[SOLVED] nginx as a proxy and https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



After searching a bit

I found this in cyrus log

Feb  2 13:59:50 caldav cyrus/http[28032]: [192.168.12.240] with "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.2 Lightning/68.4.2"; "PROPFIND /.well-known/caldav/ HTTP/1.0" (depth=0) => "HTTP/1.1 301 Moved Permanently" (location=http://dav.mydomain.com/dav/calendars/)


I have notice that in the response it was "location=http" not "location=https "

So to force cyrus to answer with https, I have modify cyrus conf (imap.conf and cyrus.conf) to activate  https and my nginx conf to proxy to the cyrus https port (8443) by changing this line in my conf

proxy_pass        http://192.168.12.24:8443/;

And now it work like a charm

Feb  2 14:45:52 caldav cyrus/http[28043]: [192.168.12.240] with "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.2 Lightning/68.4.2"; "PROPFIND /.well-known/caldav/ HTTP/1.0" (depth=0) => "HTTP/1.1 301 Moved Permanently" (location=https://dav.mydomain.com/dav/calendars/)

Thanks

Le 03/02/2020 à 20:23, Zorg a écrit :
Hi

Another question about caldav

I want to server it behind a proxy with nginx

Does someone have a conf example that work

because I have try this, but for the moment, I manage to make it work without problem with   davx, thunderbird, evolution  but not with  iphone (OS/13.3 ,iOS/10.3.4)

I'm not really sure that it come from nginx maybe it's because i have login like myuser1@xxxxxxxxxxxxxxxx

here is my log

81.82.83.84 - myuser1@xxxxxxxxxxxxxxxx [03/Feb/2020:11:28:05 +0100] "PROPFIND /.well-known/caldav HTTP/1.1" 301 0 "-" "iOS/10.3.4 (14G61) accountsd/1.0" 81.82.83.84 - myuser1@xxxxxxxxxxxxxxxx [03/Feb/2020:11:28:05 +0100] "PROPFIND / HTTP/1.1" 207 280 "-" "iOS/10.3.4 (14G61) accountsd/1.0" 81.82.83.84 - myuser1@xxxxxxxxxxxxxxxx [03/Feb/2020:11:28:05 +0100] "PROPFIND /principals/ HTTP/1.1" 405 347 "-" "iOS/10.3.4 (14G61) accountsd/1.0" 81.82.83.84 - myuser1@xxxxxxxxxxxxxxxx [03/Feb/2020:11:28:05 +0100] "PROPFIND /calendar/dav/myuser1%40dav.mydomain.com/user/ HTTP/1.1" 405 347 "-" "iOS/10.3.4 (14G61) accountsd/1.0"

but with davx i have (the %40 is replace by @)

81.82.83.84- myuser1@xxxxxxxxxxxxxxxx  [03/Feb/2020:19:21:35 +0100] "PROPFIND /dav/calendars/user/myuser1@xxxxxxxxxxxxxxxx/ HTTP/1.1" 207 616 "-" "DAVx5/2.6.3.1-ose (2020/01/18; dav4jvm; okhttp/3.12.6) Android/9"

here is my conf

server {
        listen       443 ssl;
        server_name  dav.mydomain.com;


        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
        ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
        ssl_session_cache shared:SSL:10m;
        #ssl_dhparam /etc/ssl/dhparam.pem;


        access_log /var/log/nginx/dav.ssl.access.log;
        root /home/public;
        location / {
    proxy_pass        http://192.168.12.24:8008/;
    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass_header Authorization;


    proxy_set_header  Host $host;
    proxy_set_header  X-Real-IP $remote_addr;
    proxy_set_header  X-Forwarded-For $remote_addr;
    proxy_set_header  X-Forwarded-Host $remote_addr;
        }


    ssl_certificate /etc/letsencrypt/live/dav.mydomain.com/fullchain.pem; # managed by Certbot     ssl_certificate_key /etc/letsencrypt/live/dav.mydomain.com/privkey.pem; # managed by Certbot
}


thanks


----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus




[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux