Welcome! Log In Create A New Profile

Advanced

Re: WebDAV behind a nginx reverse proxy

Previous Message Next Message
Forum List Message List New Topic Print View
Reinis Rozitis
October 12, 2017 03:38PM
> This is my current vhost for the webdav access on the nginx rev. proxy:
[..]
> If I switch the vhost to listen on port 80 without ssl, everything is
> fine and files can be renamed or moved via webdav.

If it works on http but not with ssl it might indicate that either this
configuration part doesn't work as expected:

set $dest $http_destination;

if ($http_destination ~ "^https://(.+)") {
set $dest http://$1;
}
proxy_set_header Destination $dest;


or depending on the backend application maybe statically setting
proxy_set_header X-Forwarded-Proto http; is wrong as usually you need to
pass the actual protocol used for the application to respond correctly and
construct the URLs using the right schema.

I would try changing it to:

proxy_set_header X-Forwarded-Proto $scheme;



> Also every hint how to debug such kind of problems are highly wellcome

One way to debug would be using something like tcpdump either on the nginx
or apache host to inspect the http headers passed and/or adding them to
access logs to see what goes wrong. But some parts you can check also on
frontend with browser - for example the Destination header by adding it to
nginx configuration:

add_header Destination $dest;



As far as I understand you are using nginx as an SSL offloader?
Is there anything else you do on the proxy?

If not maybe it's more easy to use the stream module (
http://nginx.org/en/docs/stream/ngx_stream_core_module.html ) and ssl
offload on tcp level rather than deal with the http/headers between (though
there is a drawback of not getting the real client ip (in a http header) on
the backend server / hope for PROXY protocol support for backends one day).

In short something like:

stream {
upstream stream_backend {
server your.apache.backend:80;
}
server {
listen 443 ssl;
proxy_pass stream_backend;
proxy_ssl_certificate cert.crt;
proxy_ssl_certificate_key cert.key;
}
}


Also https://www.nginx.com/resources/admin-guide/nginx-tcp-ssl-termination/

rr

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

WebDAV behind a nginx reverse proxy

Christian Schoepplein October 12, 2017 08:44AM

Re: WebDAV behind a nginx reverse proxy

Reinis Rozitis October 12, 2017 03:38PM

Re: WebDAV behind a nginx reverse proxy

Christian Schoepplein October 13, 2017 08:50AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 175
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready