Help needed: owncloud 9.1.3 creates redirects without index.php (after upgrade from 8.1) on nginx+subdir

[aheusingfeld]

Steps to reproduce

0. upgrade Ubuntu 14.04LTS to 16.04LTS
1. Reinstall owncloud (see https://github.com/aheusingfeld/aheusingfeld.github.io/blob/develop/posts/2016-12-22-owncloud-updates-between-multiple-major-versions.adoc)
2. adjust nginx config according to https://doc.owncloud.org/server/9.0/admin_manual/installation/nginx_examples.html (NOTE: I’m running owncloud behind nginx with a subdir/ contextroot other than /owncloud! The root folder is still at /var/www/owncloud)
3. Fix broken config in subdir config sample from https://doc.owncloud.org/server/9.0/admin_manual/installation/nginx_examples.html#owncloud-in-a-subdir-of-nginx which doesn't work for JS and CSS files due to query_param and forgotten prefix

Expected behaviour

A request to /cloud/index.php/login should show the login page.

Actual behaviour

A request to /cloud/index.php/login returns a HTTP302 with Location: https://myserver/cloud/login which is then answered with HTTP404. Same behavior for other locations e.g. oc.js. /cloud/status.php works fine.

Server configuration

Operating system: Ubuntu 16.04.3

Web server: nginx/1.10.0

Database: MySQL5 (client driver mysqlnd 5.0.12)

PHP version: 7.0.8-0ubuntu0.16.04.3

ownCloud version: 9.1.3

Where did you install ownCloud from: see link to blog post

Signing status (ownCloud 9.0 and above): Sorry, I have no idea what that is

Login as admin user into your ownCloud and access 
http://example.com/cloud/index.php/settings/integrity/failed 
paste the results here.

This is answered with Location: https://myserver/cloud/login

List of activated apps:

Enabled:
  - activity: 2.3.2
  - comments: 0.3.0
  - dav: 0.2.7
  - external: 1.2
  - federatedfilesharing: 0.3.0
  - federation: 0.1.0
  - files: 1.5.1
  - files_external: 0.6.0
  - files_pdfviewer: 0.8.1
  - files_sharing: 0.10.0
  - files_texteditor: 2.1
  - files_trashbin: 0.9.0
  - files_videoplayer: 0.9.8
  - firstrunwizard: 1.1
  - gallery: 15.0.0
  - notifications: 0.3.0
  - provisioning_api: 0.5.0
  - systemtags: 0.3.0
  - templateeditor: 0.1
  - updatenotification: 0.2.1
Disabled:
  - calendar
  - contacts
  - documents
  - encryption
  - files_antivirus
  - files_embeddedvideo
  - files_versions
  - music
  - news
  - notes
  - tasks
  - user_external
  - user_ldap

The content of config/config.php:

{
    "system": {
        "instanceid": "oc639adcd88f",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "mydomain.com",
            "localhost",
            "192.168.242.11"
        ],
        "datadirectory": "\/mnt\/oc-data\/data",
        "version": "9.1.3.1",
        "dbtype": "mysql",
        "dbhost": "localhost",
        "dbname": "owncloud",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "dbtableprefix": "oc_",
        "installed": true,
        "default_language": "de",
        "knowledgebaseenabled": true,
        "enable_avatars": true,
        "mail_domain": "mydomain.com",
        "mail_from_address": "owncloud",
        "mail_smtpdebug": false,
        "mail_smtpmode": "smtp",
        "mail_smtphost": "otherdomain.com",
        "mail_smtpport": 25,
        "mail_smtptimeout": 10,
        "mail_smtpsecure": "tls",
        "mail_smtpauth": true,
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "overwritehost": "mydomain.com",
        "overwritewebroot": "\/cloud",
        "htaccess.RewriteBase": "\/cloud",
        "overwrite.cli.url": "https:\/\/mydomain.com\/cloud",
        "updatechecker": false,
        "check_for_working_webdav": true,
        "check_for_working_wellknown_setup": true,
        "check_for_working_htaccess": true,
        "config_is_read_only": false,
        "log_type": "owncloud",
        "logfile": "\/var\/log\/owncloud.log",
        "loglevel": 1,
        "syslog_tag": "ownCloud",
        "logdateformat": "F d, Y H:i:s",
        "logtimezone": "Europe\/Berlin",
        "log_query": false,
        "cron_log": false,
        "log_rotate_size": 104857600,
        "enable_previews": true,
        "preview_max_x": 2048,
        "preview_max_y": 2048,
        "maintenance": false,
        "singleuser": false,
        "hashingCost": 10,
        "blacklisted_files": [
            ".htaccess"
        ],
        "share_folder": "\/",
        "theme": "",
        "filesystem_check_changes": 0,
        "secret": "***REMOVED SENSITIVE VALUE***",
        "debug": true,
        "data-fingerprint": ""
    }
}

Are you using external storage, if yes which one: no

Are you using encryption: no

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: Firefox 51, Safari 10.0.2

Operating system: macOS 10.12.2

Logs

Web server error log

excerpt of /var/log/nginx/access.log

client:1xx.1xx.xx.134 - - [2016-12-22T22:59:18+01:00] millis:1482443958.766 0.102 "POST /cloud/index.php/heartbeat HTTP/1.1" HTTP302 size:5 "referrer:-" "UA:Mozilla/5.0 (Macintosh; Intel M
ac OS X 10.12; rv:51.0) Gecko/20100101 Firefox/51.0" "gzip:-"
client:1xx.1xx.xx.134 - - [2016-12-22T22:59:18+01:00] millis:1482443958.813 0.040 "GET /cloud/login HTTP/1.1" HTTP404 size:1581 "referrer:-" "UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10.1
2; rv:51.0) Gecko/20100101 Firefox/51.0" "gzip:4.29"
client:1xx.1xx.xx.134 - - [2016-12-22T23:03:59+01:00] millis:1482444239.411 0.090 "GET /cloud/index.php/login HTTP/1.1" HTTP302 size:5 "referrer:-" "UA:Mozilla/5.0 (Macintosh; Intel Mac OS
 X 10.12; rv:51.0) Gecko/20100101 Firefox/51.0" "gzip:-"
client:1xx.1xx.xx.134 - - [2016-12-22T23:03:59+01:00] millis:1482444239.472 0.047 "GET /cloud/login HTTP/1.1" HTTP404 size:1584 "referrer:-" "UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10.1
2; rv:51.0) Gecko/20100101 Firefox/51.0" "gzip:4.28"
client:1xx.1xx.xx.134 - - [2016-12-22T23:03:59+01:00] millis:1482444239.579 0.000 "GET /cloud/core/css/styles.css?v=0d5e94d3bdd136b070416c8a9ab9af65 HTTP/1.1" HTTP200 size:21989 "referrer:
-" "UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:51.0) Gecko/20100101 Firefox/51.0" "gzip:-"
client:1xx.1xx.xx.134 - - [2016-12-22T23:03:59+01:00] millis:1482444239.586 0.000 "GET /cloud/core/css/inputs.css?v=0d5e94d3bdd136b070416c8a9ab9af65 HTTP/1.1" HTTP200 size:8973 "referrer:-
" "UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:51.0) Gecko/20100101 Firefox/51.0" "gzip:-"
(...)
client:1xx.1xx.xx.134 - - [2016-12-22T23:03:59+01:00] millis:1482444239.659 0.000 "GET /cloud/core/css/tooltip.css?v=0d5e94d3bdd136b070416c8a9ab9af65 HTTP/1.1" HTTP200 size:2359 "referrer:
-" "UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:51.0) Gecko/20100101 Firefox/51.0" "gzip:-"
client:1xx.1xx.xx.134 - - [2016-12-22T23:03:59+01:00] millis:1482444239.664 0.000 "GET /cloud/core/css/jquery.ocdialog.css?v=0d5e94d3bdd136b070416c8a9ab9af65 HTTP/1.1" HTTP200 size:1137 "r
eferrer:-" "UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:51.0) Gecko/20100101 Firefox/51.0" "gzip:-"
client:1xx.1xx.xx.134 - - [2016-12-22T23:03:59+01:00] millis:1482444239.734 0.066 "GET /cloud/core/js/oc.js?v=0d5e94d3bdd136b070416c8a9ab9af65 HTTP/1.1" HTTP302 size:5 "referrer:-" "UA:Moz
illa/5.0 (Macintosh; Intel Mac OS X 10.12; rv:51.0) Gecko/20100101 Firefox/51.0" "gzip:-"
(...)
client:1xx.1xx.xx.134 - - [2016-12-22T23:07:08+01:00] millis:1482444428.812 0.115 "POST /cloud/index.php/heartbeat HTTP/1.1" HTTP302 size:5 "referrer:-" "UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/602.3.12 (KHTML, like Gecko) Version/10.0.2 Safari/602.3.12" "gzip:-"
client:1xx.1xx.xx.134 - - [2016-12-22T23:07:08+01:00] millis:1482444428.869 0.054 "GET /cloud/login HTTP/1.1" HTTP404 size:1586 "referrer:-" "UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/602.3.12 (KHTML, like Gecko) Version/10.0.2 Safari/602.3.12" "gzip:4.28"
client:1xx.1xx.xx.134 - - [2016-12-22T23:07:54+01:00] millis:1482444474.810 0.287 "OPTIONS /cloud/remote.php/caldav/principals/user1/ HTTP/1.1" HTTP401 size:367 "referrer:-" "UA:iOS/10.0.2 (14A456) dataaccessd/1.0" "gzip:-"
client:1xx.1xx.xx.134 - user1 [2016-12-22T23:07:58+01:00] millis:1482444478.834 4.006 "OPTIONS /cloud/remote.php/caldav/principals/user1/ HTTP/1.1" HTTP500 size:351 "referrer:-" "UA:iOS/10.0.2 (14A456) dataaccessd/1.0" "gzip:-"
client:1xx.1xx.xx.134 - user1 [2016-12-22T23:07:59+01:00] millis:1482444479.436 0.412 "PROPFIND /cloud/remote.php/caldav/principals/user1/ HTTP/1.1" HTTP500 size:351 "referrer:-" "UA:iOS/10.0.2 (14A456) dataaccessd/1.0" "gzip:-"
client:1xx.1xx.xx.134 - user2 [2016-12-22T23:08:18+01:00] millis:1482444498.781 0.073 "GET /cloud/status.php HTTP/1.1" HTTP200 size:106 "referrer:-" "UA:Mozilla/5.0 (Macintosh) mirall/2.2.4 (build 3709)" "gzip:-"
client:1xx.1xx.xx.134 - user2 [2016-12-22T23:08:18+01:00] millis:1482444498.923 0.033 "GET /cloud/status.php HTTP/1.1" HTTP200 size:106 "referrer:-" "UA:Mozilla/5.0 (Macintosh) mirall/2.2.4 (build 3709)" "gzip:-"
client:1xx.1xx.xx.134 - user2 [2016-12-22T23:08:19+01:00] millis:1482444499.549 0.623 "PROPFIND /cloud/remote.php/webdav/ HTTP/1.1" HTTP500 size:285 "referrer:-" "UA:Mozilla/5.0 (Macintosh) mirall/2.2.4 (build 3709)" "gzip:-"
client:1xx.1xx.xx.134 - user2 [2016-12-22T23:08:50+01:00] millis:1482444530.307 0.059 "GET /cloud/status.php HTTP/1.1" HTTP200 size:106 "referrer:-" "UA:Mozilla/5.0 (Macintosh) mirall/2.2.4 (build 3709)" "gzip:-"
client:1xx.1xx.xx.134 - user2 [2016-12-22T23:08:50+01:00] millis:1482444530.703 0.393 "PROPFIND /cloud/remote.php/webdav/ HTTP/1.1" HTTP500 size:285 "referrer:-" "UA:Mozilla/5.0 (Macintosh) mirall/2.2.4 (build 3709)" "gzip:-"

ALL entries from /var/log/nginx/error.log in the same timespan

2016/12/22 23:03:59 [error] 15700#15700: *332 open() "/var/www/owncloud/cloud/login" failed (2: No such file or directory), client: 176.199.28.134, server: localhost, request: "GET /cloud/login HTTP/1.1", host: "mydomain.com"
2016/12/22 23:04:00 [error] 15700#15700: *339 open() "/var/www/owncloud/cloud/login" failed (2: No such file or directory), client: 176.199.28.134, server: localhost, request: "GET /cloud/login HTTP/1.1", host: "mydomain.com"
2016/12/22 23:07:08 [error] 15700#15700: *343 open() "/var/www/owncloud/cloud/login" failed (2: No such file or directory), client: 176.199.28.134, server: localhost, request: "GET /cloud/login HTTP/1.1", host: "mydomain.com"

ALL entries from /var/log/owncloud.log in the same timeframe

{"reqId":"SB\/GkShDip2wfcuMooHm","remoteAddr":"","app":"no app in context","message":"Invalidating tokens older than 2016-12-21T22:05:02+00:00","level":1,"time":"December 22, 2016 23:05:02","method":"--","url":"\/cloud\/cron.php","user":"--"}
{"reqId":"1x41aVQSi5Sfi3q+MjVx","remoteAddr":"1xx.1xx.xx.134","app":"caldav","message":"Exception: {\"Message\":\"Requested uri (\\\/cloud\\\/remote.phpote.php\\\/caldav\\\/principals\\\/nessa\\\/) is out of base uri (\\\/cloud\\\/remote.php\\\/caldav\\\/)\",\"Exception\":\"LogicException\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAVACL\\\/Plugin.php(728): Sabre\\\\HTTP\\\\Request->getPath()\\n#1 [internal function]: Sabre\\\\DAVACL\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#2 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#3 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(446): Sabre\\\\Event\\\\EventEmitter->emit('beforeMethod', Array)\\n#4 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(248): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#5 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/caldav.php(83): Sabre\\\\DAV\\\\Server->exec()\\n#6 \\\/var\\\/www\\\/owncloud\\\/remote.php(164): require_once('\\\/var\\\/www\\\/ownclo...')\\n#7 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/http\\\/lib\\\/Request.php\",\"Line\":214,\"User\":\"nessa\"}","level":4,"time":"December 22, 2016 23:07:58","method":"OPTIONS","url":"\/cloud\/remote.phpote.php\/caldav\/principals\/nessa\/","user":"nessa"}
{"reqId":"tCqgVFFHprc6AEze2tbF","remoteAddr":"1xx.1xx.xx.134","app":"caldav","message":"Exception: {\"Message\":\"Requested uri (\\\/cloud\\\/remote.phpote.php\\\/caldav\\\/principals\\\/nessa\\\/) is out of base uri (\\\/cloud\\\/remote.php\\\/caldav\\\/)\",\"Exception\":\"LogicException\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAVACL\\\/Plugin.php(728): Sabre\\\\HTTP\\\\Request->getPath()\\n#1 [internal function]: Sabre\\\\DAVACL\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#2 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#3 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(446): Sabre\\\\Event\\\\EventEmitter->emit('beforeMethod', Array)\\n#4 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(248): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#5 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/caldav.php(83): Sabre\\\\DAV\\\\Server->exec()\\n#6 \\\/var\\\/www\\\/owncloud\\\/remote.php(164): require_once('\\\/var\\\/www\\\/ownclo...')\\n#7 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/http\\\/lib\\\/Request.php\",\"Line\":214,\"User\":\"nessa\"}","level":4,"time":"December 22, 2016 23:07:59","method":"PROPFIND","url":"\/cloud\/remote.phpote.php\/caldav\/principals\/nessa\/","user":"nessa"}
{"reqId":"V4W5FGS2EMvzJ8bjbj2P","remoteAddr":"1xx.1xx.xx.134","app":"webdav","message":"Exception: {\"Message\":\"Requested uri (\\\/cloud\\\/remote.phpote.php\\\/webdav\\\/) is out of base uri (\\\/cloud\\\/remote.php\\\/webdav\\\/)\",\"Exception\":\"LogicException\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(1225): Sabre\\\\HTTP\\\\Request->getPath()\\n#1 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(454): Sabre\\\\DAV\\\\Server->checkPreconditions(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#2 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(248): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#3 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/webdav.php(56): Sabre\\\\DAV\\\\Server->exec()\\n#4 \\\/var\\\/www\\\/owncloud\\\/remote.php(164): require_once('\\\/var\\\/www\\\/ownclo...')\\n#5 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/http\\\/lib\\\/Request.php\",\"Line\":214,\"User\":\"user2\"}","level":4,"time":"December 22, 2016 23:08:19","method":"PROPFIND","url":"\/cloud\/remote.phpote.php\/webdav\/","user":"user2"}
{"reqId":"5+rzOXJAQsKd25myoM\/5","remoteAddr":"1xx.1xx.xx.134","app":"webdav","message":"Exception: {\"Message\":\"Requested uri (\\\/cloud\\\/remote.phpote.php\\\/webdav\\\/) is out of base uri (\\\/cloud\\\/remote.php\\\/webdav\\\/)\",\"Exception\":\"LogicException\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(1225): Sabre\\\\HTTP\\\\Request->getPath()\\n#1 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(454): Sabre\\\\DAV\\\\Server->checkPreconditions(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#2 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(248): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#3 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/webdav.php(56): Sabre\\\\DAV\\\\Server->exec()\\n#4 \\\/var\\\/www\\\/owncloud\\\/remote.php(164): require_once('\\\/var\\\/www\\\/ownclo...')\\n#5 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/http\\\/lib\\\/Request.php\",\"Line\":214,\"User\":\"user2\"}","level":4,"time":"December 22, 2016 23:08:50","method":"PROPFIND","url":"\/cloud\/remote.phpote.php\/webdav\/","user":"user2"}

QUESTION: Is it possible to get rid of the triple-escaping backslashes in the log?

nginx config

upstream php-handler {
  #server 127.0.0.1:9000;
  server unix:/run/php/php7.0-fpm.sock;
}


server {
    listen 443;
    #listen [::]:443 default_server ipv6only=on;
    server_name localhost mydomain.com;

    ssl on;
    ssl_certificate /etc/ssl/startssl-2016.pem;
    ssl_certificate_key /etc/ssl/startssl.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "-ALL:EECDH+AES256:EDH+AES256:AES256-SHA:EECDH+AES:EDH+AES:!ADH:!NULL:!aNULL:!eNULL:!EXPORT:!LOW:!MD5:!3DES:!PSK:!SRP:!DSS:!AESGCM:!RC4";
    ssl_dhparam /etc/nginx/dh4096.pem;
    ssl_prefer_server_ciphers on;
    keepalive_timeout    70;
    #ssl_session_timeout 1d;
    #ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;


    # Add headers to serve security related headers
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    root /var/www/ssl/;

    error_log /var/log/nginx/ssl_error.log error;
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /.well-known/carddav {
        return 301 https://mydomain.com/cloud/remote.php/dav;
    }
    location = /.well-known/caldav {
        return 301 https://mydomain.com/cloud/remote.php/dav;
    }
    location /.well-known/acme-challenge { }

    # rewrite ^/owncloud/(.*) /cloud/$1 permanent;
    location ^~ /cloud {
        root /var/www/owncloud/;
        client_max_body_size 1G;
        fastcgi_buffers 64 4K;
        index index.php

        # Disable gzip to avoid the removal of the ETag header
        gzip off;

        error_page 403 /cloud/core/templates/403.php;
        error_page 404 /cloud/core/templates/404.php;

        location ~ ^/cloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            return 404;
        }
        location ~ ^/cloud/(?:\.|autotest|occ|issue|indie|db_|console) {
            return 404;
        }

        # NOTE: added 'inf' in order to reach '/var/www/owncloud/inf.php' which contains phpinfo()
        location ~ ^/cloud/(?:inf|index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
            #fastcgi_split_path_info ^(.+\.php)(/.*)$;
            # FIXED: added contextroot
            fastcgi_split_path_info ^/cloud/(.+?\.php)(/?.*)$;
            include fastcgi_params;
            add_header X-Debug1 "$fastcgi_script_name $fastcgi_path_info";
            fastcgi_param SCRIPT_FILENAME /var/www/owncloud/$fastcgi_script_name;
            #set $path_info $fastcgi_path_info;  # workaround for bug: try_files resets fastcgi_path_info for some reason.
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param HTTPS on;
            fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
            #try_files $fastcgi_script_name = 404;
        }

        # FIXED: added contextroot
        location ~ ^/cloud/(?:updater|ocs-provider)(?:$|/) {
            try_files $uri $uri/ =404;
            index index.php;
        }

        # Adding the cache control header for js and css files
        # Make sure it is BELOW the PHP block
        # FIXED: added contextroot and removed trailing '$' as OC js files contain '?v=' cachebuster
        location ~* /cloud(/.*\.(?:css|js)) {
            try_files $1 /cloud/index.php$1$is_args$args;
            add_header X-Debug2 "$1 $fastcgi_path_info";
            add_header Cache-Control "public, max-age=7200";
            # Add headers to serve security related headers  (It is intended to have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read into this topic first.
            #add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
            add_header X-Content-Type-Options nosniff;
            add_header X-Frame-Options "SAMEORIGIN";
            add_header X-XSS-Protection "1; mode=block";
            add_header X-Robots-Tag none;
            add_header X-Download-Options noopen;
            add_header X-Permitted-Cross-Domain-Policies none;
            # Optional: Don't log access to assets
            #access_log off;
        }

        # FIXED: added contextroot and removed trailing '$' as OC js files contain '?v=' cachebuster
        location ~* /cloud(/.*\.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg|map)) {
            try_files $1 /cloud/index.php$1$is_args$args;
            add_header X-Debug3 "$1 $uri";
            add_header Cache-Control "public, max-age=7200";
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
}

[aheusingfeld]

BTW: I first thought this "remote.phpote.php" was a logging error but Requested uri (/cloud/remote.phpote.php/webdav/) is out of base uri (/cloud/remote.php/webdav/) is exactly the message the miral/ owncloud macOS client displays. I have no idea whether this is related to the above mentioned problem.

[PVince81]

Signing status (ownCloud 9.0 and above): Sorry, I have no idea what that is

Just follow the instructions in the box below that

[PVince81]

remote.phpote.php looks like a substr operation failed because it was expecting the URL to contain a specific string but it actually contained another string. Some parts of the code only assume the presence without checking for perf reasons, mostly because it's always the case.

I wonder if your problem is related to this:

I’m running owncloud behind nginx with a subdir/ contextroot other than /owncloud! The root folder is still at /var/www/owncloud

I don't have an nginx env nor nginx experience, so I hope someone who has that can help debugging this.

[aheusingfeld]

Thanks for the heads up. I compared the current nginx config to the one I had with OC8.1 which was running perfectly fine with the /cloud contextroot. The differences are marginal. Anyway I changed to /owncloud just to be sure: The redirect issue persists and the Sabre Error message is now Requested uri (/cloud/remote.phpremote.php/webdav/) is out of base uri (/cloud/remote.php/webdav/). That supports your assumption that there is some place in the code not honoring overwritewebroot nor htaccess.RewriteBase config parameters! -> separate ticket!

[aheusingfeld]

FYI just confirmed that everything performs perfectly well, when I remove the contextroot/ subdir completely. Unfortunately that's not a long-term option. Admin check complains about missing headers but that's a none-issue:

    Der „X-XSS-Protection“-HTTP-Header ist nicht so konfiguriert, dass er „1; mode=block“ entspricht. Dies ist ein potentielles Sicherheitsrisiko und es wird empfohlen, diese Einstellung zu ändern.
    Der „X-Content-Type-Options“-HTTP-Header ist nicht so konfiguriert, dass er „nosniff“ entspricht. Dies ist ein potentielles Sicherheitsrisiko und es wird empfohlen, diese Einstellung zu ändern.
    Der „X-Robots-Tag“-HTTP-Header ist nicht so konfiguriert, dass er „none“ entspricht. Dies ist ein potentielles Sicherheitsrisiko und es wird empfohlen, diese Einstellung zu ändern.
    Der „X-Frame-Options“-HTTP-Header ist nicht so konfiguriert, dass er „SAMEORIGIN“ entspricht. Dies ist ein potentielles Sicherheitsrisiko und es wird empfohlen, diese Einstellung zu ändern.
    Der „X-Download-Options“-HTTP-Header ist nicht so konfiguriert, dass er „noopen“ entspricht. Dies ist ein potentielles Sicherheitsrisiko und es wird empfohlen, diese Einstellung zu ändern.
    Der „X-Permitted-Cross-Domain-Policies“-HTTP-Header ist nicht so konfiguriert, dass er „none“ entspricht. Dies ist ein potentielles Sicherheitsrisiko und es wird empfohlen, diese Einstellung zu ändern.
    Der "Strict-Transport-Security" HTTP-Header ist nicht auf mindestens "15552000" Sekunden eingestellt. Um die Sicherheit zu erhöhen, empfehlen wir das Aktivieren von HSTS, wie es in den Sicherheitshinweisen erläutert ist.

[aheusingfeld]

Update: spend a few hours troubleshooting and found the reason for the error message Requested uri (/cloud/remote.phpremote.php/webdav/) is out of base uri (/cloud/remote.php/webdav/):

https://github.com/owncloud/core/blob/master/apps/dav/appinfo/v1/webdav.php uses getRequestUri() from https://github.com/owncloud/core/blob/master/lib/private/AppFramework/Http/Request.php#L597 which returns the wrong value! The reason for this again being that L597 doesn't honor the overwritewebroot property. I'll create a pull-request for this.

[aheusingfeld]

I created a pull-request for fixes and docs. During retesting I found that when I set 'front_controller_active true' in the nginx config, the above mentioned redirect error still occurs! When I set it to 'false' everything works as expected!