Document well-known urls. Was: Problem with El Capitan (OSX 10.11) and Baikal CardDAV #401
20 participants
OSX 10.11 tries always to read /.well-known/carddav and stops syncing if this path does not exist.
So just add an redirect to your apache/lighttpd or ngnix configuration.
For apache, add:
Redirect /.well-known/carddav https://your-server-name/card.php
to the VirtualHost of your carddav server.
Thanks! Solved by adding
Redirect /.well-known/carddav /card.php
to .htaccess
Thanks !
i solved too the issue with this redirect in my htaccess.
Redirect /.well-known/carddav /card.php
what is strange is that it worked perfectly with only these lines in Yosemite :
IfModule mod_rewrite.c
RewriteEngine on
RewriteRule /.well-known/carddav /card.php [R,L]
RewriteRule /.well-known/caldav /cal.php [R,L]
/IfModule
Hello,
If you're using lighttpd, you should add this to your conf:
$HTTP["host"] =~ "^dav.dirserver.dev$" {
url.redirect += (
"^/.well-known/carddav(.*)" => "/card.php$1",
"^/.well-known/caldav(.*)" => "/cal.php$1"
)
}
I have a Synology NAS (DSM 5.2-5592 Update 4) with a Baikal server (0.2.7-002).
Yosemite "Calendar" and "Contacts" work fine.
After upgrading to El Capitan, it is impossible to synchronise these two apps.
I read this thread and I have modified the Baikal directory .htaccess file.
But it did not change anything!
Here are the contents of the .htaccess file (in the root directory of Baikal):
When I try to create a new account, I get the following error:
"Unable to verify the name or password for the account."
I create this account with:
Manual account
and the following string for server address:
"NAS_IP/baikal/cal.php/principals/User_Name/"
Could you help me?
Thanks in advance.
your redirect is maybe wrong. Try this:
Redirect /.well-known/carddav /baikal/card.php
Redirect /.well-known/caldav /baikal/cal.php
Maybe this helps.
I forgot to attach it in my previous message, here are the contents of the .htaccess file (in the root directory of Baikal):
# Disabling cache management
# that could cause problems with DAV requests
# Useful only for Apache servers, with AllowOverride All
# (ie, .htaccess files enabled)
# Allow HTTP headers with Apache/FastCGI
# See http://code.google.com/p/sabredav/wiki/Authentication#Apache_+_(Fast)CGI
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>
<IfModule mod_expires.c>
ExpiresActive Off
</IfModule>
Redirect /.well-known/carddav /baikal/card.php
Redirect /.well-known/caldav /baikal/cal.php
Redirects look right?
Where is my mistake?
it looks ok. Please check your apache access log files, maybe is there any information. Maybe the connection information you entered in the accounts dialog of OSX are wrong?
Hey MD94, I just used your example file to fix my Synology (DSM 5.2-5592 Update 4) with a Baikal server (0.2.7-002) and it works. I think that you are not placing your .htaccess file in the right place. In your case, it would be,
/yourVolumeName/web/.htaccess
That is the root directory, NOT /yourVolumeName/web/baikal/.htaccess. I also made sure that the user and group was http on my .htaccess file. Here is the command to change user and group in case you don't know it:
chown http:http .htaccess
That should fix it.
Thanks tuxtlequino, I moved the .htaccess file to the web directory and everything works fine now.
when i using apache, what i have to change? just the rewrite rule in the config file too ? ah the second post from ugh make my day ;)
I've set up this redirect but I can't figure out how to create the account (under Contacts or System Preferences).
I know the redirect works because if I go to https://box.local:8217/.well-known/carddav in Safari, I can see it redirect to https://box.local:8217/card.php.
For the account, I try Advanced; I fill in my user name and password; for Server Address I use "box.local"; I leave Server Path blank (defaulting to "/principals/user/") and for Port "8217", as you see above. Doesn't work.
Am I misunderstanding how this should work?
Hello,
so i try this for working sync between my synology (DSM 4.2) nas and Apple Contacts with MacOsX 10.11, but unfortunately, still doesn't work.
step 1
installing baikal (0.2.7) on Synology Nas.
web/baikal/
step 2
on Synology Nas.
web/.htaccess
in .htaccess file :
# Disabling cache management# that could cause problems with DAV requests# Useful only for Apache servers, with AllowOverride All# (ie, .htaccess files enabled)# Allow HTTP headers with Apache/FastCGI# See http://code.google.com/p/sabredav/wiki/Authentication#Apache_+_(Fast)CGIRewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]ExpiresActive OffRedirect /.well-known/carddav /baikal/card.php Redirect /.well-known/caldav /baikal/cal.php
step 3 :
In Apple Contacts.
Add Account
Account type : Advanced
Username : registered user name in Baikal admin dashboard
Password : registered password in Baikal admin dashboard
Server Address : subdomainnamelinkedtothenas (without http:// or https:// before)
Server Path : i tried multiple pathes :
- /baikal/card.php
- (blank)
- /baikal/
- /baikal/card.php/addressbooks/user/default/
SSL : [ ] unchecked
Port : (blank)
Nothing works.
Does anyone tell me where i'm wrong ?
Based on a comment elseweb, I think that the "Advanced" account option is entirely broken in OSX 10.11.0. Hope for a fix in 10.11.1.
"Advanced" didn't work for me either, but "Manual" did (with the .well-known redirect)
Hello Lars,
Could you tell me what kind of URL you put in 'server address' field ifor adding account ?
Something like :
https://nasIPaddress:port/baikal/card.php ?
HowTo make CalDAV/CardDAV work with Mac El Capitan 10.11.1 (for apache2 under Ubuntu 14.04):
If in the configuration file
/etc/apache2/apache2.conffor the HTTP root directory, e.g.:
<Directory /var/www/>
there is the directive AllowOverride None, .htaccess will not work at all.
see: https://httpd.apache.org/docs/2.2/howto/htaccess.htmlFor a redirect better write in file
apache2.conffor the HTTP root directory:
Redirect 301 /.well-known/carddav /baikal/card.php
Restart the apache2 server with$ sudo service apache2 restart
See also https://httpd.apache.org/docs/2.2/mod/mod_alias.html#redirectIn Mac OS X setup the Internet-Account for CardDAV in manual mode:
server address:https://<domain name>/baikal/card.php/principals/<user>/
e.g. local server:192.168.178.72/baikal/card.php/principals/reuterru/CalDAV works in 10.11.1 as usual with advanced mode setup.
I'm afraid I can't make CardDAV work even under 10.11.1. My baikal setup uses a custom port, so i have to use the Advanced option. This still does not work.
(Manual has no "server path" option; it has "server address", which does not work.)
As I try, I keep getting crash reports: accountsd throws exceptions and dies.
(CalDAV continues to work fine.)
@erkyrath
How about appending the custom port number to the domain name with a colon?
I've tried this since El Cap was released and 10.11.1 update on a baikal 0.2.7 flat package with FreeBSD FAMP or Ubuntu LAMP.
The 2 main points to get it working with El Cap is that...
SSL with Baikal and El Cap is Broken
just use HTTP :(
You must have the
Redirect /.well-known/carddav /baikal/card.php
Redirect /.well-known/caldav /baikal/cal.php
in your .htaccess via the mod_rewrite module or apache httpd config
I wish Apple would disable these options in the accounts section of OS X if they're so terribly broken. It's clear they only made sure the proprietary players worked with this release.
I'm running baikal on a non-default port. I saw this 405 error as well. I tried playing around with Redirect and RewriteRule. What solved it for me was adding the complete URL on the right hand side of the RewriteRule, including the port. Then I don't even need the Redirect.
I.e.:
RewriteRule /.well-known/carddav https://myserver:12345/card.php [R,L]
RewriteRule /.well-known/caldav https://myserver:12345/cal.php [R,L]
Perhaps El Capitan changed in that it doesn't use the same port by default when being redirected?
Hm, that sounds good but I won't have a chance to try it until next week. Thanks.
That sounds excellent. It'd be nice to ssl again. I'm gonna try this after coffee tomorrow. Will give an update.
Nope, still can't make it work. Sorry.
I now have a redirect from http://box.local/.well-known/carddav to https://box.local:12345/card.php. This redirect works in a browser. (Note to self: gotta turn on mod_rewrite, bozo.)
However, I still can't set up a carddav account. When I try to set up the "Manual" option, the console error implies that it's trying to access https://zarf@box.local:8843/principals/ , which is clearly wrong. "Advanced" continues to just crash.
For those of you who have gotten it to work, how did you fill in the account fields, and what (full) URL are you redirecting from?
@erkyrath After the http server redirect, I was able to get it working under OS X with (for CardDav)
- Manual Configuration
- Username: your-user
- Password: *****
- Server Address: http://dav.server.com:80
Yes, on the Server Address I just used protocol + domain + port. No need to add /principals/ or whatever else here. Since you've the .well-known direct in place OS X will be able to guess the rest.
To clarify my setup:
Clients:
OS X El Capitan 10.11.1 Calendars + Contacts
iOS 9.1 Calendars + Contacts
Server:
apache-2.4.10, baikal-0.2.7
apache config (httpd.conf):
...
Listen 0.0.0.0:7777
...
<VirtualHost _default_:7777>
DocumentRoot /usr/pkg/share/baikal/html
ServerName baikal.example.com
RewriteEngine On
#Redirect /.well-known/carddav https://baikal.example.com:7777/card.php
RewriteRule /.well-known/carddav https://baikal.example.com:7777/card.php [R,L]
RewriteRule /.well-known/caldav https://baikal.example.com:7777/cal.php [R,L]
<Directory "/usr/pkg/share/baikal/html">
Options None
Options +FollowSymlinks
AllowOverride All
</Directory>
SSLEngine on
# and then some more SSL and log settings; certificate provided by CACert
...
</VirtualHost>
Set up on client (OS X, but iOS pretty the same):
System Preferences -> Internet Accounts -> "Add Other Account..." -> CardDAV (or CalDAV) account
Account Type: Manual
User Name (my username as configured in baikal)
Password (as configured in baikal)
Server Address: baikal.example.com:7777
That's it.
@0-wiz-0 -- okay! With that setup, I have successfully made contact with the server and it wants to authenticate.
Now Keychain Access is freezing up but that's a separate problem. :) Thank you all for your help.
EDIT-ADD: Did you know that KeyChain Access is incompatible with MagicPrefs? You do now!
Hello,
I have the same problem on mac with my Synology but I have the feeling the .htaccess file is not working as it should...
# Disabling cache management
# that could cause problems with DAV requests
# Useful only for Apache servers, with AllowOverride All
# (ie, .htaccess files enabled)
# Allow HTTP headers with Apache/FastCGI
# See http://code.google.com/p/sabredav/wiki/Authentication#Apache_+_(Fast)CGI
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>
<IfModule mod_expires.c>
ExpiresActive Off
</IfModule>
Redirect /.well-known/carddav /baikal/card.php
Redirect /.well-known/caldav /baikal/cal.php
Path: /volume1/web
Manual Configuration
Username: your-user
Password: *****
Server Address:
"domain/baikal/cal.php/principals/User_Name/default/"
or
"domain/baikal/cal.php/principals/User_Name/"
Any ideas? Can I check if the .htaccess file is working or not?
You can visit https://SERVER/.well-known/carddav in a browser and see if it redirects.
After trying all the ideas from here, I still can't sync baikal with OS X.
Console messages:
accountsd[305]: [com.apple.calendar.accounts.authentication] [Auto-discovery for (null) failed with error Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x7f91da7e2a80 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=http://jerome@dav.example.com:8080/dav/principals/, NSErrorFailingURLKey=http://jerome@dav.example.com:8080/dav/principals/, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=http://jerome@dav.example.com:8080/dav/principals/, NSErrorFailingURLKey=http://jerome@dav.example.com:8080/dav/principals/, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}.]
accountsd[305]: [com.apple.calendar.accounts.authentication] [Calling completion block with account error Error Domain=com.apple.accounts Code=10001 "(null)" UserInfo={NSUnderlyingError=0x7f91db4224c0 {Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x7f91da7e2a80 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=http://jerome@dav.example.com:8080/dav/principals/, NSErrorFailingURLKey=http://jerome@dav.example.com:8080/dav/principals/, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=http://jerome@dav.example.com:8080/dav/principals/, NSErrorFailingURLKey=http://jerome@dav.example.com:8080/dav/principals/, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}}, Hostname=dav.example.com}.]
Nginx access logs:
IP [XX/XXX/2016:XX:XX:XX +XXXX] "PROPFIND /.well-known/caldav HTTP/1.1" 301 178 "-" "Mac+OS+X/10.11.2 (15C50) accountsd/113"
IP [XX/XXX/2016:XX:XX:XX +XXXX] "PROPFIND / HTTP/1.1" 301 178 "-" "Mac+OS+X/10.11.2 (15C50) accountsd/113"
IP [XX/XXX/2016:XX:XX:XX +XXXX] "PROPFIND /caldav/v2 HTTP/1.1" 301 178 "-" "Mac+OS+X/10.11.2 (15C50) accountsd/113"
IP [XX/XXX/2016:XX:XX:XX +XXXX] "PROPFIND /principals/users/jerome/ HTTP/1.1" 301 178 "-" "Mac+OS+X/10.11.2 (15C50) accountsd/113"
IP [XX/XXX/2016:XX:XX:XX +XXXX] "PROPFIND /principals/ HTTP/1.1" 301 178 "-" "Mac+OS+X/10.11.2 (15C50) accountsd/113"
IP [XX/XXX/2016:XX:XX:XX +XXXX] "PROPFIND /dav/principals/ HTTP/1.1" 301 178 "-" "Mac+OS+X/10.11.2 (15C50) accountsd/113"
Any ideas or input would be appreciated.
It's trying to reach the URL http://jerome@dav.example.com:8080/dav/principals/, which is almost certainly wrong. You don't want the username@ in the URL. I remember getting that error, but I can't remember what bad combination of configuration options caused it.
No idea why OS X is doing that.
If I try setting it up using the "Advanced" account type it's throwing the "Unable to verify name or password" even faster with no errors or messajes in the Console and nginx gets this in the log:
IP - - [XX/XXX/2016:XX:XX:XX +XXXX] "PROPFIND /cal.php/principals/jerome HTTP/1.1" 400 264 "-" "Mac+OS+X/10.11.2 (15C50) CalendarAgent/361.1"
Hallo, I had the same problems. Webinterface of Baikal works fine, but unable to connect to calendar from Mac os X 10.11.2.
now caldav works!!!! I am so happy!
Baikal is running on a raspberry pi with nginx and ssl, Baikal installed in /var/www/baikal
here my config located in /etc/nginx/sites-available:
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/baikal.crt; # path to your cacert.pem
ssl_certificate_key /etc/nginx/ssl/baikal.key; # path to your privkey.pem
root /var/www/;
index index.html index.htm index.php;
server_name 192.168.178.31;
location / {
try_files $uri $uri/ /index.html;
}
location ~ ^(.+\.php)(.*) {
try_files $fastcgi_script_name =404;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_index index.php;
include fastcgi_params;
}
rewrite ^/.well-known/caldav /baikal/cal.php redirect;
rewrite ^/.well-known/carddav /baikal/card.php redirect;
charset utf-8;
location ~ /(\.ht|Core|Specific) {
deny all;
return 404;
}
}
I connected from Mac os x with the following settings:
System setting-> internet accounts ->add new account -> other -> caldav account
account-type: manual
username: username
password: password
serveradress: 192.168.178.31
no additional https or ports or folders...
and then it works.
When i look in the settings in calendar there is written in the tab "accounts":
tab server settings:
server adress: 192.168.178.31
server path: /baikal/cal.php/principals/Peter/ (this adress I tried before it runs???)
port: automatic (in grey)
use ssl: activated
kerberos: not activated.
I hope this helps other people.
Regards
Peter
Nope, still nothing for me. Same errors as above.
The only difference I can think of is that my server is not on the same network and has a domain. But this doesn't stop my phone or vdirsyncer from syncing with it.
@Vlaaaaaaad this error line:
IP - - [XX/XXX/2016:XX:XX:XX +XXXX] "PROPFIND /cal.php/principals/jerome HTTP/1.1" 400 264 "-" "Mac+OS+X/10.11.2 (15C50) CalendarAgent/361.1"
tells me something else might be going on. The "400" indicates Bad Request, but I'm not sure what could cause that. Would you be able to trace the HTTP requests/responses with wireshark or Charles HTTP proxy? It would be interesting to see what was in the HTTP response...
I am a stupid stupid man.
Trying to capture the traffic for @evert using Wireshark was a bit harder because I was using SSL. I disabled SSL and lo and behold, everything worked. Both calendars and contacts.
I started to debug the SSL options in nginx and turns out that a include was badly formatted and ignored. Fixed that and now everything works.
Didn't even think that it could've been because of SSL. The question would now be how come it worked on all other machines, but that's for another time.
Thanks for all your help and apologies for the noise!
No problem, I'm glad you figured it out.
There's quite a few different people with different issues here. I hope it's all resolved for everyone, but if anyone still has issues please comment here to give me a heads-up. happy to help.
The rewrite rule did the trick for me. Would be nice to add that to the installation guide, would have saved me a few hours.
evert
changed the title from Problem with El Capitan (OSX 10.11) and Baikal CardDAV to Document well-known urls. Was: Problem with El Capitan (OSX 10.11) and Baikal CardDAV 
Hi all!
I am experiencing the same problems, yet I can “force” single contact card to update:
- Update any contact on the CardDAV server.
- Click on that contact card in OS X contacts.
- Edit that contact.
- The contacts app will then reload all contacts (and revert the change you just made).
It really seems to be a non-solved OS X error.
That doesn't sound like the same problem. I never saw Contacts reload, and I don't see how it could have since it was trying to use an invalid URL.
After upgrading to El Capitan, my address book has stopped working with the following error:
I've tried re-adding the address book but I'm getting the same error. I'm not sure if this is a bug with El Capitan but I thought I'd start an issue here in case anyone else has the same problem.
I haven't found a fix yet.