Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

caldav/carddav: principal ... does not provide caldav service followed by 405 error #410

Open
jessebot opened this issue Jul 11, 2023 · 78 comments · Fixed by #491
Open

caldav/carddav: principal ... does not provide caldav service followed by 405 error #410

jessebot opened this issue Jul 11, 2023 · 78 comments · Fixed by #491
Assignees
Labels
Ingress Anything to do with ingress or ingress controllers

Comments

@jessebot
Copy link
Collaborator

jessebot commented Jul 11, 2023

Describe your Issue

I can't seem to get my calendar and contacts synced on Android (but I also tried on my m1 macbook running macOS 13.4.1). This has never worked for me, but only now am I looking into it. The logs seem to suggest it starts to work with:

2023-07-11 15:01:53 105 [servicedetection.DavResourceFinder] Found current-user-principal: https://cloud.example.com/remote.php/dav/principals/users/jessebot/
2023-07-11 15:01:53 105 [at.bitfire.dav4jvm.BasicDigestAuthHandler] Adding Basic authorization header for https://cloud.example.com/remote.php/dav/principals/users/jessebot/
2023-07-11 15:01:53 105 [network.HttpClient] <-- 204 https://cloud.example.com/remote.php/dav/principals/users/jessebot/ (37ms)
2023-07-11 15:01:53 105 [network.HttpClient] date: Tue, 11 Jul 2023 13:01:53 GMT
2023-07-11 15:01:53 105 [network.HttpClient] strict-transport-security: max-age=15724800; includeSubDomains
2023-07-11 15:01:53 105 [network.HttpClient] access-control-allow-origin: *
2023-07-11 15:01:53 105 [network.HttpClient] access-control-allow-credentials: true
2023-07-11 15:01:53 105 [network.HttpClient] access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
2023-07-11 15:01:53 105 [network.HttpClient] access-control-allow-headers: X-Forwarded-For
2023-07-11 15:01:53 105 [network.HttpClient] access-control-max-age: 1728000
2023-07-11 15:01:53 105 [network.HttpClient] content-length: 0
2023-07-11 15:01:53 105 [network.HttpClient] <-- END HTTP (0-byte body)

But then I see this:

Principal https://cloud.example.com/remote.php/dav/principals/users/jessebot/ doesn't provide caldav service

folllowed by it seemingly trying the base domain again and returning this:

<head><title>405 Not Allowed</title></head>
<body>
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx/1.25.1</center>
</body>
</html>

(full verbosity logs in the next section)

I know there's kind of a lot of caldav/carddav forum posts already, but none of them cover using an nginx container and the ingress-nginx controller on k8s. The closest we have is a few issues referencing docker, but my current configs are fairly, if not fully, aligned with what seem to be all the docs across the nextcloud/server, nextcloud/docker, and nextcloud/helm repos. The other issue is that many of the forum posts are ancient referencing nextcloud versions 13-17ish.

Logs and Errors

So this log is actually from the DAVx5 app after following the guide in the server docs here (note: I've tried both with my personal username and password and also an app password I generated from my security settings and both fail with ...doesn't provide caldav service):

DAVx5 verbose logging
2023-07-11 15:01:53 105 [network.HttpClient] <-- END HTTP (419-byte, 231-gzipped-byte body)
2023-07-11 15:01:53 105 [servicedetection.DavResourceFinder] Found current-user-principal: https://cloud.example.com/remote.php/dav/principals/users/jessebot/
2023-07-11 15:01:53 105 [network.HttpClient] --> OPTIONS https://cloud.example.com/remote.php/dav/principals/users/jessebot/ h2
2023-07-11 15:01:53 105 [network.HttpClient] Content-Length: 0
2023-07-11 15:01:53 105 [network.HttpClient] Accept-Encoding: identity
2023-07-11 15:01:53 105 [network.HttpClient] User-Agent: DAVx5/4.3.4.1-ose (2023/06/16; dav4jvm; okhttp/4.11.0) Android/13
2023-07-11 15:01:53 105 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2023-07-11 15:01:53 105 [network.HttpClient] Host: cloud.example.com
2023-07-11 15:01:53 105 [network.HttpClient] Connection: Keep-Alive
2023-07-11 15:01:53 105 [network.HttpClient] Cookie: oc_sessionPassphrase=mvZ%2FR8ZizTqiwfl3Eb%2FSUgwUWL9H3FXLLXxsFyEWfWY0kzrPcknYY9lyJZdBUN1wPVqccKNzamEv0B5FhseZtMxQnrJqpUw%2BEvqcKj%2FslgEVPaNSD9uLcd2UlYtcQx5K; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; ocprwvfxs7k4=16ba82cdc7e9dddafecddebf347f39a8
2023-07-11 15:01:53 105 [network.HttpClient] --> END OPTIONS
2023-07-11 15:01:53 105 [at.bitfire.dav4jvm.BasicDigestAuthHandler] Adding Basic authorization header for https://cloud.example.com/remote.php/dav/principals/users/jessebot/
2023-07-11 15:01:53 105 [network.HttpClient] <-- 204 https://cloud.example.com/remote.php/dav/principals/users/jessebot/ (37ms)
2023-07-11 15:01:53 105 [network.HttpClient] date: Tue, 11 Jul 2023 13:01:53 GMT
2023-07-11 15:01:53 105 [network.HttpClient] strict-transport-security: max-age=15724800; includeSubDomains
2023-07-11 15:01:53 105 [network.HttpClient] access-control-allow-origin: *
2023-07-11 15:01:53 105 [network.HttpClient] access-control-allow-credentials: true
2023-07-11 15:01:53 105 [network.HttpClient] access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
2023-07-11 15:01:53 105 [network.HttpClient] access-control-allow-headers: X-Forwarded-For
2023-07-11 15:01:53 105 [network.HttpClient] access-control-max-age: 1728000
2023-07-11 15:01:53 105 [network.HttpClient] content-length: 0
2023-07-11 15:01:53 105 [network.HttpClient] <-- END HTTP (0-byte body)
2023-07-11 15:01:53 105 [servicedetection.DavResourceFinder] Principal https://cloud.example.com/remote.php/dav/principals/users/jessebot/ doesn't provide caldav service
2023-07-11 15:01:53 105 [servicedetection.DavResourceFinder] No principal found at user-given URL, trying to discover for domain cloud.example.com
2023-07-11 15:01:53 105 [servicedetection.DavResourceFinder] Looking up SRV records for _caldavs._tcp.cloud.example.com
2023-07-11 15:01:53 105 [util.DavUtils] Using Android 10+ DnsResolver
2023-07-11 15:01:53 105 [servicedetection.DavResourceFinder] Didn't find caldav service, trying at https://cloud.example.com:443
2023-07-11 15:01:53 105 [util.DavUtils] Using Android 10+ DnsResolver
2023-07-11 15:01:53 105 [servicedetection.DavResourceFinder] Trying to determine principal from initial context path=https://cloud.example.com/.well-known/caldav
2023-07-11 15:01:53 105 [network.HttpClient] --> PROPFIND https://cloud.example.com/.well-known/caldav h2
2023-07-11 15:01:53 105 [network.HttpClient] Depth: 0
2023-07-11 15:01:53 105 [network.HttpClient] User-Agent: DAVx5/4.3.4.1-ose (2023/06/16; dav4jvm; okhttp/4.11.0) Android/13
2023-07-11 15:01:53 105 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2023-07-11 15:01:53 105 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2023-07-11 15:01:53 105 [network.HttpClient] Content-Length: 198
2023-07-11 15:01:53 105 [network.HttpClient] Host: cloud.example.com
2023-07-11 15:01:53 105 [network.HttpClient] Connection: Keep-Alive
2023-07-11 15:01:53 105 [network.HttpClient] Accept-Encoding: gzip
2023-07-11 15:01:53 105 [network.HttpClient] Cookie: oc_sessionPassphrase=mvZ%2FR8ZizTqiwfl3Eb%2FSUgwUWL9H3FXLLXxsFyEWfWY0kzrPcknYY9lyJZdBUN1wPVqccKNzamEv0B5FhseZtMxQnrJqpUw%2BEvqcKj%2FslgEVPaNSD9uLcd2UlYtcQx5K; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; ocprwvfxs7k4=16ba82cdc7e9dddafecddebf347f39a8
2023-07-11 15:01:53 105 [network.HttpClient]
2023-07-11 15:01:53 105 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind>
2023-07-11 15:01:53 105 [network.HttpClient] --> END PROPFIND (198-byte body)
2023-07-11 15:01:53 105 [at.bitfire.dav4jvm.BasicDigestAuthHandler] Adding Basic authorization header for https://cloud.example.com/.well-known/caldav
2023-07-11 15:01:53 105 [network.HttpClient] <-- 301 https://cloud.example.com/.well-known/caldav (39ms)
2023-07-11 15:01:53 105 [network.HttpClient] date: Tue, 11 Jul 2023 13:01:53 GMT
2023-07-11 15:01:53 105 [network.HttpClient] content-type: text/html
2023-07-11 15:01:53 105 [network.HttpClient] content-length: 162
2023-07-11 15:01:53 105 [network.HttpClient] location: https://cloud.example.com/remote.php/dav/
2023-07-11 15:01:53 105 [network.HttpClient]
2023-07-11 15:01:53 105 [network.HttpClient] <html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

2023-07-11 15:01:53 105 [network.HttpClient] <-- END HTTP (162-byte body)
2023-07-11 15:01:53 105 [at.bitfire.dav4jvm.DavResource] Redirected, new location = https://cloud.example.com/remote.php/dav/
2023-07-11 15:01:53 105 [network.HttpClient] --> PROPFIND https://cloud.example.com/remote.php/dav/ h2
2023-07-11 15:01:53 105 [network.HttpClient] Depth: 0
2023-07-11 15:01:53 105 [network.HttpClient] User-Agent: DAVx5/4.3.4.1-ose (2023/06/16; dav4jvm; okhttp/4.11.0) Android/13
2023-07-11 15:01:53 105 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2023-07-11 15:01:53 105 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2023-07-11 15:01:53 105 [network.HttpClient] Content-Length: 198
2023-07-11 15:01:53 105 [network.HttpClient] Host: cloud.example.com
2023-07-11 15:01:53 105 [network.HttpClient] Connection: Keep-Alive
2023-07-11 15:01:53 105 [network.HttpClient] Accept-Encoding: gzip
2023-07-11 15:01:53 105 [network.HttpClient] Cookie: oc_sessionPassphrase=mvZ%2FR8ZizTqiwfl3Eb%2FSUgwUWL9H3FXLLXxsFyEWfWY0kzrPcknYY9lyJZdBUN1wPVqccKNzamEv0B5FhseZtMxQnrJqpUw%2BEvqcKj%2FslgEVPaNSD9uLcd2UlYtcQx5K; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; ocprwvfxs7k4=16ba82cdc7e9dddafecddebf347f39a8
2023-07-11 15:01:53 105 [network.HttpClient]
2023-07-11 15:01:53 105 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind>
2023-07-11 15:01:53 105 [network.HttpClient] --> END PROPFIND (198-byte body)
2023-07-11 15:01:53 105 [at.bitfire.dav4jvm.BasicDigestAuthHandler] Adding Basic authorization header for https://cloud.example.com/remote.php/dav/
2023-07-11 15:01:53 105 [network.HttpClient] <-- 207 https://cloud.example.com/remote.php/dav/ (54ms)
2023-07-11 15:01:53 105 [network.HttpClient] date: Tue, 11 Jul 2023 13:01:53 GMT
2023-07-11 15:01:53 105 [network.HttpClient] content-type: application/xml; charset=utf-8
2023-07-11 15:01:53 105 [network.HttpClient] expires: Thu, 19 Nov 1981 08:52:00 GMT
2023-07-11 15:01:53 105 [network.HttpClient] cache-control: no-store, no-cache, must-revalidate
2023-07-11 15:01:53 105 [network.HttpClient] pragma: no-cache
2023-07-11 15:01:53 105 [network.HttpClient] content-security-policy: default-src 'none';
2023-07-11 15:01:53 105 [network.HttpClient] vary: Brief,Prefer
2023-07-11 15:01:53 105 [network.HttpClient] dav: 1, 3, extended-mkcol, access-control, calendarserver-principal-property-search, nextcloud-checksum-update, nc-calendar-search, nc-enable-birthday-calendar
2023-07-11 15:01:53 105 [network.HttpClient] x-request-id: SRrZC3eQQhFwWGenI5JA
2023-07-11 15:01:53 105 [network.HttpClient] x-debug-token: SRrZC3eQQhFwWGenI5JA
2023-07-11 15:01:53 105 [network.HttpClient] content-encoding: gzip
2023-07-11 15:01:53 105 [network.HttpClient] referrer-policy: no-referrer
2023-07-11 15:01:53 105 [network.HttpClient] x-content-type-options: nosniff
2023-07-11 15:01:53 105 [network.HttpClient] x-download-options: noopen
2023-07-11 15:01:53 105 [network.HttpClient] x-frame-options: SAMEORIGIN
2023-07-11 15:01:53 105 [network.HttpClient] x-permitted-cross-domain-policies: none
2023-07-11 15:01:53 105 [network.HttpClient] x-robots-tag: noindex, nofollow
2023-07-11 15:01:53 105 [network.HttpClient] x-xss-protection: 1; mode=block
2023-07-11 15:01:53 105 [network.HttpClient] strict-transport-security: max-age=15724800; includeSubDomains
2023-07-11 15:01:53 105 [network.HttpClient] access-control-allow-origin: *
2023-07-11 15:01:53 105 [network.HttpClient] access-control-allow-credentials: true
2023-07-11 15:01:53 105 [network.HttpClient] access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
2023-07-11 15:01:53 105 [network.HttpClient] access-control-allow-headers: X-Forwarded-For
2023-07-11 15:01:53 105 [network.HttpClient] access-control-max-age: 1728000
2023-07-11 15:01:53 105 [network.HttpClient]
2023-07-11 15:01:53 105 [network.HttpClient] <?xml version="1.0"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:oc="http://owncloud.org/ns" xmlns:nc="http://nextcloud.org/ns"><d:response><d:href>/remote.php/dav/</d:href><d:propstat><d:prop><d:current-user-principal><d:href>/remote.php/dav/principals/users/jessebot/</d:href></d:current-user-principal></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat></d:response></d:multistatus>

2023-07-11 15:01:53 105 [network.HttpClient] <-- END HTTP (419-byte, 231-gzipped-byte body)
2023-07-11 15:01:53 105 [servicedetection.DavResourceFinder] Found current-user-principal: https://cloud.example.com/remote.php/dav/principals/users/jessebot/
2023-07-11 15:01:53 105 [network.HttpClient] --> OPTIONS https://cloud.example.com/remote.php/dav/principals/users/jessebot/ h2
2023-07-11 15:01:53 105 [network.HttpClient] Content-Length: 0
2023-07-11 15:01:53 105 [network.HttpClient] Accept-Encoding: identity
2023-07-11 15:01:53 105 [network.HttpClient] User-Agent: DAVx5/4.3.4.1-ose (2023/06/16; dav4jvm; okhttp/4.11.0) Android/13
2023-07-11 15:01:53 105 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2023-07-11 15:01:53 105 [network.HttpClient] Host: cloud.example.com
2023-07-11 15:01:53 105 [network.HttpClient] Connection: Keep-Alive
2023-07-11 15:01:53 105 [network.HttpClient] Cookie: oc_sessionPassphrase=mvZ%2FR8ZizTqiwfl3Eb%2FSUgwUWL9H3FXLLXxsFyEWfWY0kzrPcknYY9lyJZdBUN1wPVqccKNzamEv0B5FhseZtMxQnrJqpUw%2BEvqcKj%2FslgEVPaNSD9uLcd2UlYtcQx5K; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; ocprwvfxs7k4=16ba82cdc7e9dddafecddebf347f39a8
2023-07-11 15:01:53 105 [network.HttpClient] --> END OPTIONS
2023-07-11 15:01:53 105 [at.bitfire.dav4jvm.BasicDigestAuthHandler] Adding Basic authorization header for https://cloud.example.com/remote.php/dav/principals/users/jessebot/
2023-07-11 15:01:54 105 [network.HttpClient] <-- 204 https://cloud.example.com/remote.php/dav/principals/users/jessebot/ (41ms)
2023-07-11 15:01:54 105 [network.HttpClient] date: Tue, 11 Jul 2023 13:01:53 GMT
2023-07-11 15:01:54 105 [network.HttpClient] strict-transport-security: max-age=15724800; includeSubDomains
2023-07-11 15:01:54 105 [network.HttpClient] access-control-allow-origin: *
2023-07-11 15:01:54 105 [network.HttpClient] access-control-allow-credentials: true
2023-07-11 15:01:54 105 [network.HttpClient] access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
2023-07-11 15:01:54 105 [network.HttpClient] access-control-allow-headers: X-Forwarded-For
2023-07-11 15:01:54 105 [network.HttpClient] access-control-max-age: 1728000
2023-07-11 15:01:54 105 [network.HttpClient] content-length: 0
2023-07-11 15:01:54 105 [network.HttpClient] <-- END HTTP (0-byte body)
2023-07-11 15:01:54 105 [servicedetection.DavResourceFinder] Principal https://cloud.example.com/remote.php/dav/principals/users/jessebot/ doesn't provide caldav service
2023-07-11 15:01:54 105 [servicedetection.DavResourceFinder] Trying to determine principal from initial context path=https://cloud.example.com/
2023-07-11 15:01:54 105 [network.HttpClient] --> PROPFIND https://cloud.example.com/ h2
2023-07-11 15:01:54 105 [network.HttpClient] Depth: 0
2023-07-11 15:01:54 105 [network.HttpClient] User-Agent: DAVx5/4.3.4.1-ose (2023/06/16; dav4jvm; okhttp/4.11.0) Android/13
2023-07-11 15:01:54 105 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2023-07-11 15:01:54 105 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2023-07-11 15:01:54 105 [network.HttpClient] Content-Length: 198
2023-07-11 15:01:54 105 [network.HttpClient] Host: cloud.example.com
2023-07-11 15:01:54 105 [network.HttpClient] Connection: Keep-Alive
2023-07-11 15:01:54 105 [network.HttpClient] Accept-Encoding: gzip
2023-07-11 15:01:54 105 [network.HttpClient] Cookie: oc_sessionPassphrase=mvZ%2FR8ZizTqiwfl3Eb%2FSUgwUWL9H3FXLLXxsFyEWfWY0kzrPcknYY9lyJZdBUN1wPVqccKNzamEv0B5FhseZtMxQnrJqpUw%2BEvqcKj%2FslgEVPaNSD9uLcd2UlYtcQx5K; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; ocprwvfxs7k4=16ba82cdc7e9dddafecddebf347f39a8
2023-07-11 15:01:54 105 [network.HttpClient]
2023-07-11 15:01:54 105 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind>
2023-07-11 15:01:54 105 [network.HttpClient] --> END PROPFIND (198-byte body)
2023-07-11 15:01:54 105 [at.bitfire.dav4jvm.BasicDigestAuthHandler] Adding Basic authorization header for https://cloud.example.com/
2023-07-11 15:01:54 105 [network.HttpClient] <-- 405 https://cloud.example.com/ (36ms)
2023-07-11 15:01:54 105 [network.HttpClient] date: Tue, 11 Jul 2023 13:01:53 GMT
2023-07-11 15:01:54 105 [network.HttpClient] content-type: text/html
2023-07-11 15:01:54 105 [network.HttpClient] content-length: 157
2023-07-11 15:01:54 105 [network.HttpClient] referrer-policy: no-referrer
2023-07-11 15:01:54 105 [network.HttpClient] x-content-type-options: nosniff
2023-07-11 15:01:54 105 [network.HttpClient] x-download-options: noopen
2023-07-11 15:01:54 105 [network.HttpClient] x-frame-options: SAMEORIGIN
2023-07-11 15:01:54 105 [network.HttpClient] x-permitted-cross-domain-policies: none
2023-07-11 15:01:54 105 [network.HttpClient] x-robots-tag: noindex, nofollow
2023-07-11 15:01:54 105 [network.HttpClient] x-xss-protection: 1; mode=block
2023-07-11 15:01:54 105 [network.HttpClient] strict-transport-security: max-age=15724800; includeSubDomains
2023-07-11 15:01:54 105 [network.HttpClient] access-control-allow-origin: *
2023-07-11 15:01:54 105 [network.HttpClient] access-control-allow-credentials: true
2023-07-11 15:01:54 105 [network.HttpClient] access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
2023-07-11 15:01:54 105 [network.HttpClient] access-control-allow-headers: X-Forwarded-For
2023-07-11 15:01:54 105 [network.HttpClient] access-control-max-age: 1728000
2023-07-11 15:01:54 105 [network.HttpClient]
2023-07-11 15:01:54 105 [network.HttpClient] <html>
<head><title>405 Not Allowed</title></head>
<body>
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx/1.25.1</center>
</body>
</html>

2023-07-11 15:01:54 105 [network.HttpClient] <-- END HTTP (157-byte body)
2023-07-11 15:01:54 105 [servicedetection.DavResourceFinder] No resource found
EXCEPTION at.bitfire.dav4jvm.exception.HttpException: HTTP 405
        at at.bitfire.dav4jvm.DavResource.checkStatus(DavResource.kt:3)
        at at.bitfire.dav4jvm.DavResource.checkStatus(DavResource.kt:1)
        at at.bitfire.dav4jvm.DavResource.processMultiStatus(DavResource.kt:2)
        at at.bitfire.dav4jvm.DavResource.propfind(DavResource.kt:76)
        at at.bitfire.davdroid.servicedetection.DavResourceFinder.getCurrentUserPrincipal(DavResourceFinder.kt:38)
        at at.bitfire.davdroid.servicedetection.DavResourceFinder.discoverPrincipalUrl(DavResourceFinder.kt:305)
        at at.bitfire.davdroid.servicedetection.DavResourceFinder.findInitialConfiguration(DavResourceFinder.kt:31)
        at at.bitfire.davdroid.servicedetection.DavResourceFinder.findInitialConfiguration(DavResourceFinder.kt:4)
        at at.bitfire.davdroid.ui.setup.DetectConfigurationFragment$DetectConfigurationModel$detectConfiguration$2.invoke(DetectConfigurationFragment.kt:7)
        at at.bitfire.davdroid.ui.setup.DetectConfigurationFragment$DetectConfigurationModel$detectConfiguration$2.invoke(DetectConfigurationFragment.kt:1)
        at kotlin.concurrent.ThreadsKt$thread$thread$1.run(Thread.kt:3)

2023-07-11 15:02:00 2 [ui.DebugInfoActivity] Writing debug info to /data/user/0/at.bitfire.davdroid/files/debug/davx5-debug.zip

Describe your Environment

  • Kubernetes distribution: k3s

  • Helm Version (or App that manages helm): ArgoCD version 2.6.7

  • Helm Chart Version: 3.5.15 which uses the nextcloud 27.0.0 image

values.yaml:

image
image:
  repository: nextcloud
  flavor: fpm
  pullPolicy: Always
replicaCount: 1
ingress
ingress:
  enabled: true
  className: nginx
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: 4G
    kubernetes.io/tls-acme: "true"
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
    nginx.ingress.kubernetes.io/server-snippet: |-
      server_tokens off;
      proxy_hide_header X-Powered-By;

      rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
      rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
      rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
      rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;

      location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav/;
      }

      location = /.well-known/caldav {
        return 301 $scheme://$host/remote.php/dav/;
      }

      location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
      }

      location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        proxy_buffer_size          128k;
        proxy_buffers              4 256k;
        proxy_busy_buffers_size    256k;
        deny all;
      }

      location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
        proxy_buffer_size          128k;
        proxy_buffers              4 256k;
        proxy_busy_buffers_size    256k;
        deny all;
      }
  tls:
    - secretName: nextcloud-tls
      hosts:
        - cloud.example.com
  labels: {}
  path: /
  pathType: Prefix
nginx
nginx:
  ## You need to set an fpm version of the image for nextcloud if you want to use nginx!
  enabled: true
  image:
    repository: nginx
    tag: alpine
    pullPolicy: IfNotPresent

  config:
    # This generates the default nginx config as per the nextcloud documentation
    default: false
    custom: |-
      worker_processes auto;

      error_log  /var/log/nginx/error.log warn;
      pid        /var/run/nginx.pid;

      events {
        worker_connections  1024;
      }

      http {
        include       /etc/nginx/mime.types;
        default_type  application/octet-stream;

        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';

        access_log  /var/log/nginx/access.log  main;

        sendfile        on;
        #tcp_nopush     on;

        keepalive_timeout  65;

        #gzip  on;

        upstream php-handler {
            server 127.0.0.1:9000;
            # unsure if this still works, worked in php7.x-fpm
            server unix:/var/run/php/php8.1-fpm.sock;
        }

        server {
            listen 80;

            # set max upload size
            client_max_body_size 10G;
            fastcgi_buffers 64 4K;

            # Enable gzip but do not remove ETag headers
            gzip on;
            gzip_vary on;
            gzip_comp_level 4;
            gzip_min_length 256;
            gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
            gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

            # Pagespeed is not supported by Nextcloud, so if your server is built
            # with the `ngx_pagespeed` module, uncomment this line to disable it.
            #pagespeed off;

            # HTTP response headers borrowed from Nextcloud `.htaccess`
            add_header Referrer-Policy                      "no-referrer"       always;
            add_header X-Content-Type-Options               "nosniff"           always;
            add_header X-Download-Options                   "noopen"            always;
            add_header X-Frame-Options                      "SAMEORIGIN"        always;
            add_header X-Permitted-Cross-Domain-Policies    "none"              always;
            add_header X-Robots-Tag                         "noindex, nofollow" always;
            add_header X-XSS-Protection                     "1; mode=block"     always;

            # Remove X-Powered-By, which is an information leak
            fastcgi_hide_header X-Powered-By;

            # Path to the root of your installation
            root /var/www/html;

            # Specify how to handle directories -- specifying `/index.php$request_uri`
            # here as the fallback means that Nginx always exhibits the desired behaviour
            # when a client requests a path that corresponds to a directory that exists
            # on the server. In particular, if that directory contains an index.php file,
            # that file is correctly served; if it doesn't, then the request is passed to
            # the front-end controller. This consistent behaviour means that we don't need
            # to specify custom rules for certain paths (e.g. images and other assets,
            # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
            # `try_files $uri $uri/ /index.php$request_uri`
            # always provides the desired behaviour.
            index index.php index.html /index.php$request_uri;

            # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
            location = / {
                if ( $http_user_agent ~ ^DavClnt ) {
                    return 302 /remote.php/webdav/$is_args$args;
                }
            }

            location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
            }

            # Make a regex exception for `/.well-known` so that clients can still
            # access it despite the existence of the regex rule
            # `location ~ /(\.|autotest|...)` which would otherwise handle requests
            # for `/.well-known`.
            location ^~ /.well-known {
                # The following 6 rules are borrowed from `.htaccess`

                location = /.well-known/carddav     { return 301 /remote.php/dav/; }
                location = /.well-known/caldav      { return 301 /remote.php/dav/; }
                # Anything else is dynamically handled by Nextcloud
                location ^~ /.well-known            { return 301 /index.php$uri; }

                try_files $uri $uri/ =404;
            }

            # Rules borrowed from `.htaccess` to hide certain paths from clients
            location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
            location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)              { return 404; }

            # Ensure this block, which passes PHP files to the PHP process, is above the blocks
            # which handle static assets (as seen below). If this block is not declared first,
            # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
            # to the URI, resulting in a HTTP 500 error response.
            location ~ \.php(?:$|/) {
                # Required for legacy support
                rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;

                fastcgi_split_path_info ^(.+?\.php)(/.*)$;
                set $path_info $fastcgi_path_info;

                try_files $fastcgi_script_name =404;

                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $path_info;
                #fastcgi_param HTTPS on;

                # Avoid sending the security headers twice
                fastcgi_param modHeadersAvailable true;
                fastcgi_param front_controller_active true; # Enable pretty urls
                fastcgi_pass php-handler;

                fastcgi_intercept_errors on;
                fastcgi_request_buffering off;
            }

            location ~ \.(?:css|js|svg|gif)$ {
                try_files $uri /index.php$request_uri;
                expires 6M;         # Cache-Control policy borrowed from `.htaccess`
                access_log off;     # Optional: Don't log access to assets
            }

            location ~ \.woff2?$ {
                try_files $uri /index.php$request_uri;
                expires 7d;         # Cache-Control policy borrowed from `.htaccess`
                access_log off;     # Optional: Don't log access to assets
            }

            location / {
                try_files $uri $uri/ /index.php$request_uri;
            }
        }
      }

  resources: {}

Additional context, if any

  • I have nginx enabled with this helm chart.
  • I use TOTP, but have also tried to use an app password with DAVx5, which unfortunatley results in the same issue :(
  • this is the only warning in nextcloud, but I don't think it's related:
screenshot of admin overview page Screenshot 2023-07-11 at 15 29 14
  • there is nothing in logs page of the nextcloud admin panel when I test this and refresh
  • I also tried to download a mobile profile config from the "Mobile & Desktop" page in personal settings here:
screenshot of Mobile & Desktop setting Screenshot 2023-07-11 at 15 39 42

but it also throw errors when the profile is imported:

macOS error example Screenshot 2023-07-11 at 15 42 27
  • I also checked the docs for sabre, but didn't see anything of value :(
@jessebot jessebot changed the title caldav/cardav: principal ... does not provide caldav service followed by 405 error caldav/carddav: principal ... does not provide caldav service followed by 405 error Jul 11, 2023
@provokateurin
Copy link
Member

I use nginx and ingress-nginx and calendar and contacts sync work for me 🤔. We can try to compare configs and see why it doesn't work for you.

@jessebot
Copy link
Collaborator Author

Yes please, Thank you! 🙏 All of my configs are above under the "values.yaml" section. The ingress annotations seem to match the ones we have in this repo directly. I only had a slightly different nginx.config for a while before a kind soul merged a fix into this repo a little bit ago, but now I think it's the same too.

I also went and confirmed that I don't have modsecurity on yet (I'm sure that will be it's own can of worms when I turn that on 😂 ).

@provokateurin
Copy link
Member

This is my whole values.yaml

image:
  flavor: fpm-alpine
nextcloud:
  host: [REDACTED]
ingress:
  enabled: true
  className: nginx
  tls:
    - hosts:
        - [REDACTED]
      secretName: [REDACTED]
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: 10G
    nginx.ingress.kubernetes.io/proxy-connect-timeout: 10m
    nginx.ingress.kubernetes.io/proxy-read-timeout: 10m
    nginx.ingress.kubernetes.io/proxy-send-timeout: 10m
    nginx.ingress.kubernetes.io/proxy-buffering: "off"
    cert-manager.io/cluster-issuer: letsencrypt-prod
    external-dns.alpha.kubernetes.io/ttl: 1m
    external-dns.alpha.kubernetes.io/target: [REDACTED]
nginx:
  enabled: true
internalDatabase:
  enabled: false
externalDatabase:
  enabled: true
  type: postgresql
  host: "acid-nextcloud-cluster:5432"
  existingSecret:
    enabled: true
    secretName: nextcloud.acid-nextcloud-cluster.credentials.postgresql.acid.zalan.do
    usernameKey: username
    passwordKey: password
redis:
  enabled: true
persistence:
  enabled: true
  existingClaim: nextcloud
rbac:
  enabled: true
cronjob:
  enabled: true

with chart version 3.5.14.
I use https://github.com/kubernetes/ingress-nginx 4.5.2 right now.

@provokateurin
Copy link
Member

I guess the best way to test is to disable all your nginx customizations

@jessebot
Copy link
Collaborator Author

jessebot commented Jul 11, 2023

Awesome, thank you for all the details!

I'm also running the ingress-nginx-4.7.1 helm chart.

I agree, so I went ahead and removed most of the stuff I had there, and now my the relevant sections of my image, ingress, and nginx sections of my values.yaml looks like this:

image:
  flavor: fpm

ingress:
  enabled: true
  className: nginx
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: 10G
    kubernetes.io/tls-acme: "true"
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
  tls:
    - secretName: nextcloud-tls
      hosts:
        - cloud.example.com
  
nginx:
  enabled: true

# not sure if it matters, but I also have this trusted_proxies thing here:
nextcloud:
  configs:
    # adding your local ip might help on a self-hosted instance on your home network
    proxy.config.php: |-
      <?php
      $CONFIG = array (
        'trusted_proxies' => array(
          0 => '127.0.0.1',
          1 => '10.0.0.0/8'
        ),
        'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
      );

Pretty grateful to have removed a bunch of stuff that wasn't necessary, because most everything is still working, and this simplifies my troubleshooting a lot, but the same errors persist when I try to use the android nextcloud app with DAVx5 🤔 The macOS contacts/calendar apps stopped giving auth errors, but also aren't syncing anything. No logs in the admin panel except this:

[PHP] Error: Optional parameter $trustedServers declared before required parameter $groupManager is implicitly treated as a required parameter at /var/www/html/apps/dav/lib/CardDAV/SystemAddressbook.php#60

PROPFIND /remote.php/dav/addressbooks/users/jessebot/
from REDACTED_IP_ADDR by jessebot at 2023-07-11T16:12:24+00:00

I think that's just from when I tried to import my vcards earlier, which is because of nextcloud/server#38772 which should be solved soonish as there's an RC PR here, nextcloud/server#39282, so I assume we'll get a new docker tag soonish. I don't know if that's partially breaking things though.

Oh also after removing all the nginx configs and ingress annotations I started getting this in the admin overview 🤔 :
Security & setup warnings i It's important for the security and performance of your instance that everything is configured correctly. To help you with that we are doing some automatic checks. Please see the linked documentation for more information. There are some warnings regarding your setup. • Your web server is not properly set up to resolve "/.well-known/webfinger" Further information can be found in the documentation >. • Your web server is not properly set up to resolve "/.well-known/nodeinfo". Further information can be found in the documentation > • Your web server is not properly set up to resolve "/.well-known/caldav". Further information can be found in the documentation >. • Your web server is not properly set up to resolve "/.well-known/carddav". Further information can be found in the documentation >  • Your installation has no default phone region set. This is required to validate phone numbers in the profile settings without a country code. To allow numbers without a country code, please add "default_phone_region" with the respective ISO 3166-1 code of the region to your config file. Please double check the installation guides 7, and check for any errors or warnings in the log. Check the security of your Nextcloud over our security scan >.

@provokateurin
Copy link
Member

I also see those warnings about well-know, but never bothered to investigate. As far as I know that should work ootb?

@jessebot
Copy link
Collaborator Author

jessebot commented Jul 11, 2023

I also see those warnings about well-know, but never bothered to investigate.

Ah yeah, I only recently got some time off work to start looking into them myself :) Added back the following ingress.annotations and that resolved the admin panel errors about "/.well-known/*":

    nginx.ingress.kubernetes.io/server-snippet: |-
      proxy_hide_header X-Powered-By;
      rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
      rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
      rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
      rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;

      location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav/;
      }

      location = /.well-known/caldav {
        return 301 $scheme://$host/remote.php/dav/;
      }

but caldav/carddav still throws the same errors ;(

✏️ edited to remove the robots.txt snippet that wasn't necessary

@provokateurin
Copy link
Member

Have you enabled debug logging on the server to see if there is any more info in the logs?

@jessebot
Copy link
Collaborator Author

jessebot commented Jul 20, 2023

I plan on coming back to this after v27.0.1 of Nextcloud is released and available via docker, because it very may well be related to the bug I mentioned, and I haven't had a chance to enable debug logs (currently have it set to info), but I will revisit this soonish!

Looks like 27.0.1rc2 just dropped a couple of days ago, and for 27.0.0 they did 4 release candidates before settling, so probably another week or two and I'll upgrade, and approach this again with fresh eyes :) Thanks for all your help rubber-ducking in the meantime, Kate!

Update

The nextcloud server team did the release :D Here's the PR: #419 After I figure out upgrades, I'll come back to this issue.

@qlonik
Copy link

qlonik commented Jul 28, 2023

Hey. I have the same issue. My values on ingress are very similar to the original post. As soon as I set enable-cors to false on ingress (nginx.ingress.kubernetes.io/enable-cors: "false"), I managed to add my account for sync in official nextcloud app via DAVx5 and calendars and contacts seem to start synchronizing.

qlonik added a commit to qlonik/musical-parakeet that referenced this issue Jul 28, 2023
@jessebot
Copy link
Collaborator Author

Thanks @qlonik for chiming in! enable-cors should work though 🤔 Let me test and get back to you since #419 has been merged now.

@jessebot
Copy link
Collaborator Author

oh, I wonder if we can add something like the allow header like they suggest in this stack overflow post:

location / {
    if ($http_origin ~* "^https?://(nextclouddomain.com/remote.php/dav//|www.nextcloudomain.com/remote.php/dav/)$") {
        add_header Access-Control-Allow-Origin "$http_origin";
    }
}

I haven't had a chance to look into this due to a P1 with longhorn, but will update when I get back to testing this. If anyone in the meantime figures out the magic allow header to make this work either in the nginx.conf or a config-snippet in for ingress controller annotations, I'd love to see what you came up with :)

@jessebot jessebot self-assigned this Sep 5, 2023
@jessebot jessebot added the Ingress Anything to do with ingress or ingress controllers label Sep 9, 2023
@adborden
Copy link

@provokateurin thanks for sharing what's working for you. Can you share your config for ingress-nginx? Are you using use-forwarded-headers?

I'm also running into this. I'm using Digital Ocean LB in front of ingress-nginx.

@provokateurin
Copy link
Member

I had to resetup DAVx5 on my phone and now I run into the same problem

@provokateurin
Copy link
Member

I'm going to take a look at this today.

I am pretty sure this got nothing to do with CORS because that is only interesting for browsers and any other clients don't care about it since it is not a server restriction.

My plan is to do a git bisect on this repo because I'm fairly sure that it is not a bug in a specific Nextcloud version since loads of other people outside of this helm chart would have the same problem.

@provokateurin
Copy link
Member

provokateurin commented Nov 30, 2023

So I tried a lot of different things and I still have no clue what is going on. For some reason I end up with

<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:exception>Sabre\DAV\Exception\NotAuthenticated</s:exception>
  <s:message>No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured</s:message>
</d:error>

when doing curl -v -X PROPFIND "http://cloud.example.com/.well-known/caldav" -L on my production instance.
With the exact same setup locally (terraform+k3d) I can not reproduce this and I also don't see the errors in the admin overview. I don't understand how there can be any difference between the two since they are using the exact same terraform config (other than hostnames).

Now I was wondering if it might have to do with some state that is bad inside the instance since there seems to be no difference really.

Sadly I can't test if my local instance works with DAVx5 😅

@provokateurin
Copy link
Member

I tried my curl command against cloud.nextcloud.com and end up with the same unauthorized error. I am still able to successfully setup DAVx5 for that instance so it is probably not the source of the problems :/

@provokateurin
Copy link
Member

@Northcode since you worked on #241, do you mind sharing your setup and if it works as expected?

@jessebot
Copy link
Collaborator Author

jessebot commented Dec 1, 2023

Thank you @provokateurin for taking the lead on this 💙

@provokateurin
Copy link
Member

@jessebot @adborden @qlonik Could all of you try to setup a fresh instance with your setup if possible? Maybe you will have the same as me where a fresh instance works just fine.

@provokateurin
Copy link
Member

image

I just checked the admin overview again and saw this in the logs. The weird thing here is that it says http and not https since my prod instance is running on https. Looking at the redirect requests I also see that they only go to http and not https. I think this could be the problem here, although I don't understand why. I assume this might be because the nginx inside the container only does http and the ingress nginx does the https.

@provokateurin
Copy link
Member

provokateurin commented Dec 2, 2023

Yes my assumption was correct! You need to uncomment the nginx.ingress.kubernetes.io/server-snippet in the ingress annotations. The ingress needs to handle the redirects because only it knows about https. I still see a complaint about webfinger not being properly setup (will investigate), but I got DAVx5 to work!

(The reason why I wasn't able to reproduce it locally with my setup is that it doesn't use https.)

@provokateurin
Copy link
Member

provokateurin commented Dec 2, 2023

I can't find a difference between nodeinfo and webfinger so I'm not sure why that isn't working now 🤷‍♀️

Edit: The webfinger thing is a weird caching issue of my browser. In a new private window it works just fine.

jessebot added a commit to small-hack/argocd-apps that referenced this issue May 13, 2024
jessebot added a commit to small-hack/argocd-apps that referenced this issue May 14, 2024
jessebot added a commit to small-hack/argocd-apps that referenced this issue May 14, 2024
jessebot added a commit to small-hack/argocd-apps that referenced this issue May 15, 2024
…istent, document backup/restores (#695)

* add nextcloud PVCs helm chart

* update nextcloud to use the pvc helm chart we just made

* fix pvc enabled variable

* change name of persistence app for nextcloud

* set schedules sooner for test

* switch to cronjob helm chart to use appset for setting schedules; update postgres and s3 pvc schedules to use secret vars

* make matrix use PVC helm chart instead of PVCs directly

* add configurable matrix schedule for backups

* update matrix and nextcloud pvc appsets to point at feature branch

* try settting creation policy to owner for external secret for backups

* use feature branch for external secrets

* update both files and config pvcs to always be enabled for now

* fix nextcloud s3 pvc to point at feature branch and make master volume for swfs smaller

* clean up serverInfoToken for nextcloud external secrets and add readme

* update helm external secret server info token parameter

* fix nextcloud server info token rendered external secret

* fix maintenance mode schedule values

* fix nextcloud cronjob helm chart appset

* fix more maintenance types

* add tip about potential zitadel failure with nextcloud

* set maintanence mode for nextcloud to be 23:00 till 03:00AM

* add default k8up dashboard for all of smol-k8s-lab default supported apps

* update default k8up dashboard to have more default charts for at least nextcloud

* make sure we only backup annotated PVCs for scheduled backups

* remove create policy for s3 backup

* add creation policy owner back to s3 backups for nextcloud

* add nexcloud namespace

* update the s3 backup credentials to be more consistent with what's expected

* update postgres credentials naming scheme

* fix nextcloud s3 credentials namign scheme

* fix k8up backup secret for s3 provider helm chart

* base64 encode the true value for the k8up secret

* add configurable storageclass name

* use global pvc storage class for nextcloud pvcs

* shrink data pvc by default

* add pvc enabled secret vars for nextcloud

* take string values instead of booleans for enabled

* switch to beta channel before installing certain apps

* always enable oidc login

* temporarily still point at feature branch for nextcloud s3 provider

* make k8up operator use BACKUP_SKIP_WITHOUT_ANNOTATION=true env var, so ensure we don't backup ephemeral volumes

* Update k8up_argocd_appset.yaml - use k8up.skipWithoutAnnotation

* start attempts to backup nextcloud to local then remote 123 backup style

* try new cors solution for webdav stuff

as per nextcloud/helm#410 (comment)

* try suggest for forwarding real ip with nextcloud

suggest is here nextcloud/helm#410 (comment)

* disable cors in a test and also remove robots.txt

* convert s3 pvc appset in mastodon to use a valuesObject

* switching back to normal pvc backup annotation

* try dav with comma seperated allowed methods

* disable cors again

* try overriding the default nginx.conf with realip settings suggested in nextcloud/helm#410

* turn on cors again

* try moving the real ip settings into the server block

* try moving the real ip settings further down the server block

* try to add real ip settings inside of location /

* solve duplicate location "/" in /etc/nginx/conf.d/zz-custom.conf:142

* give up on nextcloud and try preserving real ip with https://stackoverflow.com/questions/66787939/preserving-source-ip-in-nginx-ingress-controller

* try the solution from https://stackoverflow.com/a/68347429 for preserving source ip

* disable cors again for nextcloud

* try real ip cidr for nextcloud

* that's all the gas left in the tank for nextcloud ingress testing 🤷

* add default phone region for nextcloud

* add home assistant persistence and backups

* fix getting home assistant pvc capacity

* fix branch for pvc in home assistant

* make sure we have s3 backup credentials ahead of time for home assistant

* udpate external secrets for home assistant to use feature branch

* annotate home assistant pvc for k8up backups

* ignore restic env

* fix typo for pvc scheduled backups and add some info on checking restic for home assistant backups and restores

* remove user 82 for backup for home assistant

* update ignore for restic env and add basic readme for backups and restore for home assistant

* do consistant external secrets naming

* more renaming of xternal_secrets_appset.yaml to external_secrets_argocd_appset.yaml everywhere

* comment out the resources

* update backups-s3-credentials secret to be s3-backups-credentials; change resticRepoPass to resticRepoPassword for matrix

* use feature branch for external secrets for matrix

* fix secretAccessKey and accessKeyID for matrix secrets

* switch zitadel external secrets to use add-pvc-helm-chart-for-nextcloud feature branch

* update mastodon s3 backup credentials

* update zitadel secret from backups-s3-credentials to s3-backups-credentials

* add more info about sample restore job

* turn on generic device plugin again

* k8up.io/backup: true added to all matrix pvcs

* fix pvc enabled variables for matrix

* fix access credentials for s3 backups

* update zitadel s3 pvc to point at the right feature branch

* switch to calling it s3-postgres-credentials instead of postgres-s3-credentials for nextcloud and matrix

* add WAL compression and encryption

* add WAL compression and encryption

* add WAL compression and encryption

* update matrix backups

* do specify wal for matrix backups

* allow max parellel for wal to be 8

* remove compression and adjust max parallel to 4

* removing tenant appsets b/c those live in thier own app dirs

for instance nextcloud's tenant chart, now called cluster, is here: nextcloud/app_of_apps/postgres_argocd_appset.yaml

* clean whitespace

* only retain two days worth of postgres backups, so that you can just restore from seaweedfs if needed for matrix

* updated max parallel to be 8

* update matrix to use the new default credentials for postgres and new schedule template values

* add correct backup schedule for home assistant

* update zitadel to use the new default credentials for postgres and new schedule template values

* update nextcloud to use the new default credentials for postgres and new schedule template values

* update mastodon to use the new default credentials for postgres and new schedule template values

* use feature branch for matrix

* clean up backup crendentials accessKeyID vs accessKeyId

* update to always point at latest nextcloud 29 image

* verify php occ is available before proceeding

* update post install job to have an init container that checks for occ first

* try once more to make nextcloud init prcoess work for installing apps

* prettier logs for nextcloud install apps job

* fix accessKeyId casing for nextcloud s3 pvc backups

* rename zitadel external secrets appset to have the word external secrets

* fix naming everywhere

* update wal archive settings

* fix s3 backup credentials access key id typo

* switching back to main for all branches that were previously pointed at the feature branches

---------

Co-authored-by: Max! <admin@cloudydev.net>
@keplersj
Copy link

Not to pile on, but the configuration @jessebot posted to their Argo repository was the configuration that finally got WebDAV working for me with DAVx5 on Android and Gnome Online Accounts (Nautilus + Evolution Account Services) on Fedora 40.

Simplified config for future passers-by:

ingress:
  enabled: true
  className: nginx
  annotations:
    kubernetes.io/tls-acme: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: 10G
    nginx.ingress.kubernetes.io/enable-cors: "false"
    nginx.ingress.kubernetes.io/server-snippet: |-
      server_tokens off;
      proxy_hide_header X-Powered-By;
      rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
      rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
      rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
      rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
      location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
      }
      location = /.well-known/caldav {
        return 301 $scheme://$host/remote.php/dav;
      }
      location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
      }
      location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
        deny all;
      }

@Routhinator
Copy link

CORS off is a bad posture for security. Fine if you're not exposing this to the internet, but you've simplified this by removing the security posture. My example may be more complex, but it gets CORS and the proper methods working together, without foregoing one for the other.

@pschichtel
Copy link

pschichtel commented Jun 2, 2024

CORS off is a bad posture for security.

@Routhinator what do you mean? Enabling CORS "weakens" security. CORS exists to allow controlled/limited exceptions to browser's same-origin policy (the policy that only allows JavaScript in browsers to request resources from its own origin). Especially this generic "allow all" CORS setup completely "opens the door" for any website to perform any HTTP requests against your nextcloud instance.

@Routhinator
Copy link

Turning CORS off in NGINX disables CORS enforcement and allows all requests from any origin to succeed. This cors policy whitelists traffic from the upstream proxies and pods where traffic is expected to come from, and is not an allow all policy. It could certainly be tightened with static ip policies and removing the ranges ive used, but the ranges i allowed are also ranges that exist only in my baremetal kube cluster and not in the wider local network.

Turning CORS enforcement off is "allow all".

@pschichtel
Copy link

I don't see how you configuration would do any of that. The proxy.config.php and phpClientHttpsFix options, while certainly necessary in some setups, are not related to this issue and are definitely completely unrelated to CORS. I actually don't see how your configuration would help with the issue. Can you confirm, that the OPTIONS request issued by e.g. DAVx actually arrives at the FPM container?

@Routhinator
Copy link

Yes as mentioned this config works end to end with caldav, carddav and webdav

@jessebot
Copy link
Collaborator Author

jessebot commented Jun 3, 2024

Yes as mentioned this config works end to end with caldav, carddav and webdav

Just for clarity, I don't believe I was ever able to get your configuration to work (which could have been something I did wrong - happy to chat about that), but I'll give it one last try later today, as I'm working on Nextcloud projects today anyway. I was also never able to get the real IP to show up in the logs, which is tragic, but it may have something to do with me using dynamic DNS to actually get traffic to my node? (I should be getting a dedicated IP later this month, so it might not matter?) Either way, I'll post full config and logs later today :) I'm sure there's just some minor confusion, but as I've got my ENTIRE config as code, this should be easy to clear up.

Update

Here's me using most of the values that you used @Routhinator in #410 (comment): small-hack/argocd-apps@81c0903

I will now clear my local app cache and data for DAVx5 and give it a shot to set it up on my phone again :) For documentation sake, I am using helm chart verison 4.6.10 and I am using the nextcloud:29-fpm-alpine docker image with nginx.enabled set to true. Here's the full diff of the changes I am attempting:

diff of the changes I will be trying (new changes in green)
               className: nginx
               annotations:
                 cert-manager.io/cluster-issuer: '{{ .global_cluster_issuer }}'
+                nginx.ingress.kubernetes.io/connection-proxy-header: keep-alive
                 nginx.ingress.kubernetes.io/proxy-body-size: 10G
-                nginx.ingress.kubernetes.io/enable-cors: "false"
-                # nginx.ingress.kubernetes.io/enable-cors: "true"
-                # nginx.ingress.kubernetes.io/cors-allow-methods: "GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT"
+                nginx.ingress.kubernetes.io/proxy-max-temp-file-size: 10485760m
+                nginx.ingress.kubernetes.io/proxy-read-timeout: "86400"
+                nginx.ingress.kubernetes.io/proxy-send-timeout: "86400"
+                nginx.ingress.kubernetes.io/proxy-connect-timeout: "120s"
+                nginx.ingress.kubernetes.io/enable-cors: "true"
                 # this was originally suggested in nextcloud/helm
-                # nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
-                # this was a followup solution for dav stuff
-                # nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For"
+                nginx.ingress.kubernetes.io/cors-allow-methods: "GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT"
+                nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For"
                 nginx.ingress.kubernetes.io/server-snippet: |-
                   server_tokens off;
                   proxy_hide_header X-Powered-By;
@@ -70,6 +72,11 @@ spec:
                   location = /.well-known/caldav {
                     return 301 $scheme://$host/remote.php/dav;
                   }
+                  location = /robots.txt {
+                    allow all;
+                    log_not_found off;
+                    access_log off;
+                  }
                   location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
                     deny all;
                   }
@@ -253,6 +260,7 @@ spec:
                 extra.config.php: |-
                   <?php
                   $CONFIG = array (
+                    'allow_local_remote_servers' => true,
                     'default_phone_region' => '{{ .nextcloud_default_phone_region }}',
                   );

@@ -432,5 +440,9 @@ spec:
                 enabled: true
                 namespace: "nextcloud"

+            phpClientHttpsFix:
+              enabled: true
+              protocol: https
+
             rbac:
               enabled: true
Argo CD confirmation that all is synced and happy
$ argocd app get nextcloud
Name:               argocd/nextcloud
Project:            default
Server:             https://kubernetes.default.svc
Namespace:          nextcloud
URL:                https://my-argo-domain-anonymized.com/applications/nextcloud
Source:
- Repo:             https://github.com/small-hack/argocd-apps
  Target:           routhinator-may-2-suggestion
  Path:             nextcloud/app_of_apps/
SyncWindow:         Sync Allowed
Sync Policy:        Automated
Sync Status:        Synced to routhinator-may-2-suggestion (81c0903)
Health Status:      Healthy

GROUP        KIND            NAMESPACE  NAME                                STATUS     HEALTH   HOOK      MESSAGE
argoproj.io  ApplicationSet  argocd     nextcloud-web-app-set               Synced     Healthy            ApplicationSet up to date
batch        Job             nextcloud  install-nextcloud-apps              Succeeded           PostSync  job.batch/install-nextcloud-apps created
             ConfigMap       nextcloud  before-starting-scripts             Synced
argoproj.io  ApplicationSet  argocd     nextcloud-external-secrets-app-set  Synced     Healthy
argoproj.io  ApplicationSet  argocd     nextcloud-maintenance-cron-appset   Synced     Healthy
argoproj.io  ApplicationSet  argocd     nextcloud-postgres-app-set          Synced     Healthy
argoproj.io  ApplicationSet  argocd     nextcloud-pvc-appset                Synced     Healthy
argoproj.io  ApplicationSet  argocd     nextcloud-s3-provider-app-set       Synced     Healthy
argoproj.io  ApplicationSet  argocd     nextcloud-s3-pvc-app-set            Synced     Healthy

I have now deleted my account from DAVx5 (version 4.3.16.1-ose), and then I cleared the cache, followed by clearing the data for the app on Android 14. I then went through the basic setup of DAVx5 to make sure the permissions were correct and the battery optimization was also correct. Then, finally, I opened the nextcloud (version 3.29.0) app, went to settings > more > Sync calendars and contacts. It opens DAVx5, and I allow the default URL. I login to the nextcloud via the DAVx5 app, and then grant access to the app. It works and says I can close this window. I hit the green x at the top right and says it failed and allows me to download the logs. Here are those logs (note I've changed my real domain to nextcloud.example.com for security purposes):

DAVx5 logs
2024-06-03 11:58:48 51 [servicedetection.DavResourceFinder] Finding initial carddav service configuration
2024-06-03 11:58:48 51 [servicedetection.DavResourceFinder] Checking user-given URL: https://nextcloud.example.com/remote.php/dav
2024-06-03 11:58:48 51 [network.HttpClient] --> PROPFIND https://nextcloud.example.com/remote.php/dav h2
2024-06-03 11:58:48 51 [network.HttpClient] Depth: 0
2024-06-03 11:58:48 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 11:58:48 51 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2024-06-03 11:58:48 51 [network.HttpClient] Content-Length: 290
2024-06-03 11:58:48 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 11:58:48 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Encoding: gzip
2024-06-03 11:58:48 51 [network.HttpClient]
2024-06-03 11:58:48 51 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><resourcetype /><displayname /><CARD:addressbook-description /><CARD:addressbook-home-set /><current-user-principal /></prop></propfind>
2024-06-03 11:58:48 51 [network.HttpClient] --> END PROPFIND (290-byte body)
2024-06-03 11:58:48 51 [network.HttpClient] <-- 207 https://nextcloud.example.com/remote.php/dav (93ms)
2024-06-03 11:58:48 51 [network.HttpClient] date: Mon, 03 Jun 2024 09:58:46 GMT
2024-06-03 11:58:48 51 [network.HttpClient] content-type: application/xml; charset=utf-8
2024-06-03 11:58:48 51 [network.HttpClient] set-cookie: oc_sessionPassphrase=cKfAcm%2Ba3ssQJx7AIifKIsjLcOLkC6ElsSlQdNVY13YxVl%2FA3CbwfTxkj5tpJLTf6rOpmUZQvq%2FlKJYlkpxfhOrhvmUAP6tA2FNePS%2BpwYm5bzTbXwRvT9ZzFetaIcZf; path=/; secure; HttpOnly; SameSite=Lax
2024-06-03 11:58:48 51 [network.HttpClient] set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
2024-06-03 11:58:48 51 [network.HttpClient] set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
2024-06-03 11:58:48 51 [network.HttpClient] content-security-policy: default-src 'none';
2024-06-03 11:58:48 51 [network.HttpClient] expires: Thu, 19 Nov 1981 08:52:00 GMT
2024-06-03 11:58:48 51 [network.HttpClient] cache-control: no-store, no-cache, must-revalidate
2024-06-03 11:58:48 51 [network.HttpClient] pragma: no-cache
2024-06-03 11:58:48 51 [network.HttpClient] set-cookie: ocrkhwrly2jb=cb093c78acb4eca3fa4e43bbd37fbb4d; path=/; secure; HttpOnly; SameSite=Lax
2024-06-03 11:58:48 51 [network.HttpClient] vary: Brief,Prefer
2024-06-03 11:58:48 51 [network.HttpClient] dav: 1, 3, extended-mkcol, access-control, calendarserver-principal-property-search, nextcloud-checksum-update, nc-calendar-search, nc-enable-birthday-calendar
2024-06-03 11:58:48 51 [network.HttpClient] x-request-id: 7DKdCmRIJni4xPkuuZy6
2024-06-03 11:58:48 51 [network.HttpClient] x-debug-token: 7DKdCmRIJni4xPkuuZy6
2024-06-03 11:58:48 51 [network.HttpClient] content-encoding: gzip
2024-06-03 11:58:48 51 [network.HttpClient] referrer-policy: no-referrer
2024-06-03 11:58:48 51 [network.HttpClient] x-content-type-options: nosniff
2024-06-03 11:58:48 51 [network.HttpClient] x-download-options: noopen
2024-06-03 11:58:48 51 [network.HttpClient] x-frame-options: SAMEORIGIN
2024-06-03 11:58:48 51 [network.HttpClient] x-permitted-cross-domain-policies: none
2024-06-03 11:58:48 51 [network.HttpClient] x-robots-tag: noindex, nofollow
2024-06-03 11:58:48 51 [network.HttpClient] x-xss-protection: 1; mode=block
2024-06-03 11:58:48 51 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-origin: *
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-credentials: true
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-06-03 11:58:48 51 [network.HttpClient] access-control-max-age: 1728000
2024-06-03 11:58:48 51 [network.HttpClient]
2024-06-03 11:58:48 51 [network.HttpClient] <?xml version="1.0"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:oc="http://owncloud.org/ns" xmlns:nc="http://nextcloud.org/ns"><d:response><d:href>/remote.php/dav/</d:href><d:propstat><d:prop><d:resourcetype><d:collection/></d:resourcetype><d:current-user-principal><d:href>/remote.php/dav/principals/users/jessebot/</d:href></d:current-user-principal></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat><d:propstat><d:prop><d:displayname/><x1:addressbook-description xmlns:x1="urn:ietf:params:xml:ns:carddav"/><x1:addressbook-home-set xmlns:x1="urn:ietf:params:xml:ns:carddav"/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response></d:multistatus>

2024-06-03 11:58:48 51 [network.HttpClient] <-- END HTTP (707-byte, 330-gzipped-byte body)
2024-06-03 11:58:48 51 [network.HttpClient] --> OPTIONS https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ h2
2024-06-03 11:58:48 51 [network.HttpClient] Content-Length: 0
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Encoding: identity
2024-06-03 11:58:48 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 11:58:48 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 11:58:48 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 11:58:48 51 [network.HttpClient] Cookie: oc_sessionPassphrase=cKfAcm%2Ba3ssQJx7AIifKIsjLcOLkC6ElsSlQdNVY13YxVl%2FA3CbwfTxkj5tpJLTf6rOpmUZQvq%2FlKJYlkpxfhOrhvmUAP6tA2FNePS%2BpwYm5bzTbXwRvT9ZzFetaIcZf; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=cb093c78acb4eca3fa4e43bbd37fbb4d; __Host-nc_sameSiteCookiestrict=true
2024-06-03 11:58:48 51 [network.HttpClient] --> END OPTIONS
2024-06-03 11:58:48 51 [network.HttpClient] <-- 204 https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ (7ms)
2024-06-03 11:58:48 51 [network.HttpClient] date: Mon, 03 Jun 2024 09:58:46 GMT
2024-06-03 11:58:48 51 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-origin: *
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-credentials: true
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-06-03 11:58:48 51 [network.HttpClient] access-control-max-age: 1728000
2024-06-03 11:58:48 51 [network.HttpClient] content-length: 0
2024-06-03 11:58:48 51 [network.HttpClient] <-- END HTTP (0-byte body)
2024-06-03 11:58:48 51 [servicedetection.DavResourceFinder] Principal https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ doesn't provide carddav service
2024-06-03 11:58:48 51 [network.HttpClient] --> PROPFIND https://nextcloud.example.com/.well-known/carddav h2
2024-06-03 11:58:48 51 [network.HttpClient] Depth: 0
2024-06-03 11:58:48 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 11:58:48 51 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2024-06-03 11:58:48 51 [network.HttpClient] Content-Length: 198
2024-06-03 11:58:48 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 11:58:48 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Encoding: gzip
2024-06-03 11:58:48 51 [network.HttpClient] Cookie: oc_sessionPassphrase=cKfAcm%2Ba3ssQJx7AIifKIsjLcOLkC6ElsSlQdNVY13YxVl%2FA3CbwfTxkj5tpJLTf6rOpmUZQvq%2FlKJYlkpxfhOrhvmUAP6tA2FNePS%2BpwYm5bzTbXwRvT9ZzFetaIcZf; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=cb093c78acb4eca3fa4e43bbd37fbb4d; __Host-nc_sameSiteCookiestrict=true
2024-06-03 11:58:48 51 [network.HttpClient]
2024-06-03 11:58:48 51 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind>
2024-06-03 11:58:48 51 [network.HttpClient] --> END PROPFIND (198-byte body)
2024-06-03 11:58:48 51 [network.HttpClient] <-- 301 https://nextcloud.example.com/.well-known/carddav (7ms)
2024-06-03 11:58:48 51 [network.HttpClient] date: Mon, 03 Jun 2024 09:58:46 GMT
2024-06-03 11:58:48 51 [network.HttpClient] content-type: text/html
2024-06-03 11:58:48 51 [network.HttpClient] content-length: 162
2024-06-03 11:58:48 51 [network.HttpClient] location: https://nextcloud.example.com/remote.php/dav
2024-06-03 11:58:48 51 [network.HttpClient]
2024-06-03 11:58:48 51 [network.HttpClient] <html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

2024-06-03 11:58:48 51 [network.HttpClient] <-- END HTTP (162-byte body)
2024-06-03 11:58:48 51 [at.bitfire.dav4jvm.DavResource] Redirected, new location = https://nextcloud.example.com/remote.php/dav
2024-06-03 11:58:48 51 [network.HttpClient] --> PROPFIND https://nextcloud.example.com/remote.php/dav h2
2024-06-03 11:58:48 51 [network.HttpClient] Depth: 0
2024-06-03 11:58:48 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 11:58:48 51 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2024-06-03 11:58:48 51 [network.HttpClient] Content-Length: 198
2024-06-03 11:58:48 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 11:58:48 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Encoding: gzip
2024-06-03 11:58:48 51 [network.HttpClient] Cookie: oc_sessionPassphrase=cKfAcm%2Ba3ssQJx7AIifKIsjLcOLkC6ElsSlQdNVY13YxVl%2FA3CbwfTxkj5tpJLTf6rOpmUZQvq%2FlKJYlkpxfhOrhvmUAP6tA2FNePS%2BpwYm5bzTbXwRvT9ZzFetaIcZf; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=cb093c78acb4eca3fa4e43bbd37fbb4d; __Host-nc_sameSiteCookiestrict=true
2024-06-03 11:58:48 51 [network.HttpClient]
2024-06-03 11:58:48 51 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind>
2024-06-03 11:58:48 51 [network.HttpClient] --> END PROPFIND (198-byte body)
2024-06-03 11:58:48 51 [network.HttpClient] <-- 207 https://nextcloud.example.com/remote.php/dav (55ms)
2024-06-03 11:58:48 51 [network.HttpClient] date: Mon, 03 Jun 2024 09:58:47 GMT
2024-06-03 11:58:48 51 [network.HttpClient] content-type: application/xml; charset=utf-8
2024-06-03 11:58:48 51 [network.HttpClient] expires: Thu, 19 Nov 1981 08:52:00 GMT
2024-06-03 11:58:48 51 [network.HttpClient] cache-control: no-store, no-cache, must-revalidate
2024-06-03 11:58:48 51 [network.HttpClient] pragma: no-cache
2024-06-03 11:58:48 51 [network.HttpClient] content-security-policy: default-src 'none';
2024-06-03 11:58:48 51 [network.HttpClient] vary: Brief,Prefer
2024-06-03 11:58:48 51 [network.HttpClient] dav: 1, 3, extended-mkcol, access-control, calendarserver-principal-property-search, nextcloud-checksum-update, nc-calendar-search, nc-enable-birthday-calendar
2024-06-03 11:58:48 51 [network.HttpClient] x-request-id: Y8wI4t4ZiAp8NV4OZZMR
2024-06-03 11:58:48 51 [network.HttpClient] x-debug-token: Y8wI4t4ZiAp8NV4OZZMR
2024-06-03 11:58:48 51 [network.HttpClient] content-encoding: gzip
2024-06-03 11:58:48 51 [network.HttpClient] referrer-policy: no-referrer
2024-06-03 11:58:48 51 [network.HttpClient] x-content-type-options: nosniff
2024-06-03 11:58:48 51 [network.HttpClient] x-download-options: noopen
2024-06-03 11:58:48 51 [network.HttpClient] x-frame-options: SAMEORIGIN
2024-06-03 11:58:48 51 [network.HttpClient] x-permitted-cross-domain-policies: none
2024-06-03 11:58:48 51 [network.HttpClient] x-robots-tag: noindex, nofollow
2024-06-03 11:58:48 51 [network.HttpClient] x-xss-protection: 1; mode=block
2024-06-03 11:58:48 51 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-origin: *
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-credentials: true
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-06-03 11:58:48 51 [network.HttpClient] access-control-max-age: 1728000
2024-06-03 11:58:48 51 [network.HttpClient]
2024-06-03 11:58:48 51 [network.HttpClient] <?xml version="1.0"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:oc="http://owncloud.org/ns" xmlns:nc="http://nextcloud.org/ns"><d:response><d:href>/remote.php/dav/</d:href><d:propstat><d:prop><d:current-user-principal><d:href>/remote.php/dav/principals/users/jessebot/</d:href></d:current-user-principal></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat></d:response></d:multistatus>

2024-06-03 11:58:48 51 [network.HttpClient] <-- END HTTP (419-byte, 231-gzipped-byte body)
2024-06-03 11:58:48 51 [servicedetection.DavResourceFinder] Found current-user-principal: https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/
2024-06-03 11:58:48 51 [network.HttpClient] --> OPTIONS https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ h2
2024-06-03 11:58:48 51 [network.HttpClient] Content-Length: 0
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Encoding: identity
2024-06-03 11:58:48 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 11:58:48 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 11:58:48 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 11:58:48 51 [network.HttpClient] Cookie: oc_sessionPassphrase=cKfAcm%2Ba3ssQJx7AIifKIsjLcOLkC6ElsSlQdNVY13YxVl%2FA3CbwfTxkj5tpJLTf6rOpmUZQvq%2FlKJYlkpxfhOrhvmUAP6tA2FNePS%2BpwYm5bzTbXwRvT9ZzFetaIcZf; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=cb093c78acb4eca3fa4e43bbd37fbb4d; __Host-nc_sameSiteCookiestrict=true
2024-06-03 11:58:48 51 [network.HttpClient] --> END OPTIONS
2024-06-03 11:58:48 51 [network.HttpClient] <-- 204 https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ (8ms)
2024-06-03 11:58:48 51 [network.HttpClient] date: Mon, 03 Jun 2024 09:58:47 GMT
2024-06-03 11:58:48 51 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-origin: *
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-credentials: true
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-06-03 11:58:48 51 [network.HttpClient] access-control-max-age: 1728000
2024-06-03 11:58:48 51 [network.HttpClient] content-length: 0
2024-06-03 11:58:48 51 [network.HttpClient] <-- END HTTP (0-byte body)
2024-06-03 11:58:48 51 [servicedetection.DavResourceFinder] Principal https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ doesn't provide carddav service
2024-06-03 11:58:48 51 [servicedetection.DavResourceFinder] No principal found at user-given URL, trying to discover for domain nextcloud.example.com
2024-06-03 11:58:48 51 [servicedetection.DavResourceFinder] Looking up SRV records for _carddavs._tcp.nextcloud.example.com
2024-06-03 11:58:48 51 [servicedetection.DavResourceFinder] Didn't find carddav service, trying at https://nextcloud.example.com:443
2024-06-03 11:58:48 51 [servicedetection.DavResourceFinder] Trying to determine principal from initial context path=https://nextcloud.example.com/.well-known/carddav
2024-06-03 11:58:48 51 [network.HttpClient] --> PROPFIND https://nextcloud.example.com/.well-known/carddav h2
2024-06-03 11:58:48 51 [network.HttpClient] Depth: 0
2024-06-03 11:58:48 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 11:58:48 51 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2024-06-03 11:58:48 51 [network.HttpClient] Content-Length: 198
2024-06-03 11:58:48 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 11:58:48 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Encoding: gzip
2024-06-03 11:58:48 51 [network.HttpClient] Cookie: oc_sessionPassphrase=cKfAcm%2Ba3ssQJx7AIifKIsjLcOLkC6ElsSlQdNVY13YxVl%2FA3CbwfTxkj5tpJLTf6rOpmUZQvq%2FlKJYlkpxfhOrhvmUAP6tA2FNePS%2BpwYm5bzTbXwRvT9ZzFetaIcZf; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=cb093c78acb4eca3fa4e43bbd37fbb4d; __Host-nc_sameSiteCookiestrict=true
2024-06-03 11:58:48 51 [network.HttpClient]
2024-06-03 11:58:48 51 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind>
2024-06-03 11:58:48 51 [network.HttpClient] --> END PROPFIND (198-byte body)
2024-06-03 11:58:48 51 [network.HttpClient] <-- 301 https://nextcloud.example.com/.well-known/carddav (8ms)
2024-06-03 11:58:48 51 [network.HttpClient] date: Mon, 03 Jun 2024 09:58:47 GMT
2024-06-03 11:58:48 51 [network.HttpClient] content-type: text/html
2024-06-03 11:58:48 51 [network.HttpClient] content-length: 162
2024-06-03 11:58:48 51 [network.HttpClient] location: https://nextcloud.example.com/remote.php/dav
2024-06-03 11:58:48 51 [network.HttpClient]
2024-06-03 11:58:48 51 [network.HttpClient] <html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

2024-06-03 11:58:48 51 [network.HttpClient] <-- END HTTP (162-byte body)
2024-06-03 11:58:48 51 [at.bitfire.dav4jvm.DavResource] Redirected, new location = https://nextcloud.example.com/remote.php/dav
2024-06-03 11:58:48 51 [network.HttpClient] --> PROPFIND https://nextcloud.example.com/remote.php/dav h2
2024-06-03 11:58:48 51 [network.HttpClient] Depth: 0
2024-06-03 11:58:48 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 11:58:48 51 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2024-06-03 11:58:48 51 [network.HttpClient] Content-Length: 198
2024-06-03 11:58:48 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 11:58:48 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Encoding: gzip
2024-06-03 11:58:48 51 [network.HttpClient] Cookie: oc_sessionPassphrase=cKfAcm%2Ba3ssQJx7AIifKIsjLcOLkC6ElsSlQdNVY13YxVl%2FA3CbwfTxkj5tpJLTf6rOpmUZQvq%2FlKJYlkpxfhOrhvmUAP6tA2FNePS%2BpwYm5bzTbXwRvT9ZzFetaIcZf; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=cb093c78acb4eca3fa4e43bbd37fbb4d; __Host-nc_sameSiteCookiestrict=true
2024-06-03 11:58:48 51 [network.HttpClient]
2024-06-03 11:58:48 51 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind>
2024-06-03 11:58:48 51 [network.HttpClient] --> END PROPFIND (198-byte body)
2024-06-03 11:58:48 51 [network.HttpClient] <-- 207 https://nextcloud.example.com/remote.php/dav (146ms)
2024-06-03 11:58:48 51 [network.HttpClient] date: Mon, 03 Jun 2024 09:58:47 GMT
2024-06-03 11:58:48 51 [network.HttpClient] content-type: application/xml; charset=utf-8
2024-06-03 11:58:48 51 [network.HttpClient] expires: Thu, 19 Nov 1981 08:52:00 GMT
2024-06-03 11:58:48 51 [network.HttpClient] cache-control: no-store, no-cache, must-revalidate
2024-06-03 11:58:48 51 [network.HttpClient] pragma: no-cache
2024-06-03 11:58:48 51 [network.HttpClient] content-security-policy: default-src 'none';
2024-06-03 11:58:48 51 [network.HttpClient] vary: Brief,Prefer
2024-06-03 11:58:48 51 [network.HttpClient] dav: 1, 3, extended-mkcol, access-control, calendarserver-principal-property-search, nextcloud-checksum-update, nc-calendar-search, nc-enable-birthday-calendar
2024-06-03 11:58:48 51 [network.HttpClient] x-request-id: l0OHnYMuwvnI3tIUB7M7
2024-06-03 11:58:48 51 [network.HttpClient] x-debug-token: l0OHnYMuwvnI3tIUB7M7
2024-06-03 11:58:48 51 [network.HttpClient] content-encoding: gzip
2024-06-03 11:58:48 51 [network.HttpClient] referrer-policy: no-referrer
2024-06-03 11:58:48 51 [network.HttpClient] x-content-type-options: nosniff
2024-06-03 11:58:48 51 [network.HttpClient] x-download-options: noopen
2024-06-03 11:58:48 51 [network.HttpClient] x-frame-options: SAMEORIGIN
2024-06-03 11:58:48 51 [network.HttpClient] x-permitted-cross-domain-policies: none
2024-06-03 11:58:48 51 [network.HttpClient] x-robots-tag: noindex, nofollow
2024-06-03 11:58:48 51 [network.HttpClient] x-xss-protection: 1; mode=block
2024-06-03 11:58:48 51 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-origin: *
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-credentials: true
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-06-03 11:58:48 51 [network.HttpClient] access-control-max-age: 1728000
2024-06-03 11:58:48 51 [network.HttpClient]
2024-06-03 11:58:48 51 [network.HttpClient] <?xml version="1.0"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:oc="http://owncloud.org/ns" xmlns:nc="http://nextcloud.org/ns"><d:response><d:href>/remote.php/dav/</d:href><d:propstat><d:prop><d:current-user-principal><d:href>/remote.php/dav/principals/users/jessebot/</d:href></d:current-user-principal></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat></d:response></d:multistatus>

2024-06-03 11:58:48 51 [network.HttpClient] <-- END HTTP (419-byte, 231-gzipped-byte body)
2024-06-03 11:58:48 51 [servicedetection.DavResourceFinder] Found current-user-principal: https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/
2024-06-03 11:58:48 51 [network.HttpClient] --> OPTIONS https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ h2
2024-06-03 11:58:48 51 [network.HttpClient] Content-Length: 0
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Encoding: identity
2024-06-03 11:58:48 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 11:58:48 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 11:58:48 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 11:58:48 51 [network.HttpClient] Cookie: oc_sessionPassphrase=cKfAcm%2Ba3ssQJx7AIifKIsjLcOLkC6ElsSlQdNVY13YxVl%2FA3CbwfTxkj5tpJLTf6rOpmUZQvq%2FlKJYlkpxfhOrhvmUAP6tA2FNePS%2BpwYm5bzTbXwRvT9ZzFetaIcZf; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=cb093c78acb4eca3fa4e43bbd37fbb4d; __Host-nc_sameSiteCookiestrict=true
2024-06-03 11:58:48 51 [network.HttpClient] --> END OPTIONS
2024-06-03 11:58:48 51 [network.HttpClient] <-- 204 https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ (8ms)
2024-06-03 11:58:48 51 [network.HttpClient] date: Mon, 03 Jun 2024 09:58:47 GMT
2024-06-03 11:58:48 51 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-origin: *
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-credentials: true
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-06-03 11:58:48 51 [network.HttpClient] access-control-max-age: 1728000
2024-06-03 11:58:48 51 [network.HttpClient] content-length: 0
2024-06-03 11:58:48 51 [network.HttpClient] <-- END HTTP (0-byte body)
2024-06-03 11:58:48 51 [servicedetection.DavResourceFinder] Principal https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ doesn't provide carddav service
2024-06-03 11:58:48 51 [servicedetection.DavResourceFinder] Trying to determine principal from initial context path=https://nextcloud.example.com/
2024-06-03 11:58:48 51 [network.HttpClient] --> PROPFIND https://nextcloud.example.com/ h2
2024-06-03 11:58:48 51 [network.HttpClient] Depth: 0
2024-06-03 11:58:48 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 11:58:48 51 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2024-06-03 11:58:48 51 [network.HttpClient] Content-Length: 198
2024-06-03 11:58:48 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 11:58:48 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Encoding: gzip
2024-06-03 11:58:48 51 [network.HttpClient] Cookie: oc_sessionPassphrase=cKfAcm%2Ba3ssQJx7AIifKIsjLcOLkC6ElsSlQdNVY13YxVl%2FA3CbwfTxkj5tpJLTf6rOpmUZQvq%2FlKJYlkpxfhOrhvmUAP6tA2FNePS%2BpwYm5bzTbXwRvT9ZzFetaIcZf; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=cb093c78acb4eca3fa4e43bbd37fbb4d; __Host-nc_sameSiteCookiestrict=true
2024-06-03 11:58:48 51 [network.HttpClient]
2024-06-03 11:58:48 51 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind>
2024-06-03 11:58:48 51 [network.HttpClient] --> END PROPFIND (198-byte body)
2024-06-03 11:58:48 51 [network.HttpClient] <-- 405 https://nextcloud.example.com/ (8ms)
2024-06-03 11:58:48 51 [network.HttpClient] date: Mon, 03 Jun 2024 09:58:47 GMT
2024-06-03 11:58:48 51 [network.HttpClient] content-type: text/html
2024-06-03 11:58:48 51 [network.HttpClient] content-length: 157
2024-06-03 11:58:48 51 [network.HttpClient] referrer-policy: no-referrer
2024-06-03 11:58:48 51 [network.HttpClient] x-content-type-options: nosniff
2024-06-03 11:58:48 51 [network.HttpClient] x-download-options: noopen
2024-06-03 11:58:48 51 [network.HttpClient] x-frame-options: SAMEORIGIN
2024-06-03 11:58:48 51 [network.HttpClient] x-permitted-cross-domain-policies: none
2024-06-03 11:58:48 51 [network.HttpClient] x-robots-tag: noindex, nofollow
2024-06-03 11:58:48 51 [network.HttpClient] x-xss-protection: 1; mode=block
2024-06-03 11:58:48 51 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-origin: *
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-credentials: true
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-06-03 11:58:48 51 [network.HttpClient] access-control-max-age: 1728000
2024-06-03 11:58:48 51 [network.HttpClient]
2024-06-03 11:58:48 51 [network.HttpClient] <html>
<head><title>405 Not Allowed</title></head>
<body>
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx/1.25.4</center>
</body>
</html>

2024-06-03 11:58:48 51 [network.HttpClient] <-- END HTTP (157-byte body)
2024-06-03 11:58:48 51 [servicedetection.DavResourceFinder] No resource found
EXCEPTION at.bitfire.dav4jvm.exception.HttpException: HTTP 405
        at at.bitfire.dav4jvm.DavResource.checkStatus(DavResource.kt:3)
        at at.bitfire.dav4jvm.DavResource.checkStatus(DavResource.kt:1)
        at at.bitfire.dav4jvm.DavResource.processMultiStatus(DavResource.kt:2)
        at at.bitfire.dav4jvm.DavResource.propfind(DavResource.kt:76)
        at at.bitfire.davdroid.servicedetection.DavResourceFinder.getCurrentUserPrincipal(DavResourceFinder.kt:37)
        at at.bitfire.davdroid.servicedetection.DavResourceFinder.discoverPrincipalUrl(DavResourceFinder.kt:301)
        at at.bitfire.davdroid.servicedetection.DavResourceFinder.findInitialConfiguration(DavResourceFinder.kt:29)
        at at.bitfire.davdroid.servicedetection.DavResourceFinder.findInitialConfiguration(DavResourceFinder.kt:1)
        at at.bitfire.davdroid.ui.setup.LoginModel$detectResources$job$1$configuration$1.invoke(LoginModel.kt:3)
        at at.bitfire.davdroid.ui.setup.LoginModel$detectResources$job$1$configuration$1.invoke(LoginModel.kt:1)
        at kotlinx.coroutines.InterruptibleKt$runInterruptible$2.invokeSuspend(Interruptible.kt:59)
        at kotlinx.coroutines.InterruptibleKt$runInterruptible$2.invoke(Interruptible.kt:13)
        at kotlinx.coroutines.intrinsics.UndispatchedKt.startUndispatchedOrReturn(Undispatched.kt:16)
        at kotlinx.coroutines.BuildersKt.withContext(Unknown Source:41)
        at kotlinx.coroutines.InterruptibleKt.runInterruptible$default(Interruptible.kt:9)
        at at.bitfire.davdroid.ui.setup.LoginModel$detectResources$job$1.invokeSuspend(LoginModel.kt:38)
        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:9)
        at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:111)
        at kotlinx.coroutines.internal.LimitedDispatcher$Worker.run(LimitedDispatcher.kt:4)
        at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:3)
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:98)

2024-06-03 11:58:48 51 [servicedetection.DavResourceFinder] Finding initial caldav service configuration
2024-06-03 11:58:48 51 [servicedetection.DavResourceFinder] Checking user-given URL: https://nextcloud.example.com/remote.php/dav
2024-06-03 11:58:48 51 [network.HttpClient] --> PROPFIND https://nextcloud.example.com/remote.php/dav h2
2024-06-03 11:58:48 51 [network.HttpClient] Depth: 0
2024-06-03 11:58:48 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 11:58:48 51 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2024-06-03 11:58:48 51 [network.HttpClient] Content-Length: 435
2024-06-03 11:58:48 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 11:58:48 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Encoding: gzip
2024-06-03 11:58:48 51 [network.HttpClient] Cookie: oc_sessionPassphrase=cKfAcm%2Ba3ssQJx7AIifKIsjLcOLkC6ElsSlQdNVY13YxVl%2FA3CbwfTxkj5tpJLTf6rOpmUZQvq%2FlKJYlkpxfhOrhvmUAP6tA2FNePS%2BpwYm5bzTbXwRvT9ZzFetaIcZf; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=cb093c78acb4eca3fa4e43bbd37fbb4d; __Host-nc_sameSiteCookiestrict=true
2024-06-03 11:58:48 51 [network.HttpClient]
2024-06-03 11:58:48 51 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><resourcetype /><displayname /><n0:calendar-color xmlns:n0="http://apple.com/ns/ical/" /><CAL:calendar-description /><CAL:calendar-timezone /><current-user-privilege-set /><CAL:supported-calendar-component-set /><CAL:calendar-home-set /><current-user-principal /></prop></propfind>
2024-06-03 11:58:48 51 [network.HttpClient] --> END PROPFIND (435-byte body)
2024-06-03 11:58:48 51 [network.HttpClient] <-- 207 https://nextcloud.example.com/remote.php/dav (89ms)
2024-06-03 11:58:48 51 [network.HttpClient] date: Mon, 03 Jun 2024 09:58:47 GMT
2024-06-03 11:58:48 51 [network.HttpClient] content-type: application/xml; charset=utf-8
2024-06-03 11:58:48 51 [network.HttpClient] expires: Thu, 19 Nov 1981 08:52:00 GMT
2024-06-03 11:58:48 51 [network.HttpClient] cache-control: no-store, no-cache, must-revalidate
2024-06-03 11:58:48 51 [network.HttpClient] pragma: no-cache
2024-06-03 11:58:48 51 [network.HttpClient] content-security-policy: default-src 'none';
2024-06-03 11:58:48 51 [network.HttpClient] vary: Brief,Prefer
2024-06-03 11:58:48 51 [network.HttpClient] dav: 1, 3, extended-mkcol, access-control, calendarserver-principal-property-search, nextcloud-checksum-update, nc-calendar-search, nc-enable-birthday-calendar
2024-06-03 11:58:48 51 [network.HttpClient] x-request-id: mqqsr0Eq6LV1AcJVf9HP
2024-06-03 11:58:48 51 [network.HttpClient] x-debug-token: mqqsr0Eq6LV1AcJVf9HP
2024-06-03 11:58:48 51 [network.HttpClient] content-encoding: gzip
2024-06-03 11:58:48 51 [network.HttpClient] referrer-policy: no-referrer
2024-06-03 11:58:48 51 [network.HttpClient] x-content-type-options: nosniff
2024-06-03 11:58:48 51 [network.HttpClient] x-download-options: noopen
2024-06-03 11:58:48 51 [network.HttpClient] x-frame-options: SAMEORIGIN
2024-06-03 11:58:48 51 [network.HttpClient] x-permitted-cross-domain-policies: none
2024-06-03 11:58:48 51 [network.HttpClient] x-robots-tag: noindex, nofollow
2024-06-03 11:58:48 51 [network.HttpClient] x-xss-protection: 1; mode=block
2024-06-03 11:58:48 51 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-origin: *
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-credentials: true
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-06-03 11:58:48 51 [network.HttpClient] access-control-max-age: 1728000
2024-06-03 11:58:48 51 [network.HttpClient]
2024-06-03 11:58:48 51 [network.HttpClient] <?xml version="1.0"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:oc="http://owncloud.org/ns" xmlns:nc="http://nextcloud.org/ns"><d:response><d:href>/remote.php/dav/</d:href><d:propstat><d:prop><d:resourcetype><d:collection/></d:resourcetype><d:current-user-privilege-set><d:privilege><d:all/></d:privilege><d:privilege><d:read/></d:privilege><d:privilege><d:write/></d:privilege><d:privilege><d:write-properties/></d:privilege><d:privilege><d:write-content/></d:privilege><d:privilege><d:unlock/></d:privilege><d:privilege><d:bind/></d:privilege><d:privilege><d:unbind/></d:privilege><d:privilege><d:read-acl/></d:privilege><d:privilege><d:read-current-user-privilege-set/></d:privilege></d:current-user-privilege-set><d:current-user-principal><d:href>/remote.php/dav/principals/users/jessebot/</d:href></d:current-user-principal></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat><d:propstat><d:prop><d:displayname/><x1:calendar-color xmlns:x1="http://apple.com/ns/ical/"/><x2:calendar-description xmlns:x2="urn:ietf:params:xml:ns:caldav"/><x2:calendar-timezone xmlns:x2="urn:ietf:params:xml:ns:caldav"/><x2:supported-calendar-component-set xmlns:x2="urn:ietf:params:xml:ns:caldav"/><x2:calendar-home-set xmlns:x2="urn:ietf:params:xml:ns:caldav"/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response></d:multistatus>

2024-06-03 11:58:48 51 [network.HttpClient] <-- END HTTP (1376-byte, 458-gzipped-byte body)
2024-06-03 11:58:48 51 [network.HttpClient] --> OPTIONS https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ h2
2024-06-03 11:58:48 51 [network.HttpClient] Content-Length: 0
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Encoding: identity
2024-06-03 11:58:48 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 11:58:48 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 11:58:48 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 11:58:48 51 [network.HttpClient] Cookie: oc_sessionPassphrase=cKfAcm%2Ba3ssQJx7AIifKIsjLcOLkC6ElsSlQdNVY13YxVl%2FA3CbwfTxkj5tpJLTf6rOpmUZQvq%2FlKJYlkpxfhOrhvmUAP6tA2FNePS%2BpwYm5bzTbXwRvT9ZzFetaIcZf; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=cb093c78acb4eca3fa4e43bbd37fbb4d; __Host-nc_sameSiteCookiestrict=true
2024-06-03 11:58:48 51 [network.HttpClient] --> END OPTIONS
2024-06-03 11:58:48 51 [network.HttpClient] <-- 204 https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ (9ms)
2024-06-03 11:58:48 51 [network.HttpClient] date: Mon, 03 Jun 2024 09:58:47 GMT
2024-06-03 11:58:48 51 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-origin: *
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-credentials: true
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT
2024-06-03 11:58:48 51 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-06-03 11:58:48 51 [network.HttpClient] access-control-max-age: 1728000
2024-06-03 11:58:48 51 [network.HttpClient] content-length: 0
2024-06-03 11:58:48 51 [network.HttpClient] <-- END HTTP (0-byte body)
2024-06-03 11:58:48 51 [servicedetection.DavResourceFinder] Principal https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ doesn't provide caldav service
2024-06-03 11:58:48 51 [network.HttpClient] --> PROPFIND https://nextcloud.example.com/.well-known/caldav h2
2024-06-03 11:58:48 51 [network.HttpClient] Depth: 0
2024-06-03 11:58:48 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 11:58:48 51 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2024-06-03 11:58:48 51 [network.HttpClient] Content-Length: 198
2024-06-03 11:58:48 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 11:58:48 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Encoding: gzip
2024-06-03 11:58:48 51 [network.HttpClient] Cookie: oc_sessionPassphrase=cKfAcm%2Ba3ssQJx7AIifKIsjLcOLkC6ElsSlQdNVY13YxVl%2FA3CbwfTxkj5tpJLTf6rOpmUZQvq%2FlKJYlkpxfhOrhvmUAP6tA2FNePS%2BpwYm5bzTbXwRvT9ZzFetaIcZf; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=cb093c78acb4eca3fa4e43bbd37fbb4d; __Host-nc_sameSiteCookiestrict=true
2024-06-03 11:58:48 51 [network.HttpClient]
2024-06-03 11:58:48 51 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind>
2024-06-03 11:58:48 51 [network.HttpClient] --> END PROPFIND (198-byte body)
2024-06-03 11:58:48 51 [network.HttpClient] <-- 301 https://nextcloud.example.com/.well-known/caldav (8ms)
2024-06-03 11:58:48 51 [network.HttpClient] date: Mon, 03 Jun 2024 09:58:47 GMT
2024-06-03 11:58:48 51 [network.HttpClient] content-type: text/html
2024-06-03 11:58:48 51 [network.HttpClient] content-length: 162
2024-06-03 11:58:48 51 [network.HttpClient] location: https://nextcloud.example.com/remote.php/dav
2024-06-03 11:58:48 51 [network.HttpClient]
2024-06-03 11:58:48 51 [network.HttpClient] <html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

2024-06-03 11:58:48 51 [network.HttpClient] <-- END HTTP (162-byte body)
2024-06-03 11:58:48 51 [at.bitfire.dav4jvm.DavResource] Redirected, new location = https://nextcloud.example.com/remote.php/dav
2024-06-03 11:58:48 51 [network.HttpClient] --> PROPFIND https://nextcloud.example.com/remote.php/dav h2
2024-06-03 11:58:48 51 [network.HttpClient] Depth: 0
2024-06-03 11:58:48 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 11:58:48 51 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2024-06-03 11:58:48 51 [network.HttpClient] Content-Length: 198
2024-06-03 11:58:48 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 11:58:48 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 11:58:48 51 [network.HttpClient] Accept-Encoding: gzip
2024-06-03 11:58:48 51 [network.HttpClient] Cookie: oc_sessionPassphrase=cKfAcm%2Ba3ssQJx7AIifKIsjLcOLkC6ElsSlQdNVY13YxVl%2FA3CbwfTxkj5tpJLTf6rOpmUZQvq%2FlKJYlkpxfhOrhvmUAP6tA2FNePS%2BpwYm5bzTbXwRvT9ZzFetaIcZf; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=cb093c78acb4eca3fa4e43bbd37fbb4d; __Host-nc_sameSiteCookiestrict=true
2024-06-03 11:58:48 51 [network.HttpClient]
2024-06-03 11:58:48 51 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind>
2024-06-03 11:58:48 51 [network.HttpClient] --> END PROPFIND (198-byte body)
2024-06-03 11:58:49 51 [network.HttpClient] <-- 207 https://nextcloud.example.com/remote.php/dav (78ms)
2024-06-03 11:58:49 51 [network.HttpClient] date: Mon, 03 Jun 2024 09:58:47 GMT
2024-06-03 11:58:49 51 [network.HttpClient] content-type: application/xml; charset=utf-8
2024-06-03 11:58:49 51 [network.HttpClient] expires: Thu, 19 Nov 1981 08:52:00 GMT
2024-06-03 11:58:49 51 [network.HttpClient] cache-control: no-store, no-cache, must-revalidate
2024-06-03 11:58:49 51 [network.HttpClient] pragma: no-cache
2024-06-03 11:58:49 51 [network.HttpClient] content-security-policy: default-src 'none';
2024-06-03 11:58:49 51 [network.HttpClient] vary: Brief,Prefer
2024-06-03 11:58:49 51 [network.HttpClient] dav: 1, 3, extended-mkcol, access-control, calendarserver-principal-property-search, nextcloud-checksum-update, nc-calendar-search, nc-enable-birthday-calendar
2024-06-03 11:58:49 51 [network.HttpClient] x-request-id: ICIKoLZYyObNxnoA7GUh
2024-06-03 11:58:49 51 [network.HttpClient] x-debug-token: ICIKoLZYyObNxnoA7GUh
2024-06-03 11:58:49 51 [network.HttpClient] content-encoding: gzip
2024-06-03 11:58:49 51 [network.HttpClient] referrer-policy: no-referrer
2024-06-03 11:58:49 51 [network.HttpClient] x-content-type-options: nosniff
2024-06-03 11:58:49 51 [network.HttpClient] x-download-options: noopen
2024-06-03 11:58:49 51 [network.HttpClient] x-frame-options: SAMEORIGIN
2024-06-03 11:58:49 51 [network.HttpClient] x-permitted-cross-domain-policies: none
2024-06-03 11:58:49 51 [network.HttpClient] x-robots-tag: noindex, nofollow
2024-06-03 11:58:49 51 [network.HttpClient] x-xss-protection: 1; mode=block
2024-06-03 11:58:49 51 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-origin: *
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-credentials: true
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-06-03 11:58:49 51 [network.HttpClient] access-control-max-age: 1728000
2024-06-03 11:58:49 51 [network.HttpClient]
2024-06-03 11:58:49 51 [network.HttpClient] <?xml version="1.0"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:oc="http://owncloud.org/ns" xmlns:nc="http://nextcloud.org/ns"><d:response><d:href>/remote.php/dav/</d:href><d:propstat><d:prop><d:current-user-principal><d:href>/remote.php/dav/principals/users/jessebot/</d:href></d:current-user-principal></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat></d:response></d:multistatus>

2024-06-03 11:58:49 51 [network.HttpClient] <-- END HTTP (419-byte, 231-gzipped-byte body)
2024-06-03 11:58:49 51 [servicedetection.DavResourceFinder] Found current-user-principal: https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/
2024-06-03 11:58:49 51 [network.HttpClient] --> OPTIONS https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ h2
2024-06-03 11:58:49 51 [network.HttpClient] Content-Length: 0
2024-06-03 11:58:49 51 [network.HttpClient] Accept-Encoding: identity
2024-06-03 11:58:49 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 11:58:49 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 11:58:49 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 11:58:49 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 11:58:49 51 [network.HttpClient] Cookie: oc_sessionPassphrase=cKfAcm%2Ba3ssQJx7AIifKIsjLcOLkC6ElsSlQdNVY13YxVl%2FA3CbwfTxkj5tpJLTf6rOpmUZQvq%2FlKJYlkpxfhOrhvmUAP6tA2FNePS%2BpwYm5bzTbXwRvT9ZzFetaIcZf; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=cb093c78acb4eca3fa4e43bbd37fbb4d; __Host-nc_sameSiteCookiestrict=true
2024-06-03 11:58:49 51 [network.HttpClient] --> END OPTIONS
2024-06-03 11:58:49 51 [network.HttpClient] <-- 204 https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ (14ms)
2024-06-03 11:58:49 51 [network.HttpClient] date: Mon, 03 Jun 2024 09:58:47 GMT
2024-06-03 11:58:49 51 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-origin: *
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-credentials: true
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-06-03 11:58:49 51 [network.HttpClient] access-control-max-age: 1728000
2024-06-03 11:58:49 51 [network.HttpClient] content-length: 0
2024-06-03 11:58:49 51 [network.HttpClient] <-- END HTTP (0-byte body)
2024-06-03 11:58:49 51 [servicedetection.DavResourceFinder] Principal https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ doesn't provide caldav service
2024-06-03 11:58:49 51 [servicedetection.DavResourceFinder] No principal found at user-given URL, trying to discover for domain nextcloud.example.com
2024-06-03 11:58:49 51 [servicedetection.DavResourceFinder] Looking up SRV records for _caldavs._tcp.nextcloud.example.com
2024-06-03 11:58:49 51 [servicedetection.DavResourceFinder] Didn't find caldav service, trying at https://nextcloud.example.com:443
2024-06-03 11:58:49 51 [servicedetection.DavResourceFinder] Trying to determine principal from initial context path=https://nextcloud.example.com/.well-known/caldav
2024-06-03 11:58:49 51 [network.HttpClient] --> PROPFIND https://nextcloud.example.com/.well-known/caldav h2
2024-06-03 11:58:49 51 [network.HttpClient] Depth: 0
2024-06-03 11:58:49 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 11:58:49 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 11:58:49 51 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2024-06-03 11:58:49 51 [network.HttpClient] Content-Length: 198
2024-06-03 11:58:49 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 11:58:49 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 11:58:49 51 [network.HttpClient] Accept-Encoding: gzip
2024-06-03 11:58:49 51 [network.HttpClient] Cookie: oc_sessionPassphrase=cKfAcm%2Ba3ssQJx7AIifKIsjLcOLkC6ElsSlQdNVY13YxVl%2FA3CbwfTxkj5tpJLTf6rOpmUZQvq%2FlKJYlkpxfhOrhvmUAP6tA2FNePS%2BpwYm5bzTbXwRvT9ZzFetaIcZf; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=cb093c78acb4eca3fa4e43bbd37fbb4d; __Host-nc_sameSiteCookiestrict=true
2024-06-03 11:58:49 51 [network.HttpClient]
2024-06-03 11:58:49 51 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind>
2024-06-03 11:58:49 51 [network.HttpClient] --> END PROPFIND (198-byte body)
2024-06-03 11:58:49 51 [network.HttpClient] <-- 301 https://nextcloud.example.com/.well-known/caldav (9ms)
2024-06-03 11:58:49 51 [network.HttpClient] date: Mon, 03 Jun 2024 09:58:47 GMT
2024-06-03 11:58:49 51 [network.HttpClient] content-type: text/html
2024-06-03 11:58:49 51 [network.HttpClient] content-length: 162
2024-06-03 11:58:49 51 [network.HttpClient] location: https://nextcloud.example.com/remote.php/dav
2024-06-03 11:58:49 51 [network.HttpClient]
2024-06-03 11:58:49 51 [network.HttpClient] <html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

2024-06-03 11:58:49 51 [network.HttpClient] <-- END HTTP (162-byte body)
2024-06-03 11:58:49 51 [at.bitfire.dav4jvm.DavResource] Redirected, new location = https://nextcloud.example.com/remote.php/dav
2024-06-03 11:58:49 51 [network.HttpClient] --> PROPFIND https://nextcloud.example.com/remote.php/dav h2
2024-06-03 11:58:49 51 [network.HttpClient] Depth: 0
2024-06-03 11:58:49 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 11:58:49 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 11:58:49 51 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2024-06-03 11:58:49 51 [network.HttpClient] Content-Length: 198
2024-06-03 11:58:49 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 11:58:49 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 11:58:49 51 [network.HttpClient] Accept-Encoding: gzip
2024-06-03 11:58:49 51 [network.HttpClient] Cookie: oc_sessionPassphrase=cKfAcm%2Ba3ssQJx7AIifKIsjLcOLkC6ElsSlQdNVY13YxVl%2FA3CbwfTxkj5tpJLTf6rOpmUZQvq%2FlKJYlkpxfhOrhvmUAP6tA2FNePS%2BpwYm5bzTbXwRvT9ZzFetaIcZf; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=cb093c78acb4eca3fa4e43bbd37fbb4d; __Host-nc_sameSiteCookiestrict=true
2024-06-03 11:58:49 51 [network.HttpClient]
2024-06-03 11:58:49 51 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind>
2024-06-03 11:58:49 51 [network.HttpClient] --> END PROPFIND (198-byte body)
2024-06-03 11:58:49 51 [network.HttpClient] <-- 207 https://nextcloud.example.com/remote.php/dav (89ms)
2024-06-03 11:58:49 51 [network.HttpClient] date: Mon, 03 Jun 2024 09:58:47 GMT
2024-06-03 11:58:49 51 [network.HttpClient] content-type: application/xml; charset=utf-8
2024-06-03 11:58:49 51 [network.HttpClient] expires: Thu, 19 Nov 1981 08:52:00 GMT
2024-06-03 11:58:49 51 [network.HttpClient] cache-control: no-store, no-cache, must-revalidate
2024-06-03 11:58:49 51 [network.HttpClient] pragma: no-cache
2024-06-03 11:58:49 51 [network.HttpClient] content-security-policy: default-src 'none';
2024-06-03 11:58:49 51 [network.HttpClient] vary: Brief,Prefer
2024-06-03 11:58:49 51 [network.HttpClient] dav: 1, 3, extended-mkcol, access-control, calendarserver-principal-property-search, nextcloud-checksum-update, nc-calendar-search, nc-enable-birthday-calendar
2024-06-03 11:58:49 51 [network.HttpClient] x-request-id: y6GgjK5pD4RWdtrkEQ6m
2024-06-03 11:58:49 51 [network.HttpClient] x-debug-token: y6GgjK5pD4RWdtrkEQ6m
2024-06-03 11:58:49 51 [network.HttpClient] content-encoding: gzip
2024-06-03 11:58:49 51 [network.HttpClient] referrer-policy: no-referrer
2024-06-03 11:58:49 51 [network.HttpClient] x-content-type-options: nosniff
2024-06-03 11:58:49 51 [network.HttpClient] x-download-options: noopen
2024-06-03 11:58:49 51 [network.HttpClient] x-frame-options: SAMEORIGIN
2024-06-03 11:58:49 51 [network.HttpClient] x-permitted-cross-domain-policies: none
2024-06-03 11:58:49 51 [network.HttpClient] x-robots-tag: noindex, nofollow
2024-06-03 11:58:49 51 [network.HttpClient] x-xss-protection: 1; mode=block
2024-06-03 11:58:49 51 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-origin: *
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-credentials: true
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-06-03 11:58:49 51 [network.HttpClient] access-control-max-age: 1728000
2024-06-03 11:58:49 51 [network.HttpClient]
2024-06-03 11:58:49 51 [network.HttpClient] <?xml version="1.0"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:oc="http://owncloud.org/ns" xmlns:nc="http://nextcloud.org/ns"><d:response><d:href>/remote.php/dav/</d:href><d:propstat><d:prop><d:current-user-principal><d:href>/remote.php/dav/principals/users/jessebot/</d:href></d:current-user-principal></d:prop><d:status>HTTP/1.1 200 OK</d:status></d:propstat></d:response></d:multistatus>

2024-06-03 11:58:49 51 [network.HttpClient] <-- END HTTP (419-byte, 231-gzipped-byte body)
2024-06-03 11:58:49 51 [servicedetection.DavResourceFinder] Found current-user-principal: https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/
2024-06-03 11:58:49 51 [network.HttpClient] --> OPTIONS https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ h2
2024-06-03 11:58:49 51 [network.HttpClient] Content-Length: 0
2024-06-03 11:58:49 51 [network.HttpClient] Accept-Encoding: identity
2024-06-03 11:58:49 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 11:58:49 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 11:58:49 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 11:58:49 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 11:58:49 51 [network.HttpClient] Cookie: oc_sessionPassphrase=cKfAcm%2Ba3ssQJx7AIifKIsjLcOLkC6ElsSlQdNVY13YxVl%2FA3CbwfTxkj5tpJLTf6rOpmUZQvq%2FlKJYlkpxfhOrhvmUAP6tA2FNePS%2BpwYm5bzTbXwRvT9ZzFetaIcZf; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=cb093c78acb4eca3fa4e43bbd37fbb4d; __Host-nc_sameSiteCookiestrict=true
2024-06-03 11:58:49 51 [network.HttpClient] --> END OPTIONS
2024-06-03 11:58:49 51 [network.HttpClient] <-- 204 https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ (9ms)
2024-06-03 11:58:49 51 [network.HttpClient] date: Mon, 03 Jun 2024 09:58:47 GMT
2024-06-03 11:58:49 51 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-origin: *
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-credentials: true
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-06-03 11:58:49 51 [network.HttpClient] access-control-max-age: 1728000
2024-06-03 11:58:49 51 [network.HttpClient] content-length: 0
2024-06-03 11:58:49 51 [network.HttpClient] <-- END HTTP (0-byte body)
2024-06-03 11:58:49 51 [servicedetection.DavResourceFinder] Principal https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ doesn't provide caldav service
2024-06-03 11:58:49 51 [servicedetection.DavResourceFinder] Trying to determine principal from initial context path=https://nextcloud.example.com/
2024-06-03 11:58:49 51 [network.HttpClient] --> PROPFIND https://nextcloud.example.com/ h2
2024-06-03 11:58:49 51 [network.HttpClient] Depth: 0
2024-06-03 11:58:49 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 11:58:49 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 11:58:49 51 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2024-06-03 11:58:49 51 [network.HttpClient] Content-Length: 198
2024-06-03 11:58:49 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 11:58:49 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 11:58:49 51 [network.HttpClient] Accept-Encoding: gzip
2024-06-03 11:58:49 51 [network.HttpClient] Cookie: oc_sessionPassphrase=cKfAcm%2Ba3ssQJx7AIifKIsjLcOLkC6ElsSlQdNVY13YxVl%2FA3CbwfTxkj5tpJLTf6rOpmUZQvq%2FlKJYlkpxfhOrhvmUAP6tA2FNePS%2BpwYm5bzTbXwRvT9ZzFetaIcZf; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=cb093c78acb4eca3fa4e43bbd37fbb4d; __Host-nc_sameSiteCookiestrict=true
2024-06-03 11:58:49 51 [network.HttpClient]
2024-06-03 11:58:49 51 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind>
2024-06-03 11:58:49 51 [network.HttpClient] --> END PROPFIND (198-byte body)
2024-06-03 11:58:49 51 [network.HttpClient] <-- 405 https://nextcloud.example.com/ (12ms)
2024-06-03 11:58:49 51 [network.HttpClient] date: Mon, 03 Jun 2024 09:58:47 GMT
2024-06-03 11:58:49 51 [network.HttpClient] content-type: text/html
2024-06-03 11:58:49 51 [network.HttpClient] content-length: 157
2024-06-03 11:58:49 51 [network.HttpClient] referrer-policy: no-referrer
2024-06-03 11:58:49 51 [network.HttpClient] x-content-type-options: nosniff
2024-06-03 11:58:49 51 [network.HttpClient] x-download-options: noopen
2024-06-03 11:58:49 51 [network.HttpClient] x-frame-options: SAMEORIGIN
2024-06-03 11:58:49 51 [network.HttpClient] x-permitted-cross-domain-policies: none
2024-06-03 11:58:49 51 [network.HttpClient] x-robots-tag: noindex, nofollow
2024-06-03 11:58:49 51 [network.HttpClient] x-xss-protection: 1; mode=block
2024-06-03 11:58:49 51 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-origin: *
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-credentials: true
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-06-03 11:58:49 51 [network.HttpClient] access-control-max-age: 1728000
2024-06-03 11:58:49 51 [network.HttpClient]
2024-06-03 11:58:49 51 [network.HttpClient] <html>
<head><title>405 Not Allowed</title></head>
<body>
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx/1.25.4</center>
</body>
</html>

2024-06-03 11:58:49 51 [network.HttpClient] <-- END HTTP (157-byte body)
2024-06-03 11:58:49 51 [servicedetection.DavResourceFinder] No resource found
EXCEPTION at.bitfire.dav4jvm.exception.HttpException: HTTP 405
        at at.bitfire.dav4jvm.DavResource.checkStatus(DavResource.kt:3)
        at at.bitfire.dav4jvm.DavResource.checkStatus(DavResource.kt:1)
        at at.bitfire.dav4jvm.DavResource.processMultiStatus(DavResource.kt:2)
        at at.bitfire.dav4jvm.DavResource.propfind(DavResource.kt:76)
        at at.bitfire.davdroid.servicedetection.DavResourceFinder.getCurrentUserPrincipal(DavResourceFinder.kt:37)
        at at.bitfire.davdroid.servicedetection.DavResourceFinder.discoverPrincipalUrl(DavResourceFinder.kt:301)
        at at.bitfire.davdroid.servicedetection.DavResourceFinder.findInitialConfiguration(DavResourceFinder.kt:29)
        at at.bitfire.davdroid.servicedetection.DavResourceFinder.findInitialConfiguration(DavResourceFinder.kt:4)
        at at.bitfire.davdroid.ui.setup.LoginModel$detectResources$job$1$configuration$1.invoke(LoginModel.kt:3)
        at at.bitfire.davdroid.ui.setup.LoginModel$detectResources$job$1$configuration$1.invoke(LoginModel.kt:1)
        at kotlinx.coroutines.InterruptibleKt$runInterruptible$2.invokeSuspend(Interruptible.kt:59)
        at kotlinx.coroutines.InterruptibleKt$runInterruptible$2.invoke(Interruptible.kt:13)
        at kotlinx.coroutines.intrinsics.UndispatchedKt.startUndispatchedOrReturn(Undispatched.kt:16)
        at kotlinx.coroutines.BuildersKt.withContext(Unknown Source:41)
        at kotlinx.coroutines.InterruptibleKt.runInterruptible$default(Interruptible.kt:9)
        at at.bitfire.davdroid.ui.setup.LoginModel$detectResources$job$1.invokeSuspend(LoginModel.kt:38)
        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:9)
        at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:111)
        at kotlinx.coroutines.internal.LimitedDispatcher$Worker.run(LimitedDispatcher.kt:4)
        at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:3)
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:98)

The most important parts of the log are:

2024-06-03 11:58:49 51 [network.HttpClient] <-- 405 https://nextcloud.example.com/ (12ms)
2024-06-03 11:58:49 51 [network.HttpClient] date: Mon, 03 Jun 2024 09:58:47 GMT
2024-06-03 11:58:49 51 [network.HttpClient] content-type: text/html
2024-06-03 11:58:49 51 [network.HttpClient] content-length: 157
2024-06-03 11:58:49 51 [network.HttpClient] referrer-policy: no-referrer
2024-06-03 11:58:49 51 [network.HttpClient] x-content-type-options: nosniff
2024-06-03 11:58:49 51 [network.HttpClient] x-download-options: noopen
2024-06-03 11:58:49 51 [network.HttpClient] x-frame-options: SAMEORIGIN
2024-06-03 11:58:49 51 [network.HttpClient] x-permitted-cross-domain-policies: none
2024-06-03 11:58:49 51 [network.HttpClient] x-robots-tag: noindex, nofollow
2024-06-03 11:58:49 51 [network.HttpClient] x-xss-protection: 1; mode=block
2024-06-03 11:58:49 51 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-origin: *
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-credentials: true
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT
2024-06-03 11:58:49 51 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-06-03 11:58:49 51 [network.HttpClient] access-control-max-age: 1728000
2024-06-03 11:58:49 51 [network.HttpClient]
2024-06-03 11:58:49 51 [network.HttpClient] <html>
<head><title>405 Not Allowed</title></head>
<body>
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx/1.25.4</center>
</body>
</html>

Nginx ingress pod logs (ignore the time, the timezone on this pod is just wrong 🤷 :

10.42.0.1 - jessebot [03/Jun/2024:09:57:08 +0000] "PROPFIND /remote.php/dav/files/jessebot/ HTTP/1.1" 207 1339 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.29.0" 2013 0.084 [nextcloud-nextcloud-web-app-8080] [] 10.42.0.45:80 1339 0.084 207 95d3af61bbfb1f135ff9927d72f446af
10.42.0.1 - jessebot [03/Jun/2024:09:57:08 +0000] "PROPFIND /remote.php/dav/files/jessebot/ HTTP/1.1" 207 1339 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.29.0" 2013 0.084 [nextcloud-nextcloud-web-app-8080] [] 10.42.0.45:80 1339 0.084 207 f7d6ab62a7d8f55e5cf8300556052089

here's the logs from the nginx container in the nextcloud pod (again, time is off, but you can see at 9:58-ish where I've cleared my local DAVx5 client and tried again):

kubectl logs -c nextcloud-nginx nextcloud-web-app | grep -i android | grep -i dav
10.42.0.61 - jessebot [03/Jun/2024:09:50:22 +0000] "HEAD /remote.php/dav/files/jessebot/ HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.29.0" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:09:50:23 +0000] "PROPFIND /remote.php/dav/files/jessebot/ HTTP/1.1" 207 1339 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.29.0" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:09:50:23 +0000] "PROPFIND /remote.php/dav/files/jessebot/ HTTP/1.1" 207 1339 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.29.0" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:09:50:23 +0000] "PROPFIND /remote.php/dav/files/jessebot/ HTTP/1.1" 207 9057 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.29.0" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:09:50:23 +0000] "PROPFIND /remote.php/dav/files/jessebot/ HTTP/1.1" 207 9057 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.29.0" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:09:57:08 +0000] "PROPFIND /remote.php/dav/files/jessebot/ HTTP/1.1" 207 1339 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.29.0" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:09:57:08 +0000] "PROPFIND /remote.php/dav/files/jessebot/ HTTP/1.1" 207 1339 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.29.0" "10.42.0.1"
10.42.0.61 - - [03/Jun/2024:09:57:43 +0000] "POST /index.php/login/v2 HTTP/1.1" 200 322 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"
10.42.0.61 - - [03/Jun/2024:09:58:46 +0000] "POST /login/v2/poll HTTP/1.1" 200 163 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:09:58:46 +0000] "PROPFIND /remote.php/dav HTTP/1.1" 207 342 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:09:58:47 +0000] "PROPFIND /remote.php/dav HTTP/1.1" 207 242 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:09:58:47 +0000] "PROPFIND /remote.php/dav HTTP/1.1" 207 242 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:09:58:47 +0000] "PROPFIND / HTTP/1.1" 405 157 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:09:58:47 +0000] "PROPFIND /remote.php/dav HTTP/1.1" 207 470 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:09:58:47 +0000] "PROPFIND /remote.php/dav HTTP/1.1" 207 242 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:09:58:47 +0000] "PROPFIND /remote.php/dav HTTP/1.1" 207 242 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:09:58:47 +0000] "PROPFIND / HTTP/1.1" 405 157 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"
10.42.0.61 - - [03/Jun/2024:10:02:28 +0000] "POST /index.php/login/v2 HTTP/1.1" 200 323 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"

with the most important log entry from the nginx container in the nextcloud pod being:

10.42.0.61 - jessebot [03/Jun/2024:09:58:47 +0000] "PROPFIND / HTTP/1.1" 405 157 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"

I also tried directly through the DAVx5 app using their nextcloud provider-specific login method and got the exact same error. Sorry, @Routhinator, but I am unable to get your config to work. It works fine if cors is disabled though. Also, regardless of your config or not, I still can't get the correct IP to show up in ingress-nginx logs or the nginx container of the nextcloud pod, or nextcloud for that matter, so script kiddies are still being insufferable and pounding my instance periodically, because I can't block their IPs :< I need to stick to an official nextcloud image, which is the only real difference I see that could be affecting this at all. If you've got further suggestions, I'd love to try them out.

jessebot added a commit to small-hack/argocd-apps that referenced this issue Jun 3, 2024
…in nextcloud with CORS enabled set to true
@jessebot
Copy link
Collaborator Author

jessebot commented Jun 3, 2024

oh wait, maybe I need to enable cors on the nginx container in the nextcloud pod side of things? I re-found this doc (can't remember who posted it, sorry!), but I will try to add a config for nginx in the container and see how that goes. Will update this comment after testing.

jessebot added a commit to small-hack/argocd-apps that referenced this issue Jun 3, 2024
@Routhinator
Copy link

Im using the official FPM image with the nextcloud recommended way to add extra packages, but nothing that modifies proxies.

I did have issues with real ips, but that was because i originally had my MetalLB configured for BGP peering with my Unifi Gateway. I switched to L2 advertisements and then the real ip showed as it was being routed directly to the LB ip via port forwarding.

@Routhinator
Copy link

Routhinator commented Jun 3, 2024

@jessebot im not seeing the proxy config in what you shared:

proxy.config.php: |- <?php $CONFIG = array ( 'trusted_proxies' => array( 0 => '127.0.0.1', 1 => '10.0.0.0/8', 2 => '192.168.0.1/32', ), 'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'), );

This whitelists traffic from the nginx container in the pod and ensures it uses the xforwarded for. Depending on the nextcloud request, the FPM container will see traffic as coming from the local nextcloud container (127.0.0.1) or the Ingress-nginx pods (10.0.0.0/8 for my cluster) or the Firewall if nat kicks in due to nat reflection (hence the 192.168.0.1/32)

Without this, its php FPM that will throw the 405 but it will look like it comes from Nginx.

@jessebot
Copy link
Collaborator Author

jessebot commented Jun 3, 2024

@Routhinator

I did have issues with real ips, but that was because i originally had my MetalLB configured for BGP peering with my Unifi Gateway. I switched to L2 advertisements and then the real ip showed as it was being routed directly to the LB ip via port forwarding.

Ok, I am also using L2 advertisements 🤔 That's at least something!

@jessebot im not seeing the proxy config in what you shared:

It was here:
https://github.com/small-hack/argocd-apps/blob/81c090379ae2d5084e2d323873e404113a5f23f2/nextcloud/app_of_apps/nextcloud_argocd_appset.yaml#L250-L258

I didn't have anything for 192.168.*.* though. I have added that now here (used /16 because this is a public config that others use via external software and I want it to work for them too):
https://github.com/small-hack/argocd-apps/blob/e6f5ea60e2fa204491243774056c473578d10731/nextcloud/app_of_apps/nextcloud_argocd_appset.yaml#L260-L269

However, after pushing that change out, I got the same error in nginx container in nextcloud pod:

10.42.0.61 - jessebot [03/Jun/2024:12:57:29 +0000] "PROPFIND / HTTP/1.1" 405 157 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"

And same error in DAVx5 logs as well:

DAVx5 logs
2024-06-03 14:57:31 51 [network.HttpClient] <-- END HTTP (419-byte, 231-gzipped-byte body)
2024-06-03 14:57:31 51 [servicedetection.DavResourceFinder] Found current-user-principal: https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/
2024-06-03 14:57:31 51 [network.HttpClient] --> OPTIONS https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ h2
2024-06-03 14:57:31 51 [network.HttpClient] Content-Length: 0
2024-06-03 14:57:31 51 [network.HttpClient] Accept-Encoding: identity
2024-06-03 14:57:31 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 14:57:31 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 14:57:31 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 14:57:31 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 14:57:31 51 [network.HttpClient] Cookie: oc_sessionPassphrase=paMRdHxTc8RIUPKGqdei0TUdCxW9Qo4ucbLK0uDbwdfmFMugPwmWMdLaR2vQpVq8RI%2Ba6hemkXn3uRqsbsZ75E5FmqdrqIE4e%2FQvDtc89BmWVg67vo3W8b151uXGM5h0; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=af929240655ce1cee160fe846f709b34; __Host-nc_sameSiteCookiestrict=true
2024-06-03 14:57:31 51 [network.HttpClient] --> END OPTIONS
2024-06-03 14:57:31 51 [network.HttpClient] <-- 204 https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ (7ms)
2024-06-03 14:57:31 51 [network.HttpClient] date: Mon, 03 Jun 2024 12:57:29 GMT
2024-06-03 14:57:31 51 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-06-03 14:57:31 51 [network.HttpClient] access-control-allow-origin: *
2024-06-03 14:57:31 51 [network.HttpClient] access-control-allow-credentials: true
2024-06-03 14:57:31 51 [network.HttpClient] access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT
2024-06-03 14:57:31 51 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-06-03 14:57:31 51 [network.HttpClient] access-control-max-age: 1728000
2024-06-03 14:57:31 51 [network.HttpClient] content-length: 0
2024-06-03 14:57:31 51 [network.HttpClient] <-- END HTTP (0-byte body)
2024-06-03 14:57:31 51 [servicedetection.DavResourceFinder] Principal https://nextcloud.example.com/remote.php/dav/principals/users/jessebot/ doesn't provide caldav service
2024-06-03 14:57:31 51 [servicedetection.DavResourceFinder] Trying to determine principal from initial context path=https://nextcloud.example.com/
2024-06-03 14:57:31 51 [network.HttpClient] --> PROPFIND https://nextcloud.example.com/ h2
2024-06-03 14:57:31 51 [network.HttpClient] Depth: 0
2024-06-03 14:57:31 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 14:57:31 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 14:57:31 51 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2024-06-03 14:57:31 51 [network.HttpClient] Content-Length: 198
2024-06-03 14:57:31 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 14:57:31 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 14:57:31 51 [network.HttpClient] Accept-Encoding: gzip
2024-06-03 14:57:31 51 [network.HttpClient] Cookie: oc_sessionPassphrase=paMRdHxTc8RIUPKGqdei0TUdCxW9Qo4ucbLK0uDbwdfmFMugPwmWMdLaR2vQpVq8RI%2Ba6hemkXn3uRqsbsZ75E5FmqdrqIE4e%2FQvDtc89BmWVg67vo3W8b151uXGM5h0; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=af929240655ce1cee160fe846f709b34; __Host-nc_sameSiteCookiestrict=true
2024-06-03 14:57:31 51 [network.HttpClient] 
2024-06-03 14:57:31 51 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind>
2024-06-03 14:57:31 51 [network.HttpClient] --> END PROPFIND (198-byte body)
2024-06-03 14:57:31 51 [network.HttpClient] <-- 405 https://nextcloud.example.com/ (11ms)
2024-06-03 14:57:31 51 [network.HttpClient] date: Mon, 03 Jun 2024 12:57:29 GMT
2024-06-03 14:57:31 51 [network.HttpClient] content-type: text/html
2024-06-03 14:57:31 51 [network.HttpClient] content-length: 157
2024-06-03 14:57:31 51 [network.HttpClient] referrer-policy: no-referrer
2024-06-03 14:57:31 51 [network.HttpClient] x-content-type-options: nosniff
2024-06-03 14:57:31 51 [network.HttpClient] x-download-options: noopen
2024-06-03 14:57:31 51 [network.HttpClient] x-frame-options: SAMEORIGIN
2024-06-03 14:57:31 51 [network.HttpClient] x-permitted-cross-domain-policies: none
2024-06-03 14:57:31 51 [network.HttpClient] x-robots-tag: noindex, nofollow
2024-06-03 14:57:31 51 [network.HttpClient] x-xss-protection: 1; mode=block
2024-06-03 14:57:31 51 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-06-03 14:57:31 51 [network.HttpClient] access-control-allow-origin: *
2024-06-03 14:57:31 51 [network.HttpClient] access-control-allow-credentials: true
2024-06-03 14:57:31 51 [network.HttpClient] access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT
2024-06-03 14:57:31 51 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-06-03 14:57:31 51 [network.HttpClient] access-control-max-age: 1728000
2024-06-03 14:57:31 51 [network.HttpClient] 
2024-06-03 14:57:31 51 [network.HttpClient] <html>
<head><title>405 Not Allowed</title></head>
<body>
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx/1.25.4</center>
</body>
</html>

2024-06-03 14:57:31 51 [network.HttpClient] <-- END HTTP (157-byte body)
2024-06-03 14:57:31 51 [servicedetection.DavResourceFinder] No resource found
EXCEPTION at.bitfire.dav4jvm.exception.HttpException: HTTP 405 
	at at.bitfire.dav4jvm.DavResource.checkStatus(DavResource.kt:3)
	at at.bitfire.dav4jvm.DavResource.checkStatus(DavResource.kt:1)
	at at.bitfire.dav4jvm.DavResource.processMultiStatus(DavResource.kt:2)
	at at.bitfire.dav4jvm.DavResource.propfind(DavResource.kt:76)
	at at.bitfire.davdroid.servicedetection.DavResourceFinder.getCurrentUserPrincipal(DavResourceFinder.kt:37)
	at at.bitfire.davdroid.servicedetection.DavResourceFinder.discoverPrincipalUrl(DavResourceFinder.kt:301)
	at at.bitfire.davdroid.servicedetection.DavResourceFinder.findInitialConfiguration(DavResourceFinder.kt:29)
	at at.bitfire.davdroid.servicedetection.DavResourceFinder.findInitialConfiguration(DavResourceFinder.kt:4)
	at at.bitfire.davdroid.ui.setup.LoginModel$detectResources$job$1$configuration$1.invoke(LoginModel.kt:3)
	at at.bitfire.davdroid.ui.setup.LoginModel$detectResources$job$1$configuration$1.invoke(LoginModel.kt:1)
	at kotlinx.coroutines.InterruptibleKt$runInterruptible$2.invokeSuspend(Interruptible.kt:59)
	at kotlinx.coroutines.InterruptibleKt$runInterruptible$2.invoke(Interruptible.kt:13)
	at kotlinx.coroutines.intrinsics.UndispatchedKt.startUndispatchedOrReturn(Undispatched.kt:16)
	at kotlinx.coroutines.BuildersKt.withContext(Unknown Source:41)
	at kotlinx.coroutines.InterruptibleKt.runInterruptible$default(Interruptible.kt:9)
	at at.bitfire.davdroid.ui.setup.LoginModel$detectResources$job$1.invokeSuspend(LoginModel.kt:38)
	at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:9)
	at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:111)
	at kotlinx.coroutines.internal.LimitedDispatcher$Worker.run(LimitedDispatcher.kt:4)
	at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:3)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:98)

Also, no real IPs are shown in any logs in the nginx container OR the ingress-nginx pod.

Have you recently tried to completely delete your DAVx5 account on your phone, clear the cache, clear the data, and try to set this up from scratch with nextcloud 29? 🤔

@tenhishadow
Copy link

tenhishadow commented Jun 3, 2024

@jessebot yes, CORS is not enabled on nextcloud nginx container level ( not ingress ). I have the same log and other posted in different issue
#562

it's 100000% not on ingress side, cause I am getting nginx version:

<body>
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx/1.25.5</center>
</body>
</html>

@jessebot
Copy link
Collaborator Author

jessebot commented Jun 3, 2024

@jessebot yes, CORS is not enabled on nextcloud nginx container level ( not ingress ). I have the same log and other posted in different issue

@tenhishadow This sentence is a little confusing. You're just confirming you have the same issue still, right? I tried a bit with playing with the nginx container config as well, but did not have any success. You can see all of those attempts here:
https://github.com/small-hack/argocd-apps/commits/routhinator-may-2-suggestion/

I haven't found anyway at all to make this work so far, except for turning off cors at the nginx ingress level.

You did bring up a good point that I hadn't been updating the nginx container though. I set nginx.image.pullPolicy to Always and that didn't fix the issue, but nginx is a new version now:

<html>
<head><title>405 Not Allowed</title></head>
<body>
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx/1.27.0</center>
</body>
</html>

always good to be up to date 🤷

full DAVx5 logs
2024-06-03 15:33:41 51 [network.HttpClient] --> PROPFIND https://nextcloud.example.com/ h2
2024-06-03 15:33:41 51 [network.HttpClient] Depth: 0
2024-06-03 15:33:41 51 [network.HttpClient] User-Agent: DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14
2024-06-03 15:33:41 51 [network.HttpClient] Accept-Language: en-NL, en;q=0.7, *;q=0.5
2024-06-03 15:33:41 51 [network.HttpClient] Content-Type: application/xml; charset=utf-8
2024-06-03 15:33:41 51 [network.HttpClient] Content-Length: 198
2024-06-03 15:33:41 51 [network.HttpClient] Host: nextcloud.example.com
2024-06-03 15:33:41 51 [network.HttpClient] Connection: Keep-Alive
2024-06-03 15:33:41 51 [network.HttpClient] Accept-Encoding: gzip
2024-06-03 15:33:41 51 [network.HttpClient] Cookie: oc_sessionPassphrase=w7%2BuiCA9wayS8ZbMDz5fQWFbDCKDpsUFncNPt6kVV6L2lx05Mv%2F0kQOTW7B8QKu01Wjyrk1LMaROQ2bahYXqfDx5uOIfcxHEClXhF%2FFjxCEiwcgj8XJyzLfrkewl4wll; __Host-nc_sameSiteCookielax=true; ocrkhwrly2jb=458279c2e6ef54fcb7d20200df74aecf; __Host-nc_sameSiteCookiestrict=true
2024-06-03 15:33:41 51 [network.HttpClient] 
2024-06-03 15:33:41 51 [network.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:params:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><current-user-principal /></prop></propfind>
2024-06-03 15:33:41 51 [network.HttpClient] --> END PROPFIND (198-byte body)
2024-06-03 15:33:41 51 [network.HttpClient] <-- 405 https://nextcloud.example.com/ (22ms)
2024-06-03 15:33:41 51 [network.HttpClient] date: Mon, 03 Jun 2024 13:33:39 GMT
2024-06-03 15:33:41 51 [network.HttpClient] content-type: text/html
2024-06-03 15:33:41 51 [network.HttpClient] content-length: 157
2024-06-03 15:33:41 51 [network.HttpClient] referrer-policy: no-referrer
2024-06-03 15:33:41 51 [network.HttpClient] x-content-type-options: nosniff
2024-06-03 15:33:41 51 [network.HttpClient] x-download-options: noopen
2024-06-03 15:33:41 51 [network.HttpClient] x-frame-options: SAMEORIGIN
2024-06-03 15:33:41 51 [network.HttpClient] x-permitted-cross-domain-policies: none
2024-06-03 15:33:41 51 [network.HttpClient] x-robots-tag: noindex, nofollow
2024-06-03 15:33:41 51 [network.HttpClient] x-xss-protection: 1; mode=block
2024-06-03 15:33:41 51 [network.HttpClient] strict-transport-security: max-age=31536000; includeSubDomains
2024-06-03 15:33:41 51 [network.HttpClient] access-control-allow-origin: *
2024-06-03 15:33:41 51 [network.HttpClient] access-control-allow-credentials: true
2024-06-03 15:33:41 51 [network.HttpClient] access-control-allow-methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, MKCOL, REPORT
2024-06-03 15:33:41 51 [network.HttpClient] access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For
2024-06-03 15:33:41 51 [network.HttpClient] access-control-max-age: 1728000
2024-06-03 15:33:41 51 [network.HttpClient] 
2024-06-03 15:33:41 51 [network.HttpClient] <html>
<head><title>405 Not Allowed</title></head>
<body>
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx/1.27.0</center>
</body>
</html>

2024-06-03 15:33:41 51 [network.HttpClient] <-- END HTTP (157-byte body)
2024-06-03 15:33:41 51 [servicedetection.DavResourceFinder] No resource found
EXCEPTION at.bitfire.dav4jvm.exception.HttpException: HTTP 405 
	at at.bitfire.dav4jvm.DavResource.checkStatus(DavResource.kt:3)
	at at.bitfire.dav4jvm.DavResource.checkStatus(DavResource.kt:1)
	at at.bitfire.dav4jvm.DavResource.processMultiStatus(DavResource.kt:2)
	at at.bitfire.dav4jvm.DavResource.propfind(DavResource.kt:76)
	at at.bitfire.davdroid.servicedetection.DavResourceFinder.getCurrentUserPrincipal(DavResourceFinder.kt:37)
	at at.bitfire.davdroid.servicedetection.DavResourceFinder.discoverPrincipalUrl(DavResourceFinder.kt:301)
	at at.bitfire.davdroid.servicedetection.DavResourceFinder.findInitialConfiguration(DavResourceFinder.kt:29)
	at at.bitfire.davdroid.servicedetection.DavResourceFinder.findInitialConfiguration(DavResourceFinder.kt:4)
	at at.bitfire.davdroid.ui.setup.LoginModel$detectResources$job$1$configuration$1.invoke(LoginModel.kt:3)
	at at.bitfire.davdroid.ui.setup.LoginModel$detectResources$job$1$configuration$1.invoke(LoginModel.kt:1)
	at kotlinx.coroutines.InterruptibleKt$runInterruptible$2.invokeSuspend(Interruptible.kt:59)
	at kotlinx.coroutines.InterruptibleKt$runInterruptible$2.invoke(Interruptible.kt:13)
	at kotlinx.coroutines.intrinsics.UndispatchedKt.startUndispatchedOrReturn(Undispatched.kt:16)
	at kotlinx.coroutines.BuildersKt.withContext(Unknown Source:41)
	at kotlinx.coroutines.InterruptibleKt.runInterruptible$default(Interruptible.kt:9)
	at at.bitfire.davdroid.ui.setup.LoginModel$detectResources$job$1.invokeSuspend(LoginModel.kt:38)
	at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:9)
	at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:111)
	at kotlinx.coroutines.internal.LimitedDispatcher$Worker.run(LimitedDispatcher.kt:4)
	at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:3)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:98)

Log from nextcloud container in nextcloud pod:

127.0.0.1 - jessebot 03/Jun/2024:13:33:07 +0000 "PROPFIND /remote.php" 207
127.0.0.1 -  03/Jun/2024:13:33:30 +0000 "POST /index.php" 200
127.0.0.1 -  03/Jun/2024:13:33:30 +0000 "GET /index.php" 200
127.0.0.1 -  03/Jun/2024:13:33:30 +0000 "GET /index.php" 200
127.0.0.1 -  03/Jun/2024:13:33:30 +0000 "GET /index.php" 200
127.0.0.1 -  03/Jun/2024:13:33:31 +0000 "GET /index.php" 200
127.0.0.1 -  03/Jun/2024:13:33:31 +0000 "GET /index.php" 200
127.0.0.1 -  03/Jun/2024:13:33:37 +0000 "POST /index.php" 200
127.0.0.1 - jessebot 03/Jun/2024:13:33:37 +0000 "GET /ocs/v2.php" 200
127.0.0.1 - jessebot 03/Jun/2024:13:33:37 +0000 "GET /ocs/v2.php" 304
127.0.0.1 - jessebot 03/Jun/2024:13:33:37 +0000 "PROPFIND /remote.php" 207
127.0.0.1 - jessebot 03/Jun/2024:13:33:37 +0000 "PROPFIND /remote.php" 207
127.0.0.1 - jessebot 03/Jun/2024:13:33:38 +0000 "PROPFIND /remote.php" 207
127.0.0.1 - jessebot 03/Jun/2024:13:33:38 +0000 "PROPFIND /remote.php" 207
127.0.0.1 - jessebot 03/Jun/2024:13:33:38 +0000 "PROPFIND /remote.php" 207
127.0.0.1 - jessebot 03/Jun/2024:13:33:38 +0000 "PROPFIND /remote.php" 207
127.0.0.1 - jessebot 03/Jun/2024:13:33:39 +0000 "PROPFIND /remote.php" 207
127.0.0.1 - jessebot 03/Jun/2024:13:34:07 +0000 "PROPFIND /remote.php" 207

Log from nginx container in nextcloud pod:

10.42.0.61 - - [03/Jun/2024:13:33:30 +0000] "POST /login/v2/apptoken HTTP/1.1" 200 6013 "-" "Mozilla/5.0 (Android 14; Mobile; rv:126.0) Gecko/126.0 Firefox/126.0" "10.42.0.1"
10.42.0.61 - - [03/Jun/2024:13:33:37 +0000] "POST /login/v2/poll HTTP/1.1" 200 128 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:13:33:38 +0000] "PROPFIND /remote.php/dav HTTP/1.1" 207 342 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:13:33:38 +0000] "PROPFIND /remote.php/dav HTTP/1.1" 207 242 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:13:33:38 +0000] "PROPFIND /remote.php/dav HTTP/1.1" 207 242 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:13:33:38 +0000] "PROPFIND / HTTP/1.1" 405 157 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:13:33:38 +0000] "PROPFIND /remote.php/dav HTTP/1.1" 207 470 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:13:33:39 +0000] "PROPFIND /remote.php/dav HTTP/1.1" 207 242 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:13:33:39 +0000] "PROPFIND /remote.php/dav HTTP/1.1" 207 242 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"
10.42.0.61 - jessebot [03/Jun/2024:13:33:39 +0000] "PROPFIND / HTTP/1.1" 405 157 "-" "DAVx5/4.3.16.1-ose (2024/04/20; dav4jvm; okhttp/4.12.0) Android/14" "10.42.0.1"

@Routhinator
Copy link

Ive been overloaded with personal life things lately, however I will take a re-review of all settings and update from 28>29 sometime this week and get back to this thread.

FWIW i have this working on 3 android devices, and thunderbird on windows and Linux across three PCs. So Im confident this is working for all devices and not a cached thing. I've also recently reconfigured some devices.

I did a lot with my nextcloud to add extra apps and features so ill try and square off some resources for a test install.

@jessebot
Copy link
Collaborator Author

jessebot commented Jun 3, 2024

Ive been overloaded with personal life things lately

I hope everything is ok and you get some time back!

FWIW i have this working on 3 android devices, and thunderbird on windows and Linux across three PCs. So Im confident this is working for all devices and not a cached thing. I've also recently reconfigured some devices.

I have now spent months on this. (this issue is almost a year old) I've never seen it work with cors on. I've tested every fix in this thread with detailed write ups of everything I've tried and links to all the exact yaml I've used, but it's not lookin' great for cors right now. :( I hope your confidence prevails. I'd love to be proven wrong, like honestly, no sarcasm, I actually want to see this working. 🙏

@pschichtel
Copy link

What I don't understand: Where does it come from that anyone actually wants to enable CORS in the ingress?

Assuming for a second that it doesn't cause issues: Which feature doesn't currently work in nextcloud when CORS is not being handled by a reverse proxy? I know that nextcloud's PHP infrastructure offers ready-made functionality to generate appropriate CORS headers for those endpoints that actually need it. So if some app requires CORS for its functionality (I'd prefer they wouldn't), but doesn't actually send the headers itself, then that should be a bug report in that particular app. The reverse proxy does not have the knowledge which endpoints actually need CORS handling, only the application as the knowledge, so why not let the application handle this?

As I mentioned earlier, the options where initially put to fix "source IP preservation", but CORS doesn't help with that (my setup disables CORS and has no issues with source IPs). Someone could assume malintent in this commit as it is a change that weakens defenses done as part of something harmless. This alone should be reason enough to disable CORS here, especially nobody knows what it is needed for, and remove the documentation that recommends it.

@jessebot
Copy link
Collaborator Author

jessebot commented Jun 3, 2024

What I don't understand: Where does it come from that anyone actually wants to enable CORS in the ingress?

There's a lot of issues about cors here (I think it's just supposed to be a thing you do if you're an app developer as per docs). Again, I can't find the original screenshot that suggested enabling cors in an ancient version of nextcloud, but it used to suggest it in the admin panel. You'll have to trust me, or install every version of nextcloud to prove me wrong haha (Don't do that. I'd rather you just think I'm wrong than know you installed 29 versions of Nextcloud. You still have so much more to live for.)

As I mentioned earlier, the options where initially put to fix "source IP preservation", but CORS doesn't help with that (my setup disables CORS and has no issues with source IPs).

I actually just wanted to have cors on and have source IPs, but I have neither. The source IP for me doesn't work without CORS either btw. You're right though, CORS doesn't actually affect source IPs though. I was just hopeful it did, because I'm young and still bright eyed. The source IP thing should be its own discussion or issue though, because here is not the place. This is the place of caldav, for all of eternity.

For me personally, I like the idea of having CORS on and then specifically allowing just the apps I want to use, and the other servers I want to federate with. Nextcloud has been a hobby project for me for a few years now, but it's never felt truly secure, because I couldn't close off all the gaps. I was hoping CORS would be one more thing I could enable to feel a little safer, but it's not lookin' good. Eventually I want to federate with some friends, and I want to limit that federation in part via CORS.

@Routhinator
Copy link

@pschichtel CORS enforcement not being enabled means that someone can setup a webpage that claims to be your nextcloud, and proxy the auth request to your nextcloud instance. By doing this they can intercept or capture the auth credentials for any user on your instance and then gain access to your instance.

If your instance is only used by IT experts that can detect every possible phishing link in existence and you never have to worry about your users getting hacked by phishing sites attempting to gain access to your instance, Great! No need to turn on CORS enforcement.

If any of the above is untrue, then not enabling CORS means needing to worry about a lot of other problems with safeguarding your instance and its data.

To be clear, you are not "enabling CORS" with this setup. CORS is always supported, but without headers turned on it is implicitly allowed and not explicitly allowed.

@provokateurin
Copy link
Member

without headers turned on it is implicitly allowed

what do you mean? if you have no cors headers set the browsers will simply not allow anything and not let everything through like your message suggests

@Routhinator
Copy link

Browsers are not involved in the connection between the server and a faked server in the attack i described. The browser will think its not doing CORS because its talking to https://spoofeddomain.com for all of its requests, and the server behind https://spoofeddomain.com is making calls to https://youractualdomain.com without your browser being aware of them, and without CORS enforcement configured on the NGINX side, your Nextcloud setup will see this as fine and allow it.

@pschichtel
Copy link

@pschichtel CORS enforcement not being enabled means that someone can setup a webpage that claims to be your nextcloud, and proxy the auth request to your nextcloud instance.

@Routhinator What are you talking about? this has nothing to do with CORS... at all. Please read up on CORS, because you are fundamentally misunderstanding it or confusing it with something else. CORS enforcements happens in the browser (or more generally in client applications performing requests on behave of a 3rd party). CORS means nothing to clients that won't enforce it. So me running curl https://my-nextcloud will not care about CORS, nor will your spoofeddomain.com example's server when doing the request. However the client application of your spoofeddomain.com example will not able to drive the login-requests from the browser against youractualdomain.com unless that server enables CORS access (as in: responds to OPTIONS pre-flight requests as done by the ingress option being discussed).

CORS might prevent that specific access and that is part of why it exists, but most phishing attacks you seem to be concerned with will use a backend that performs the proxying, just for keeping the logic secret. There is little you can do against such phishing attacks aside from user education and to some degree delegated authentication. Even if your nextcloud instance somehow magically detected the request from spoofeddomain.com and blocked it, the damage is already done: The users credentials have been leaked to the attacker.

Browsers are not involved in the connection between the server and a faked server in the attack i described.

Yes, but neither is CORS

The browser will think its not doing CORS

No the browser will not "think its not doing CORS", it will actually really not do CORS at all, because the CO (Cross-Origin) part or CORS doesn't apply.

to get back on topic:

@jessebot

There's a lot of issues about cors here

honestly I don't see actual CORS issues there except for @provokateurin's refactoring proposal

I think it's just supposed to be a thing you do if you're an app developer as per docs

yes, application developers have to decide whether Cross-Origin requests are something their sites/endpoints need to support. It's a developer concern, not an operations concern for the most part. There is certain applications that just willy-nilly accept any cross origin requests that really shouldn't and in those cases it would be fine for operations ("someone that manages ingress resources") to restrict the OPTIONS requests.

Again, I can't find the original screenshot that suggested enabling cors in an ancient version of nextcloud, but it used to suggest it in the admin panel. You'll have to trust me, or install every version of nextcloud to prove me wrong haha (Don't do that. I'd rather you just think I'm wrong than know you installed 29 versions of Nextcloud. You still have so much more to live for.)

I've no doubt that there was a point, at which certain apps in nextcloud needed CORS but no built-in mechanisms existed in nextcloud to properly handle CORS requests. That's exactly why this nginx feature exists: Legacy applications that need to be exposed cross-origin, but can't themselves handle CORS requests. I think nextcloud is no such application anymore. Even for such legacy applications, having this generic solution in nginx just seems wrong.

I actually just wanted to have cors on and have source IPs, but I have neither. The source IP for me doesn't work without CORS either btw. You're right though, CORS doesn't actually affect source IPs though. I was just hopeful it did, because I'm young and still bright eyed. The source IP thing should be its own discussion or issue though, because here is not the place.

Yes CORS and source IPs are completely unrelated. I needed only a few tweaks to the helm defaults to get proper source IPs through to my nextcloud. If you'd start that source IP discussion somewhere I'd be happy to share my configuration there! Just tag me.

For me personally, I like the idea of having CORS on and then specifically allowing just the apps I want to use, and the other servers I want to federate with. Nextcloud has been a hobby project for me for a few years now, but it's never felt truly secure, because I couldn't close off all the gaps. I was hoping CORS would be one more thing I could enable to feel a little safer, but it's not lookin' good. Eventually I want to federate with some friends, and I want to limit that federation in part via CORS.

I haven't really looked into federation of nextcloud instances, but I assume CORS wouldn't be involved there either, as the peer interactions are probably server-side.

tl;dr: Drop the CORS options from the documentation, they don't make sense for what they where added and they don't make sense for modern nextcloud in general.

@jessebot
Copy link
Collaborator Author

jessebot commented Jun 4, 2024

What are you talking about? this has nothing to do with CORS... at all. Please read up on CORS, because you are fundamentally misunderstanding it or confusing it with something else.

This can be frustrating topic, but like it takes a village to build an open source product, even the helm chart. Be kind to your village. Also, as someone who frequently has to get audited for security cert purposes, CORS comes up a lot.

I think a good compromise would be to submit a PR to remove the bit about CORS helping with preserving the source IP from the docs, and then if @Routhinator can find a way to make CORS settings work with caldav/carddav (and I can test and validate it), we can add a separate docs section about CORS, unrelated to the source IP. The source IP is still an interesting topic, and I'd still like to include some info on how to do it, but as mentioned several times, it's got nothing to do with CORS.

Allowing people to have CORS enabled and find a workable solution for it being on, is still a fine thing to do.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Ingress Anything to do with ingress or ingress controllers
Projects
None yet
Development

Successfully merging a pull request may close this issue.

10 participants