the previous mount
command:
{"reqId":"gf8ZgEQVDV7AoHp667YG","level":2,"time":"2022-04-05T17:50:58+00:00","remoteAddr":"x.y.z.w","user":"--","app":"core","method":"OPTIONS","url":"/remote.php/dav/files/myuser/","message":"Login failed: 'myuser' (Remote IP: 'x.y.z.w')","userAgent":"davfs2/1.5.5 neon/0.30.2","version":"23.0.3.2"}
Nginx logs related to the previous mount
command:
# cat /var/log/nginx/nextcloud.log
x.y.z.w drive.example.com - [05/Apr/2022:13:53:31 -0400] "OPTIONS /remote.php/dav/files/myuser/ HTTP/1.1" 401 569 "-" "davfs2/1.5.5 neon/0.30.2" "-" "-"
x.y.z.w drive.example.com myuser [05/Apr/2022:13:53:57 -0400] "OPTIONS /remote.php/dav/files/myuser/ HTTP/1.1" 401 427 "-" "davfs2/1.5.5 neon/0.30.2" "-" "Basic CRYPTED_PASSWORD"
Some irrelevant Ubuntu info:
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.4 LTS
Release: 20.04
Codename: focal
Linux host.example.com 5.4.0-107-generic
Nginx has been downloaded and compiled from source form nginx official repo and through apt:
# apt source nginx
# cd nginx-0.8.54
# edit debian/rules
# dpkg-buildpackage -b nginx
Nginx
version, features and compilation parameters:
nginx version: nginx/1.19.3
built by gcc 9.3.0 (Ubuntu 9.3.0-10ubuntu2)
built with OpenSSL 1.1.1g 21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fdebug-prefix-map=/var/tmp/nginx-1.19.3=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' --add-dynamic-module=/var/tmp/ngx_http_geoip2_module --with-http_geoip_module --with-http_dav_module --add-module=/var/tmp/nginx-dav-ext-module --without-mail_imap_module --without-mail_pop3_module --without-mail_smtp_module --without-http_limit_conn_module --add-module=/var/tmp/incubator-pagespeed-ngx-1.13.35.2-stable/ --add-module=/home/nginx/Tools/openproject/.rbenv/versions/2.6.1//lib/ruby/gems/2.6.0//gems/passenger-6.0.6/src/nginx_module/
PHP
info:
# php8.0 --version
PHP 8.0.15 (cli) (built: Jan 29 2022 07:24:52) ( NTS )
Copyright (c) The PHP Group
Zend Engine v4.0.15, Copyright (c) Zend Technologies
with Zend OPcache v8.0.15, Copyright (c), by Zend Technologies
# php8.0 -m
[PHP Modules]
apcu
bcmath
bz2
calendar
Core
ctype
curl
date
dom
exif
FFI
fileinfo
filter
ftp
gd
gettext
gmp
hash
iconv
igbinary
imagick
intl
json
libxml
mbstring
memcache
mongodb
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
pdo_sqlite
Phar
posix
pspell
readline
redis
Reflection
session
shmop
SimpleXML
soap
sockets
sodium
SPL
sqlite3
standard
sysvmsg
sysvsem
sysvshm
tokenizer
xml
xmlreader
xmlrpc
xmlwriter
xsl
Zend OPcache
zip
zlib
[Zend Modules]
Zend OPcache
Nextcloud
info:
- installed: true
- version: 23.0.3.2
- versionstring: 23.0.3
- edition:
- maintenance: false
- needsDbUpgrade: false
- productname: Nextcloud
- extendedSupport: false
Nginx virtual host file:
cat /etc/nginx/sites-enabled/nextcloud.conf
upstream php-handler {
server unix:/var/run/php/php8.0-fpm.sock;
}
map $arg_v $asset_immutable {
"" "";
default "immutable";
}
server {
listen 80;
listen [::]:80;
server_name drive.foobar.es drive.foobar.com cloud.foobar.es cloud.foobar.com cloud.example.es cloud.example.com cloud.example.net cloud.example.org cloud.example.info drive.example.es drive.example.com drive.example.org drive.example.net drive.example.info drive.example.cat cloud.example.cat;
access_log /var/log/nginx/nextcloud.access.log main;
error_log /var/log/nginx/nextcloud.error.log crit;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name drive.foobar.es drive.foobar.com cloud.foobar.es cloud.foobar.com cloud.example.es cloud.example.com cloud.example.net cloud.example.org cloud.example.info drive.example.es drive.example.com drive.example.org drive.example.net drive.example.info drive.example.cat cloud.example.cat;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/nginx/conf.d-enabled/ssl-security.conf;
ssl_trusted_certificate /etc/letsencrypt/live/example.es/cert.pem;
access_log /var/log/nginx/nextcloud_ssl.access.log main;
error_log /var/log/nginx/nextcloud_ssl.error.log crit;
include /etc/nginx/snippets/letsencrypt-cert-renewal-dir.conf;
if ($http_host != "drive.example.com" ) {
rewrite ^ https://drive.example.com$request_uri permanent;
break;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ^~ /.well-known {
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
return 301 /index.php$request_uri;
}
client_max_body_size 50G;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
client_body_temp_path /home/nginx/Tools/nextcloud_data/tmp/;
fastcgi_param PHP_VALUE "upload_tmp_dir=/home/nginx/Tools/nextcloud_data/tmp/;";
fastcgi_param PHP_VALUE "output_buffering=0;";
add_header X-Accel-Buffering no;
fastcgi_param PHP_VALUE "upload_max_filesize=50G;";
fastcgi_param PHP_VALUE "post_max_size=50G;";
fastcgi_param PHP_VALUE "max_input_time=4600;";
fastcgi_param PHP_VALUE "max_execution_time=3600;";
fastcgi_param PHP_VALUE "request_terminate_timeout=3600;";
fastcgi_read_timeout 3600;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
pagespeed off;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
fastcgi_hide_header X-Powered-By;
root /home/nginx/Tools/nextcloud/;
index index.php index.html /index.php$request_uri;
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
location ~ \.php(?:$|/) {
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}
location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
access_log off;
location ~ \.wasm$ {
default_type application/wasm;
}
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d;
access_log off;
}
location = /data/htaccesstest.txt {
allow all;
log_not_found off;
access_log off;
}
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}
Nginx SSL config file included in nginx virtual host config file
:
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
ssl_prefer_server_ciphers on;
ssl_protocols SSLv3 TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
resolver 8.8.8.8 8.8.4.4;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
fastcgi.conf fastcgi_params fastcgi_params.dpkg-dist
root@we:~
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_param GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code;
fastcgi_param GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3;
fastcgi_param GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name;
fastcgi_param GEOIP_REGION $geoip_region;
fastcgi_param GEOIP_CITY $geoip_city;
fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
fastcgi_param GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code;
fastcgi_param GEOIP_LATITUDE $geoip_latitude;
fastcgi_param GEOIP_LONGITUDE $geoip_longitude;
Thanks you so much in advanced.
Hope someone can help :)