Setup check for "/.well-known/{caldav,carddav}" not satisfiable on multiple instances per subdomain

[robert-scheck]

Steps to reproduce

If you have multiple Nextcloud 14.0.3 installations on a single subdomain, e.g. https://example.net/nextcloud-abc and https://example.net/nextcloud-xyz, both will yell in the "Security & setup warnings" under https://example.net/nextcloud-{abc,xyz}/settings/admin/overview like this:

Security & setup warnings

It's important for the security and performance of your instance that everything is configured correctly. To help you with that we are doing some automatic checks. Please see the linked documentation for more information.

(!) There are some warnings regarding your setup.

• Your web server is not properly set up to resolve "/.well-known/caldav". Further information can be found in the documentation.
• Your web server is not properly set up to resolve "/.well-known/carddav". Further information can be found in the documentation.

Please double check the installation guides ↗, and check for any errors or warnings in the log.

Check the security of your Nextcloud over our security scan ↗.

Given it's two installations on a single subdomain in a subdirectory in this scenario, the well-known path can not be assigned to both.

Expected behaviour

There should be a documented configuration option to simply disable this check (because Nextcloud can't technically know if it is the only Nextcloud installation on a subdomain, especially if both of the Nextcloud installations are in containers and if there's a reverse proxy in front of).

Actual behaviour

Nextcloud's "Security & setup warnings" section yells about a non-proper setup.

Server configuration

Most of the requested information does not matter or is not applicable, except:

Nextcloud version: 14.0.3

Nextcloud configuration: Does not matter, else see above.

[nextcloud-bot]

GitMate.io thinks possibly related issues are #8766 (Caldav ), #11789 (/.well-known/caldav and /.well-known/carddav not resolved on port <> 80), #11733 (Fix a misleading setup check for .well-known/caldav & carddav), #11773 (Setup check for .well-known/caldav & carddav broken on Firefox), and #11738 ([stable14] Fix a misleading setup check for .well-known/caldav & carddav).

[kesselb]

Here are some background information #11787 (comment)

[robert-scheck]

Yes, but the design of this "feature" is still incomplete, because it does not cover the scenario of having multiple Nextcloud installations on one subdomain while not getting any security and setup warnings in each of them. And if there is already any detection inside of Nextcloud whether Nextcloud was installed in the root of a (sub)domain or in a subdirectory, the check is currently still broken, because it doesn't work behind a reverse proxy at the moment.

[MorrisJobke]

There should be a documented configuration option to simply disable this check (because Nextcloud can't technically know if it is the only Nextcloud installation on a subdomain, especially if both of the Nextcloud installations are in containers and if there's a reverse proxy in front of).

I would argue that then still the warning is valid, because this particular feature is not working. The admin decided to accept this, but the warning is still valid. We also aim to not introduce options to disable warning just for the reasons of hiding it. That would be plain wrong as the admin can forget about this setting and still thinks everything is fine. It would just make things harder.

If you really want to remove this, then patch it out.

Yes, but the design of this "feature" is still incomplete, because it does not cover the scenario of having multiple Nextcloud installations on one subdomain while not getting any security and setup warnings in each of them. And if there is already any detection inside of Nextcloud whether Nextcloud was installed in the root of a (sub)domain or in a subdirectory, the check is currently still broken, because it doesn't work behind a reverse proxy at the moment.

That is a different ticket and should be handled separately.

Have also a look at the linked ticket of @danielkesselberg.

I would close this ticket here as a won't fix due to the reasons mentioned above: we try to make possible issues easily identifiable and not hide then those setup warnings.