[SOLVED] nginx as a proxy and https
Zorg
zorg at probesys.com
Wed Feb 5 11:31:25 EST 2020
After searching a bit
I found this in cyrus log
Feb 2 13:59:50 caldav cyrus/http[28032]: [192.168.12.240] with
"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Thunderbird/68.4.2 Lightning/68.4.2"; "PROPFIND /.well-known/caldav/
HTTP/1.0" (depth=0) => "HTTP/1.1 301 Moved Permanently"
(location=http://dav.mydomain.com/dav/calendars/)
I have notice that in the response it was "location=http" not
"location=https "
So to force cyrus to answer with https, I have modify cyrus conf
(imap.conf and cyrus.conf) to activate https and my nginx conf to proxy
to the cyrus https port (8443) by changing this line in my conf
proxy_pass http://192.168.12.24:8443/;
And now it work like a charm
Feb 2 14:45:52 caldav cyrus/http[28043]: [192.168.12.240] with
"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Thunderbird/68.4.2 Lightning/68.4.2"; "PROPFIND /.well-known/caldav/
HTTP/1.0" (depth=0) => "HTTP/1.1 301 Moved Permanently"
(location=https://dav.mydomain.com/dav/calendars/)
Thanks
Le 03/02/2020 à 20:23, Zorg a écrit :
> Hi
>
> Another question about caldav
>
> I want to server it behind a proxy with nginx
>
> Does someone have a conf example that work
>
> because I have try this, but for the moment, I manage to make it work
> without problem with davx, thunderbird, evolution but not with
> iphone (OS/13.3 ,iOS/10.3.4)
>
> I'm not really sure that it come from nginx maybe it's because i have
> login like myuser1 at dav.mydomain.com
>
> here is my log
>
> 81.82.83.84 - myuser1 at dav.mydomain.com [03/Feb/2020:11:28:05 +0100]
> "PROPFIND /.well-known/caldav HTTP/1.1" 301 0 "-" "iOS/10.3.4 (14G61)
> accountsd/1.0"
> 81.82.83.84 - myuser1 at dav.mydomain.com [03/Feb/2020:11:28:05 +0100]
> "PROPFIND / HTTP/1.1" 207 280 "-" "iOS/10.3.4 (14G61) accountsd/1.0"
> 81.82.83.84 - myuser1 at dav.mydomain.com [03/Feb/2020:11:28:05 +0100]
> "PROPFIND /principals/ HTTP/1.1" 405 347 "-" "iOS/10.3.4 (14G61)
> accountsd/1.0"
> 81.82.83.84 - myuser1 at dav.mydomain.com [03/Feb/2020:11:28:05 +0100]
> "PROPFIND /calendar/dav/myuser1%40dav.mydomain.com/user/ HTTP/1.1" 405
> 347 "-" "iOS/10.3.4 (14G61) accountsd/1.0"
>
> but with davx i have (the %40 is replace by @)
>
> 81.82.83.84- myuser1 at dav.mydomain.com [03/Feb/2020:19:21:35 +0100]
> "PROPFIND /dav/calendars/user/myuser1 at dav.mydomain.com/ HTTP/1.1" 207
> 616 "-" "DAVx5/2.6.3.1-ose (2020/01/18; dav4jvm; okhttp/3.12.6)
> Android/9"
>
> here is my conf
>
> server {
> listen 443 ssl;
> server_name dav.mydomain.com;
>
>
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> ssl_prefer_server_ciphers on;
> ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
> ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
> ssl_session_cache shared:SSL:10m;
> #ssl_dhparam /etc/ssl/dhparam.pem;
>
>
> access_log /var/log/nginx/dav.ssl.access.log;
> root /home/public;
> location / {
> proxy_pass http://192.168.12.24:8008/;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_pass_header Authorization;
>
>
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $remote_addr;
> proxy_set_header X-Forwarded-Host $remote_addr;
> }
>
>
> ssl_certificate
> /etc/letsencrypt/live/dav.mydomain.com/fullchain.pem; # managed by
> Certbot
> ssl_certificate_key
> /etc/letsencrypt/live/dav.mydomain.com/privkey.pem; # managed by Certbot
> }
>
>
> thanks
>
>
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
More information about the Info-cyrus
mailing list