WebDAV behind a nginx reverse proxy
Reinis Rozitis
r at roze.lv
Thu Oct 12 19:37:11 UTC 2017
> This is my current vhost for the webdav access on the nginx rev. proxy:
[..]
> If I switch the vhost to listen on port 80 without ssl, everything is
> fine and files can be renamed or moved via webdav.
If it works on http but not with ssl it might indicate that either this
configuration part doesn't work as expected:
set $dest $http_destination;
if ($http_destination ~ "^https://(.+)") {
set $dest http://$1;
}
proxy_set_header Destination $dest;
or depending on the backend application maybe statically setting
proxy_set_header X-Forwarded-Proto http; is wrong as usually you need to
pass the actual protocol used for the application to respond correctly and
construct the URLs using the right schema.
I would try changing it to:
proxy_set_header X-Forwarded-Proto $scheme;
> Also every hint how to debug such kind of problems are highly wellcome
One way to debug would be using something like tcpdump either on the nginx
or apache host to inspect the http headers passed and/or adding them to
access logs to see what goes wrong. But some parts you can check also on
frontend with browser - for example the Destination header by adding it to
nginx configuration:
add_header Destination $dest;
As far as I understand you are using nginx as an SSL offloader?
Is there anything else you do on the proxy?
If not maybe it's more easy to use the stream module (
http://nginx.org/en/docs/stream/ngx_stream_core_module.html ) and ssl
offload on tcp level rather than deal with the http/headers between (though
there is a drawback of not getting the real client ip (in a http header) on
the backend server / hope for PROXY protocol support for backends one day).
In short something like:
stream {
upstream stream_backend {
server your.apache.backend:80;
}
server {
listen 443 ssl;
proxy_pass stream_backend;
proxy_ssl_certificate cert.crt;
proxy_ssl_certificate_key cert.key;
}
}
Also https://www.nginx.com/resources/admin-guide/nginx-tcp-ssl-termination/
rr
More information about the nginx
mailing list