WebDAV behind a nginx reverse proxy

Reinis Rozitis r at roze.lv
Thu Oct 12 19:37:11 UTC 2017 

> This is my current vhost for the webdav access on the nginx rev. proxy:
[..]
>  If I switch the vhost to listen on port 80 without ssl, everything is 
> fine and files can be renamed or moved via webdav.

If it works on http but not with ssl it might indicate that either this 
configuration part doesn't work as expected:

set $dest $http_destination;

if ($http_destination ~ "^https://(.+)") {
    set $dest http://$1;
}
proxy_set_header Destination $dest;


or depending on the backend application maybe statically setting 
proxy_set_header X-Forwarded-Proto http; is wrong as usually you need to 
pass the actual protocol used for the application to respond correctly and 
construct the URLs using the right schema.

I would try changing it to:

proxy_set_header X-Forwarded-Proto $scheme;



> Also every hint how to debug such kind of problems are highly wellcome

One way to debug would be using something like tcpdump either on the nginx 
or apache host to inspect the http headers passed and/or adding them to 
access logs to see what goes wrong. But some parts you can check also on 
frontend with browser - for example the Destination header by adding it to 
nginx configuration:

add_header Destination $dest;



As far as I understand you are using nginx as an SSL offloader?
Is there anything else you do on the proxy?

If not maybe it's more easy to use the stream module ( 
http://nginx.org/en/docs/stream/ngx_stream_core_module.html ) and ssl 
offload on tcp level rather than deal with the http/headers between (though 
there is a drawback of not getting the real client ip (in a http header) on 
the backend server / hope for PROXY protocol support for backends one day).

In short something like:

stream {
    upstream stream_backend {
        server your.apache.backend:80;
    }
    server {
        listen 443 ssl;
        proxy_pass stream_backend;
        proxy_ssl_certificate  cert.crt;
        proxy_ssl_certificate_key cert.key;
    }
}


Also  https://www.nginx.com/resources/admin-guide/nginx-tcp-ssl-termination/

rr

More information about the nginx mailing list