[BUG] Your web server is not properly set up to resolve .well-known URLs, failed on: /.well-known/webfinger #518
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
I get the error in Security & setup warnings: Your web server is not properly set up to resolve .well-known URLs, failed on: /.well-known/webfinger
Expected Behavior
To not see the error.
Steps To Reproduce
setup traefik/npm to proxy the requests with https
configure overwrite.cli.url with https://your-domain
configure overwriteprotocol with https
configure overwritehost with your-domain
curl -i https://your-domain/.well-known/webfinger
HTTP/2 301
access-control-allow-headers: authorization,content-type
access-control-allow-methods: GET,OPTIONS,PUT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000
content-type: text/html
date: Mon, 25 Aug 2025 16:38:25 GMT
location: http://your-domain/index.php/.well-known/webfinger <--- it is http
referrer-policy: no-referrer
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block
content-length: 162
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
The problem is that the nginx config redirects to http location: http://your-domain/index.php/.well-known/webfinger.
What I did to fix the issue, i added https in nginx, don't know if this is the best solution.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 https://$http_host/remote.php/dav/; }
location = /.well-known/caldav { return 301 https://$http_host/remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 https://$http_host/index.php$request_uri;
}
The result, no errors.
curl -i https://your-domain/.well-known/webfinger
HTTP/2 301
access-control-allow-headers: authorization,content-type
access-control-allow-methods: GET,OPTIONS,PUT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000
content-type: text/html
date: Mon, 25 Aug 2025 16:43:16 GMT
location: https://your-domain/index.php/.well-known/webfinger <--- it is https
referrer-policy: no-referrer
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block
content-length: 162
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
Environment
- OS: debian 12CPU architecture
arm64