Mailing List Archive

nginx as web server
Hello,
for many reasons I have to change web server and switch from lighttpd
to nginx. Does anyone have experience with DAViCal and nginx? My first
tries have failed: first nginx does not implement required HTTP methods
such as OPTIONS and PROPFIND, but even adding an extention that
implement them, I still get a few errors:

1. syncing from and android implementation, I see these errors in the
nginx log:

192.168.222.54 - giuseppe [04/Oct/2020:16:20:48 +0200] "PROPFIND /davical/htdocs/caldav.php/giuseppe/calendar/ HTTP/2.0" 301 185 "-" "DAVx5/3.3.1-ose (2020/09/11; dav4jvm; okhttp/4.8.1) Android/10"
192.168.222.54 - giuseppe [04/Oct/2020:16:20:48 +0200] "PROPFIND /davical/htdocs/caldav.php/giuseppe/addresses/ HTTP/2.0" 301 185 "-" "DAVx5/3.3.1-ose (2020/09/11; dav4jvm; okhttp/4.8.1) Android/10"
192.168.222.54 - giuseppe [04/Oct/2020:16:20:49 +0200] "PROPFIND /davical/htdocs/caldav.php/giuseppe/calendar/ HTTP/2.0" 500 19 "-" "DAVx5/3.3.1-ose (2020/09/11; dav4jvm; okhttp/4.8.1) Android/10"

as you see, the third call fails with this details:

davical/htdocs/caldav.php: Query: QF: istruzione SQL "INSERT INTO sync_tokens(collection_id, sync_token) VALUES( in_collection_id, new_token )" funzione PL/pgSQL new_sync_token(bigint,bigint) riga 31 a istruzione SQL"
davical/htdocs/caldav.php: Query: QF: SELECT new_sync_token( 0, :collection_id) AS sync_token
davical/htdocs/caldav.php: Query: DBGQ: SELECT new_sync_token( 0, :collection_id) AS sync_token
davical/htdocs/caldav.php: Query: DBGQ: ":collection_id" => "-1"
davical/htdocs/caldav.php: Query: QF: SQL error "23503" - ERRORE: la INSERT o l'UPDATE sulla tabella "sync_tokens" viola il vincolo di chiave esterna "sync_tokens_collection_id_fkey" DETTAGLI: La chiave (collection_id)=(-1) non è presente nella tabella "collection". CONTESTO:
davical/htdocs/caldav.php: Query: QF: istruzione SQL "INSERT INTO sync_tokens(collection_id, sync_token) VALUES( in_collection_id, new_token )" funzione PL/pgSQL new_sync_token(bigint,bigint) riga 31 a istruzione SQL"
davical/htdocs/caldav.php: Query: QF: SELECT new_sync_token( 0, :collection_id) AS sync_token

:DAViCal Fatal Error: [0] Problem with database query at /usr/share/davical/inc/DAVResource.php:1359

So, the collection_id=-1 is not a valid value.


2. syncing from a CalDAV client (evolution from Gnome on Linux)

the error message is about a REPORT method. I think to understand this
is an HTTP method but I do not understand if this has to be implemented
in the web server (and it is missing on nginx, even with the dav-ext
extention) or in DAViCal that seems to advertise it support that
method.
About the latter possibility, I tried to define:

$c->override_allowed_methods = "OPTIONS, GET, HEAD, PUT, DELETE,
PROPFIND, MKCOL";

in my config.php file, but this hasn't fixed the problem.

Thank you,
Giuseppe



_______________________________________________
Davical-general mailing list
Davical-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/davical-general
Re: nginx as web server [ In reply to ]
Hi Guiseppe,

I'm running DAViCal with nginx. It took me some fiddling...
I have attached the notes how I did it. Maybe this is helpful for you.

-- Johan
Re: nginx as web server [ In reply to ]
My config certainly not optimized but running, uses 4 "nginx servers"

agenda.couderc.eu :80 and :443 : for "normal" davical access

davical.couderc.eu :80 and :443 : for  "admin" access.

In effect I consider davical access to https://davical.couderc.eu/ too
much permissive as it  allows any user to read full list of users and
much more data...

So  I have added "toldev" nginx  control access to configuration access.

"Normal" access https://agenda.couderc.eu <https://agenda.couderc.eu/>
is redirected else where (here https://agenda.couderc.eu/caldavzap/)

This is very basic protection as it allows any user to access
https://agenda.couderc.eu/admin.php but is enough for my needs.


server {
        listen 80 ;
        listen [::]:80 ;

        server_name davical.couderc.eu davical.secours.couderc.eu;
        location /.well-known/acme-challenge
        {
                default_type  "text/plain";
                root          /tmp/letsencrypt-auto;
        }
        location / {
        return 301 https://$server_name$request_uri;
        }

}


server {
        server_name davical.couderc.eu davical.secours.couderc.eu;
        ssl_certificate /etc/acme/fullchain/davical.couderc.eu.pem;
        ssl_certificate_key /etc/acme/key/davical.couderc.eu.pem;
        root    /usr/share/davical/htdocs;
        index index.html index.htm index.php index.pl;
# begin : https section
        listen 443 ssl http2 ;
        listen [::]:443  ssl http2;
        # les parametres généraux de ssl sont inclus dans :
        include /etc/nginx/pc_https.conf ;

# end : https section
        keepalive_timeout 0;
        client_max_body_size    8M; # has to be same size as in
php.ini, else worthless!


        location /images/ {
        }

        location / {
        auth_basic "toldev";
        auth_basic_user_file  /etc/nginx/toldev.password;
                try_files $uri $uri/ =404;
        }

        location ~ ^(.+\.php)(.*)$ {
            include                     fastcgi_params;
            fastcgi_param               SCRIPT_FILENAME
$document_root$fastcgi_script_name;
            include /etc/nginx/fastcgi_pass_php_socket;
            fastcgi_split_path_info     ^(.+\.php)(.*)$;
            fastcgi_param               PATH_INFO $fastcgi_path_info;
            fastcgi_param               PATH_TRANSLATED
$document_root$fastcgi_path_info;
            fastcgi_read_timeout        180;
            fastcgi_buffer_size         128k;
            fastcgi_buffers             4 256k;
        }

        location ~ .php$ {
            try_files                   $uri =404;
            include                     fastcgi_params;
            include /etc/nginx/fastcgi_pass_php_socket;
            fastcgi_index               index.php;
            fastcgi_split_path_info     ^(.+\.php)(.*)$;
            fastcgi_param               SCRIPT_FILENAME
$document_root$fastcgi_script_name;
            fastcgi_param               PATH_INFO $fastcgi_path_info;
            fastcgi_param               PATH_TRANSLATED
$document_root$fastcgi_path_info;
        }


        location =caldavzap/ {


            try_files                   /infcloud/index.html =404;
                auth_basic off;
                add_header Cache-Control "max-age=0, must-revalidate,
no-cache, no-transform, private";

        }
        location /carddavmate/ {

                auth_basic off;
                add_header Cache-Control "max-age=0, must-revalidate,
no-cache, no-transform, private";
        }

}


############################################ agenda.couderc.eu
server {
    listen 80;
    listen [::]:80 ;
    server_name agenda.couderc.eu;

    location /.well-known/acme-challenge {
                default_type  "text/plain";
                root          /tmp/letsencrypt-auto;
    }

    location / {
        return 301 https://$server_name$request_uri;
    }

}


server {
        server_name agenda.couderc.eu;
        root    /usr/share/davical/htdocs;
        index index.html index.htm index.php index.pl;
# begin : https section
        listen 443 ssl http2 ;
        listen [::]:443  ssl http2;
        # les parametres généraux de ssl sont inclus dans :
        include /etc/nginx/pc_https.conf ;
        ssl_certificate /etc/acme/fullchain/agenda.couderc.eu.pem;
        ssl_certificate_key /etc/acme/key/agenda.couderc.eu.pem;

# end : https section
#
        keepalive_timeout 0;
        client_max_body_size    8M; # has to be same size as in
php.ini, else worthless!


        location /images/ {
        }

        location / {
        return 301 https://agenda.couderc.eu/caldavzap/;
                try_files $uri $uri/ =404;
        }
        location /admin.php {
        return 301 https://agenda.couderc.eu/caldavzap/;
                try_files $uri $uri/ =404;
        }

        location ~ ^(.+\.php)(.*)$ {
            include                     fastcgi_params;
            fastcgi_param               SCRIPT_FILENAME
$document_root$fastcgi_script_name;
            include /etc/nginx/fastcgi_pass_php_socket;
            fastcgi_split_path_info     ^(.+\.php)(.*)$;
            fastcgi_param               PATH_INFO $fastcgi_path_info;
            fastcgi_param               PATH_TRANSLATED
$document_root$fastcgi_path_info;
            fastcgi_read_timeout        180;
            fastcgi_buffer_size         128k;
            fastcgi_buffers             4 256k;
        }


        location ~ .php$ {
            try_files                   $uri =404;
            include                     fastcgi_params;
            include /etc/nginx/fastcgi_pass_php_socket;
            fastcgi_index               index.php;
            fastcgi_split_path_info     ^(.+\.php)(.*)$;
            fastcgi_param               SCRIPT_FILENAME
$document_root$fastcgi_script_name;
            fastcgi_param               PATH_INFO $fastcgi_path_info;
            fastcgi_param               PATH_TRANSLATED
$document_root$fastcgi_path_info;
        }


        location /caldavzap/ {


                add_header Cache-Control "max-age=0, must-revalidate,
no-cache, no-transform, private";
                try_files $uri $uri/ =404;
        }
        location /carddavmate/ {

                add_header Cache-Control "max-age=0, must-revalidate,
no-cache, no-transform, private";
        }

}




On 10/4/20 9:54 PM, Giuseppe Sacco wrote:
Re: nginx as web server [ In reply to ]
Hi Johan,

This can be a good place to publish notes:
https://wiki.davical.org/index.php/Nginx_Config

Narcis Garcia


El 4/10/20 a les 22:54, Johan Vromans ha escrit:
> Hi Guiseppe,
>
> I'm running DAViCal with nginx. It took me some fiddling...
> I have attached the notes how I did it. Maybe this is helpful for you.
>
> -- Johan
>
>
>
> _______________________________________________
> Davical-general mailing list
> Davical-general@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/davical-general
>


_______________________________________________
Davical-general mailing list
Davical-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/davical-general