helm
helm copied to clipboard
nextcloud
Android | DAVx5 autoconfig does not work | PROPFIND |405 Not Allowed
Issue Description:
I am currently deploying NextCloud using the official Helm chart which includes Nginx and PHP-FPM. However, I am facing an issue with the DAVx⁵ app on Android, where it reports a "PropFind method not allowed" error. It seems this issue has been previously documented in other issues, but the provided solutions do not resolve the problem and are not applicable to Kubernetes Ingress setups.
Actual Behavior: When attempting to connect using DAVx⁵, the app encounters an error stating that the PropFind method is not allowed. This indicates a potential misconfiguration in either the Nginx setup or the Kubernetes Ingress rules that restrict HTTP methods essential for DAVx⁵'s operation.
Logs and Errors
Logs from DavX5
2024-04-23 18:08:44 3338 [network.HttpClient] <-- END HTTP (162-byte body)
2024-04-23 18:08:44 3338 [at.bitfire.dav4jvm.DavResource] Redirected, new location = https://nextcloud.domain.org/remote.php/dav
2024-04-23 18:08:44 3338 [network.HttpClient] --> PROPFIND https://nextcloud.domain.org/remote.php/dav h2
2024-04-23 18:08:44 3338 [network.HttpClient] Depth: 0
2024-04-23 18:08:44 3338 [network.HttpClient] User-Agent: DAVx5/4.3.16-gplay (2024/04/14; dav4jvm; okhttp/4.12.0) Android/14
2024-04-23 18:08:44 3338 [network.HttpClient] Accept-Language: en-US, en;q=0.7, *;q=0.5
2024-04-23 18:08:44 3338 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2024-04-23 18:08:44 3338 [network.HttpClient] Content-Length: 198
2024-04-23 18:08:44 3338 [network.HttpClient] Host: nextcloud.domain.org
2024-04-23 18:08:44 3338 [network.HttpClient] Connection: Keep-Alive
2024-04-23 18:08:44 3338 [network.HttpClient] Accept-Encoding: gzip
2024-04-23 18:08:44 3338 [network.HttpClient] Cookie: __Host-nc_sameSiteCookiestrict=true; oc_sessionPassphrase=m9mP9pEbF9zPiMg2Kgt6ghDxtoFqtgmyk7FzV5%2ByWdh47jq5q20laNNZ%2BltR7wQH5wxUu5d6lfYoURfL1E5F%2BQPH3C13Zipc5sSQEiVYGoKyRvi1lXmVEU8Wcu8fIOww; oc4sncy5go9g=902649cb2332def72f7f651f52a27fba; stickounet=1713888525.944.11986.785516|ec59da9da29dd3ab51c3e45939dab7d1; __Host-nc_sameSiteCookielax=true
2024-04-23 18:08:44 3338 [network.HttpClient]
2024-04-23 18:08:44 3338 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind>
2024-04-23 18:08:44 3338 [network.HttpClient] --> END PROPFIND (198-byte body)
2024-04-23 18:08:44 3338 [network.HttpClient] <-- 207 https://nextcloud.domain.org/remote.php/dav (32ms)
2024-04-23 18:08:44 3338 [network.HttpClient] date: Tue, 23 Apr 2024 16:08:45 GMT
2024-04-23 18:08:44 3338 [network.HttpClient] content-type: application/xml; charset=utf-8
2024-04-23 18:08:44 3338 [network.HttpClient] expires: Thu, 19 Nov 1981 08:52:00 GMT
2024-04-23 18:08:44 3338 [network.HttpClient] cache-control: no-store, no-cache, must-revalidate
2024-04-23 18:08:44 3338 [network.HttpClient] pragma: no-cache
2024-04-23 18:08:44 3338 [network.HttpClient] content-security-policy: default-src 'none';
2024-04-23 18:08:44 3338 [network.HttpClient] vary: Brief,Prefer
2024-04-23 18:08:44 3338 [network.HttpClient] dav: 1, 3, extended-mkcol, access-control, calendarserver-principal-property-search, nextcloud-checksum-update, nc-calendar-search, nc-enable-birthday-calendar
2024-04-23 18:08:44 3338 [network.HttpClient] x-request-id: edeqq8Dx40jtfYqMaOG7
2024-04-23 18:08:44 3338 [network.HttpClient] x-debug-token: edeqq8Dx40jtfYqMaOG7
2024-04-23 18:08:44 3338 [network.HttpClient] content-encoding: gzip
2024-04-23 18:08:44 3338 [network.HttpClient] referrer-policy: no-referrer
2024-04-23 18:08:44 3338 [network.HttpClient] x-content-type-options: nosniff
2024-04-23 18:08:44 3338 [network.HttpClient] x-download-options: noopen
2024-04-23 18:08:44 3338 [network.HttpClient] x-frame-options: SAMEORIGIN
2024-04-23 18:08:44 3338 [network.HttpClient] x-permitted-cross-domain-policies: none
2024-04-23 18:08:44 3338 [network.HttpClient] x-robots-tag: noindex, nofollow
2024-04-23 18:08:44 3338 [network.HttpClient] x-xss-protection: 1; mode=block
2024-04-23 18:08:44 3338 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-04-23 18:08:44 3338 [network.HttpClient] access-control-allow-origin: *
2024-04-23 18:08:44 3338 [network.HttpClient] access-control-allow-credentials: true
2024-04-23 18:08:44 3338 [network.HttpClient] access-control-allow-methods: COPY, DELETE, GET, HEAD, MKCOL, MOVE, OPTIONS, PATCH, POST, PROPFIND, PROPPATCH, PUT, REPORT
2024-04-23 18:08:44 3338 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-04-23 18:08:44 3338 [network.HttpClient] access-control-max-age: 1728000
2024-04-23 18:08:44 3338 [network.HttpClient]
2024-04-23 18:08:44 3338 [network.HttpClient] <?xml version="1.0"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:oc="http://owncloud.org/ns" xmlns:nc="http://nextcloud.org/ns"><d:response><d:href>/remote.php/dav/</d:href><d:propstat><d:prop><d:current-user-principal><d:href>/remote.php/dav/principals/users/t81e783b9-3e64-495d-a63a-a7028840bc17/</d:href></d:current-user-principal></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat></d:response></d:multistatus>
2024-04-23 18:08:44 3338 [network.HttpClient] <-- END HTTP (448-byte, 259-gzipped-byte body)
2024-04-23 18:08:44 3338 [servicedetection.DavResourceFinder] Found current-user-principal: https://nextcloud.domain.org/remote.php/dav/principals/users/t81e783b9-3e64-495d-a63a-a7028840bc17/
2024-04-23 18:08:44 3338 [network.HttpClient] --> OPTIONS https://nextcloud.domain.org/remote.php/dav/principals/users/t81e783b9-3e64-495d-a63a-a7028840bc17/ h2
2024-04-23 18:08:44 3338 [network.HttpClient] Content-Length: 0
2024-04-23 18:08:44 3338 [network.HttpClient] Accept-Encoding: identity
2024-04-23 18:08:44 3338 [network.HttpClient] User-Agent: DAVx5/4.3.16-gplay (2024/04/14; dav4jvm; okhttp/4.12.0) Android/14
2024-04-23 18:08:44 3338 [network.HttpClient] Accept-Language: en-US, en;q=0.7, *;q=0.5
2024-04-23 18:08:44 3338 [network.HttpClient] Host: nextcloud.domain.org
2024-04-23 18:08:44 3338 [network.HttpClient] Connection: Keep-Alive
2024-04-23 18:08:44 3338 [network.HttpClient] Cookie: __Host-nc_sameSiteCookiestrict=true; oc_sessionPassphrase=m9mP9pEbF9zPiMg2Kgt6ghDxtoFqtgmyk7FzV5%2ByWdh47jq5q20laNNZ%2BltR7wQH5wxUu5d6lfYoURfL1E5F%2BQPH3C13Zipc5sSQEiVYGoKyRvi1lXmVEU8Wcu8fIOww; oc4sncy5go9g=902649cb2332def72f7f651f52a27fba; stickounet=1713888525.944.11986.785516|ec59da9da29dd3ab51c3e45939dab7d1; __Host-nc_sameSiteCookielax=true
2024-04-23 18:08:44 3338 [network.HttpClient] --> END OPTIONS
2024-04-23 18:08:44 3338 [network.HttpClient] <-- 204 https://nextcloud.domain.org/remote.php/dav/principals/users/t81e783b9-3e64-495d-a63a-a7028840bc17/ (3ms)
2024-04-23 18:08:44 3338 [network.HttpClient] date: Tue, 23 Apr 2024 16:08:45 GMT
2024-04-23 18:08:44 3338 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-04-23 18:08:44 3338 [network.HttpClient] access-control-allow-origin: *
2024-04-23 18:08:44 3338 [network.HttpClient] access-control-allow-credentials: true
2024-04-23 18:08:44 3338 [network.HttpClient] access-control-allow-methods: COPY, DELETE, GET, HEAD, MKCOL, MOVE, OPTIONS, PATCH, POST, PROPFIND, PROPPATCH, PUT, REPORT
2024-04-23 18:08:44 3338 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-04-23 18:08:44 3338 [network.HttpClient] access-control-max-age: 1728000
2024-04-23 18:08:44 3338 [network.HttpClient] content-length: 0
2024-04-23 18:08:44 3338 [network.HttpClient] <-- END HTTP (0-byte body)
2024-04-23 18:08:44 3338 [servicedetection.DavResourceFinder] Principal https://nextcloud.domain.org/remote.php/dav/principals/users/t81e783b9-3e64-495d-a63a-a7028840bc17/ doesn't provide caldav service
2024-04-23 18:08:44 3338 [servicedetection.DavResourceFinder] Trying to determine principal from initial context path=https://nextcloud.domain.org/
2024-04-23 18:08:44 3338 [network.HttpClient] --> PROPFIND https://nextcloud.domain.org/ h2
2024-04-23 18:08:44 3338 [network.HttpClient] Depth: 0
2024-04-23 18:08:44 3338 [network.HttpClient] User-Agent: DAVx5/4.3.16-gplay (2024/04/14; dav4jvm; okhttp/4.12.0) Android/14
2024-04-23 18:08:44 3338 [network.HttpClient] Accept-Language: en-US, en;q=0.7, *;q=0.5
2024-04-23 18:08:44 3338 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2024-04-23 18:08:44 3338 [network.HttpClient] Content-Length: 198
2024-04-23 18:08:44 3338 [network.HttpClient] Host: nextcloud.domain.org
2024-04-23 18:08:44 3338 [network.HttpClient] Connection: Keep-Alive
2024-04-23 18:08:44 3338 [network.HttpClient] Accept-Encoding: gzip
2024-04-23 18:08:44 3338 [network.HttpClient] Cookie: __Host-nc_sameSiteCookiestrict=true; oc_sessionPassphrase=m9mP9pEbF9zPiMg2Kgt6ghDxtoFqtgmyk7FzV5%2ByWdh47jq5q20laNNZ%2BltR7wQH5wxUu5d6lfYoURfL1E5F%2BQPH3C13Zipc5sSQEiVYGoKyRvi1lXmVEU8Wcu8fIOww; oc4sncy5go9g=902649cb2332def72f7f651f52a27fba; stickounet=1713888525.944.11986.785516|ec59da9da29dd3ab51c3e45939dab7d1; __Host-nc_sameSiteCookielax=true
2024-04-23 18:08:44 3338 [network.HttpClient]
2024-04-23 18:08:44 3338 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind>
2024-04-23 18:08:44 3338 [network.HttpClient] --> END PROPFIND (198-byte body)
2024-04-23 18:08:44 3338 [network.HttpClient] <-- 405 https://nextcloud.domain.org/ (3ms)
2024-04-23 18:08:44 3338 [network.HttpClient] date: Tue, 23 Apr 2024 16:08:45 GMT
2024-04-23 18:08:44 3338 [network.HttpClient] content-type: text/html
2024-04-23 18:08:44 3338 [network.HttpClient] content-length: 157
2024-04-23 18:08:44 3338 [network.HttpClient] referrer-policy: no-referrer
2024-04-23 18:08:44 3338 [network.HttpClient] x-content-type-options: nosniff
2024-04-23 18:08:44 3338 [network.HttpClient] x-download-options: noopen
2024-04-23 18:08:44 3338 [network.HttpClient] x-frame-options: SAMEORIGIN
2024-04-23 18:08:44 3338 [network.HttpClient] x-permitted-cross-domain-policies: none
2024-04-23 18:08:44 3338 [network.HttpClient] x-robots-tag: noindex, nofollow
2024-04-23 18:08:44 3338 [network.HttpClient] x-xss-protection: 1; mode=block
2024-04-23 18:08:44 3338 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-04-23 18:08:44 3338 [network.HttpClient] access-control-allow-origin: *
2024-04-23 18:08:44 3338 [network.HttpClient] access-control-allow-credentials: true
2024-04-23 18:08:44 3338 [network.HttpClient] access-control-allow-methods: COPY, DELETE, GET, HEAD, MKCOL, MOVE, OPTIONS, PATCH, POST, PROPFIND, PROPPATCH, PUT, REPORT
2024-04-23 18:08:44 3338 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-04-23 18:08:44 3338 [network.HttpClient] access-control-max-age: 1728000
2024-04-23 18:08:44 3338 [network.HttpClient]
2024-04-23 18:08:44 3338 [network.HttpClient] <html>
<head><title>405 Not Allowed</title></head>
<body>
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx/1.25.5</center>
</body>
</html>
Environment
-
Kubernetes distribution: k3s
-
Helm Chart Version: https://nextcloud.github.io/helm/ nextcloud/nextcloud 4.6.6
values.yaml
image:
repository: core.harbor.domain.org/docker-nextcloud # fpm version
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/enable-websocket: "true"
nginx.ingress.kubernetes.io/hsts-include-subdomains: "true"
nginx.ingress.kubernetes.io/hsts-max-age: "31536000"
nginx.ingress.kubernetes.io/hsts-preload: "true"
nginx.ingress.kubernetes.io/hsts: "true"
nginx.ingress.kubernetes.io/keep-alive: "75"
nginx.ingress.kubernetes.io/proxy-body-size: '0'
nginx.ingress.kubernetes.io/session-cookie-name: "stickounet"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/server-snippet: |-
server_tokens off;
proxy_hide_header X-Powered-By;
rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
deny all;
}
tls:
- secretName: nextcloud-tls
hosts:
- nextcloud.domain.org
labels: {}
path: /
pathType: Prefix
phpClientHttpsFix:
enabled: true
protocol: https
phpConfigs:
custom.ini: |
upload_max_filesize = 10000M
post_max_size = 10000M
max_input_time = 3600
max_execution_time = 3600
output_buffering = 0
memory_limit 10000M
opcache.enable=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=1024
opcache.save_comments = 1
opcache.revalidate_freq = 60
opcache.validate_timestamps = 0
opcache.jit = 1255
opcache.jit_buffer_size = 128M
www.conf: |
[www]
user = www-data
group = www-data
listen = 127.0.0.1:9000
pm = dynamic
pm.max_children = 120
pm.start_servers = 12
pm.min_spare_servers = 11
pm.max_spare_servers = 34
defaultConfigs:
.htaccess: false
redis.config.php: false
apache-pretty-urls.config.php: false
apcu.config.php: true
apps.config.php: true
autoconfig.php: true
smtp.config.php: false
configs:
rediscluster.config.php: |-
<?php
if (getenv('REDISCLUSTERPWD')) {
$CONFIG = array (
'filelocking.enabled' => 'true',
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis.cluster' => [
'seeds' => [
'redis-cluster:6379'
],
'failover_mode' => \RedisCluster::FAILOVER_ERROR,
'timeout' => 0.0,
'read_timeout' => 0.0,
'password' => getenv('REDISCLUSTERPWD'),
'dbindex' => 0,
]
);
}
proxy.config.php: |-
<?php
$CONFIG = array (
'trusted_proxies' => array(
'0' => '127.0.0.1',
'1' => '10.0.0.0/8',
),
'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
);
chunk.config.php: |-
<?php
$CONFIG = array (
'chunkSize' => '100MB',
);
preview.config.php: |-
<?php
$CONFIG = array (
'enabledPreviewProviders' => array(
'0' => 'OC\\Preview\\BMP',
'1' => 'OC\\Preview\\GIF',
'2' => 'OC\\Preview\\HEIC',
'3' => 'OC\\Preview\\Image',
'4' => 'OC\\Preview\\Imaginary',
'5' => 'OC\\Preview\\JPEG',
'6' => 'OC\\Preview\\Krita',
'7' => 'OC\\Preview\\MP3',
'8' => 'OC\\Preview\\MP4',
'9' => 'OC\\Preview\\MarkDown',
'10' => 'OC\\Preview\\Movie',
'11' => 'OC\\Preview\\Movie',
'12' => 'OC\\Preview\\OpenDocument',
'13' => 'OC\\Preview\\PDF',
'14' => 'OC\\Preview\\PNG',
'15' => 'OC\\Preview\\TIFF',
'16' => 'OC\\Preview\\TXT',
'17' => 'OC\\Preview\\TXT',
'18' => 'OC\\Preview\\XBitmap',
),
'preview_imaginary_url' => 'http://imaginary:9000',
'preview_max_filesize_image' => 100,
'preview_max_x' => 8192,
'preview_max_y' => 8192,
);
extraEnv:
- name: TZ
value: 'Europe/Warsaw'
# https://github.com/nextcloud/docker/issues/1288
# https://www.postgresql.org/docs/current/libpq-envars.html
- name: PGSSLMODE
value: 'verify-ca'
- name: PGSSLROOTCERT
value: '/certs/root.crt'
- name: PGSSLCERT
value: '/certs/client.crt'
- name: PGSSLKEY
value: '/certs/client.key'
- name: REDISCLUSTERPWD
valueFrom:
secretKeyRef:
name: nextcloud--redis-redis-cluster
key: redis-password
- name: PHP_MEMORY_LIMIT
value: '10000M'
- name: PHP_UPLOAD_LIMIT
value: '10000M'
extraVolumes:
- name: bashrc
configMap:
name: container-bashrc
- name: postgresqlrc
configMap:
name: container-postgresqlrc
- name: psql-bouncer
secret:
secretName: nextcloud--psql-pg-db-pgbouncer
items:
- key: pgbouncer-frontend.ca-roots
path: root.crt
mode: 0777
- key: pgbouncer-frontend.crt
path: client.crt
mode: 0600
- key: pgbouncer-frontend.key
path: client.key
mode: 0777
extraVolumeMounts:
- name: psql-bouncer
mountPath: "/psql/bouncer"
- name: bashrc
mountPath: /root/.bashrc
subPath: bashrc
readOnly: true
- name: postgresqlrc
mountPath: /root/.postgresqlrc
subPath: postgresqlrc
readOnly: true
nginx:
enabled: true
image:
repository: core.harbor.domain.org/replication/nginx
tag: mainline-alpine
pullPolicy: Always
containerPort: 80
config:
default: true
internalDatabase:
enabled: false
name: nextcloud
externalDatabase:
enabled: true
type: postgresql
existingSecret:
enabled: true
secretName: lalala
usernameKey: ololoev
passwordKey: ololo
hostKey: pgbouncer-host
databaseKey: dbname
mariadb:
enabled: false
postgresql:
enabled: false
redis:
enabled: false
cronjob:
enabled: true
lifecycle:
postStartCommand:
- "/bin/sh"
- "-c"
- |
mkdir /certs
cat /psql/bouncer/client.key > /certs/client.key
cat /psql/bouncer/client.crt > /certs/client.crt
cat /psql/bouncer/root.crt > /certs/root.crt
chown -R www-data:www-data /certs
chmod 0600 /certs/*
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/instance
operator: In
values:
- nextcloud
topologyKey: "kubernetes.io/hostname"
Explicit CORS ingress annotations do not resolve the issue with auto-discovery
I checked this https://github.com/nextcloud/helm/issues/410 and tested by adding
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "GET HEAD POST OPTIONS PUT PATCH DELETE PROPFIND MKCOL REPORT"
nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For"
It does not make any sense because it's not on the ingress side; it's about the nextcloud-nginx container. Once I add those annotations to the ingress and test Davx5 again, it shows that those methods are allowed, but I'm still encountering a 405 error.
DAVx5 logs after adding excplicit CORS annotations
2024-04-23 19:13:32 5350 [network.HttpClient] --> PROPFIND https://nextcloud.domain.org/ h2
2024-04-23 19:13:32 5350 [network.HttpClient] Depth: 0
2024-04-23 19:13:32 5350 [network.HttpClient] User-Agent: DAVx5/4.3.16-gplay (2024/04/14; dav4jvm; okhttp/4.12.0) Android/14
2024-04-23 19:13:32 5350 [network.HttpClient] Accept-Language: en-US, en;q=0.7, *;q=0.5
2024-04-23 19:13:32 5350 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2024-04-23 19:13:32 5350 [network.HttpClient] Content-Length: 198
2024-04-23 19:13:32 5350 [network.HttpClient] Host: nextcloud.domain.org
2024-04-23 19:13:32 5350 [network.HttpClient] Connection: Keep-Alive
2024-04-23 19:13:32 5350 [network.HttpClient] Accept-Encoding: gzip
2024-04-23 19:13:32 5350 [network.HttpClient] Cookie: __Host-nc_sameSiteCookiestrict=true; oc_sessionPassphrase=pk5ZtvMczxv9NDTpvGHK5jpn%2FtjouU7lgLxyziS7rgiRRE3XkGNLzM4VJZXe7U1wq%2BdccZyf7mLlIaERwsGVDIL9N9CT3w6ASnW7NREBynQLowqjsipIcivVWdqdKS%2BW; oc4sncy5go9g=b42d9a10347aa65d7a8ad1a755536214; stickounet=1713892414.005.13187.415743|ec59da9da29dd3ab51c3e45939dab7d1; __Host-nc_sameSiteCookielax=true
2024-04-23 19:13:32 5350 [network.HttpClient]
2024-04-23 19:13:32 5350 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind>
2024-04-23 19:13:32 5350 [network.HttpClient] --> END PROPFIND (198-byte body)
2024-04-23 19:13:32 5350 [network.HttpClient] <-- 405 https://nextcloud.domain.org/ (3ms)
2024-04-23 19:13:32 5350 [network.HttpClient] date: Tue, 23 Apr 2024 17:13:33 GMT
2024-04-23 19:13:32 5350 [network.HttpClient] content-type: text/html
2024-04-23 19:13:32 5350 [network.HttpClient] content-length: 157
2024-04-23 19:13:32 5350 [network.HttpClient] referrer-policy: no-referrer
2024-04-23 19:13:32 5350 [network.HttpClient] x-content-type-options: nosniff
2024-04-23 19:13:32 5350 [network.HttpClient] x-download-options: noopen
2024-04-23 19:13:32 5350 [network.HttpClient] x-frame-options: SAMEORIGIN
2024-04-23 19:13:32 5350 [network.HttpClient] x-permitted-cross-domain-policies: none
2024-04-23 19:13:32 5350 [network.HttpClient] x-robots-tag: noindex, nofollow
2024-04-23 19:13:32 5350 [network.HttpClient] x-xss-protection: 1; mode=block
2024-04-23 19:13:32 5350 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-04-23 19:13:32 5350 [network.HttpClient] access-control-allow-origin: *
2024-04-23 19:13:32 5350 [network.HttpClient] access-control-allow-credentials: true
2024-04-23 19:13:32 5350 [network.HttpClient] access-control-allow-methods: GET HEAD POST OPTIONS PUT PATCH DELETE PROPFIND MKCOL REPORT
2024-04-23 19:13:32 5350 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-04-23 19:13:32 5350 [network.HttpClient] access-control-max-age: 1728000
2024-04-23 19:13:32 5350 [network.HttpClient]
2024-04-23 19:13:32 5350 [network.HttpClient] <html>
<head><title>405 Not Allowed</title></head>
<body>
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx/1.25.5</center>
</body>
</html>
2024-04-23 19:13:32 5350 [network.HttpClient] <-- END HTTP (157-byte body)
2024-04-23 19:13:32 5350 [servicedetection.DavResourceFinder] No resource found
EXCEPTION at.bitfire.dav4jvm.exception.HttpException: HTTP 405
at at.bitfire.dav4jvm.DavResource.checkStatus(DavResource.kt:3)
at at.bitfire.dav4jvm.DavResource.checkStatus(DavResource.kt:1)
at at.bitfire.dav4jvm.DavResource.processMultiStatus(DavResource.kt:2)
at at.bitfire.dav4jvm.DavResource.propfind(DavResource.kt:76)
at at.bitfire.davdroid.servicedetection.DavResourceFinder.getCurrentUserPrincipal(DavResourceFinder.kt:37)
at at.bitfire.davdroid.servicedetection.DavResourceFinder.discoverPrincipalUrl(DavResourceFinder.kt:301)
at at.bitfire.davdroid.servicedetection.DavResourceFinder.findInitialConfiguration(DavResourceFinder.kt:29)
at at.bitfire.davdroid.servicedetection.DavResourceFinder.findInitialConfiguration(DavResourceFinder.kt:4)
at at.bitfire.davdroid.ui.setup.LoginModel$detectResources$job$1$configuration$1.invoke(LoginModel.kt:3)
at at.bitfire.davdroid.ui.setup.LoginModel$detectResources$job$1$configuration$1.invoke(LoginModel.kt:1)
at kotlinx.coroutines.InterruptibleKt$runInterruptible$2.invokeSuspend(Interruptible.kt:59)
at kotlinx.coroutines.InterruptibleKt$runInterruptible$2.invoke(Interruptible.kt:13)
at kotlinx.coroutines.intrinsics.UndispatchedKt.startUndispatchedOrReturn(Undispatched.kt:16)
at kotlinx.coroutines.BuildersKt.withContext(Unknown Source:41)
at org.apache.commons.text.WordUtils.runInterruptible$default(WordUtils.java:9)
at at.bitfire.davdroid.ui.setup.LoginModel$detectResources$job$1.invokeSuspend(LoginModel.kt:38)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:9)
at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:111)
at kotlinx.coroutines.internal.LimitedDispatcher$Worker.run(LimitedDispatcher.kt:4)
at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:3)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:98)
Wayout
It appears that the "discovery" functionality is not functioning properly. However,
it is possible to manually configure DAVx5 to sync contacts by obtaining the URL from
the web interface. It seems like the URL format is:
https://nextcloud.domain.org/remote.php/dav/addressbooks/users/username/contacts/
Addional
If someone could provide annotations for CORS, HSTS, etc. to enhance security, caching, and load balancing, I would greatly appreciate it. If someone revised my configuration from a high availability (HA) and security best practices standpoint, or offered criticism, I would be very grateful.
It's quite odd that nginx is disclosing its version. I believe it's preferable to disable server tokens by default in the configuration of the nextcloud-nginx container.
<body>
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx/1.25.5</center>
</body>
</html>
