nginx as a proxy and https

Zorg zorg at probesys.com
Mon Feb 3 14:23:28 EST 2020


Hi

Another question about caldav

I want to server it behind a proxy with nginx

Does someone have a conf example that work

because I have try this, but for the moment, I manage to make it work 
without problem with   davx, thunderbird, evolution  but not with  
iphone (OS/13.3 ,iOS/10.3.4)

I'm not really sure that it come from nginx maybe it's because i have 
login like myuser1 at dav.mydomain.com

here is my log

81.82.83.84 - myuser1 at dav.mydomain.com [03/Feb/2020:11:28:05 +0100] 
"PROPFIND /.well-known/caldav HTTP/1.1" 301 0 "-" "iOS/10.3.4 (14G61) 
accountsd/1.0"
81.82.83.84 - myuser1 at dav.mydomain.com [03/Feb/2020:11:28:05 +0100] 
"PROPFIND / HTTP/1.1" 207 280 "-" "iOS/10.3.4 (14G61) accountsd/1.0"
81.82.83.84 - myuser1 at dav.mydomain.com [03/Feb/2020:11:28:05 +0100] 
"PROPFIND /principals/ HTTP/1.1" 405 347 "-" "iOS/10.3.4 (14G61) 
accountsd/1.0"
81.82.83.84 - myuser1 at dav.mydomain.com [03/Feb/2020:11:28:05 +0100] 
"PROPFIND /calendar/dav/myuser1%40dav.mydomain.com/user/ HTTP/1.1" 405 
347 "-" "iOS/10.3.4 (14G61) accountsd/1.0"

but with davx i have (the %40 is replace by @)

81.82.83.84- myuser1 at dav.mydomain.com  [03/Feb/2020:19:21:35 +0100] 
"PROPFIND /dav/calendars/user/myuser1 at dav.mydomain.com/ HTTP/1.1" 207 
616 "-" "DAVx5/2.6.3.1-ose (2020/01/18; dav4jvm; okhttp/3.12.6) Android/9"

here is my conf

server {
         listen       443 ssl;
         server_name  dav.mydomain.com;


         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
         ssl_prefer_server_ciphers on;
         ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
         ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
         ssl_session_cache shared:SSL:10m;
         #ssl_dhparam /etc/ssl/dhparam.pem;


         access_log /var/log/nginx/dav.ssl.access.log;
         root /home/public;
         location / {
     proxy_pass        http://192.168.12.24:8008/;
     proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_pass_header Authorization;


     proxy_set_header  Host $host;
     proxy_set_header  X-Real-IP $remote_addr;
     proxy_set_header  X-Forwarded-For $remote_addr;
     proxy_set_header  X-Forwarded-Host $remote_addr;
         }


     ssl_certificate 
/etc/letsencrypt/live/dav.mydomain.com/fullchain.pem; # managed by Certbot
     ssl_certificate_key 
/etc/letsencrypt/live/dav.mydomain.com/privkey.pem; # managed by Certbot
}


thanks




More information about the Info-cyrus mailing list