Fix CalDAV/CardDAV URLs displayed in SOGo web interface when used behind a reverse proxy

This commit is contained in:
Michael Kuron 2017-04-18 20:24:43 +02:00
parent 9633a34f9f
commit 06e64c585c
2 changed files with 45 additions and 11 deletions

View File

@ -1,4 +1,23 @@
proxy_cache_path /tmp levels=1:2 keys_zone=sogo:10m inactive=24h max_size=1g; proxy_cache_path /tmp levels=1:2 keys_zone=sogo:10m inactive=24h max_size=1g;
# use the non-standard X-Forwarded-* headers for WebObjects
map $http_x_forwarded_proto $maybe_real_scheme {
default $http_x_forwarded_proto;
'' $scheme;
}
map $http_x_forwarded_port $maybe_real_port {
default $http_x_forwarded_port;
'' $server_port;
}
map $realip_remote_addr $real_scheme {
default $scheme;
172.22.1.1 $maybe_real_scheme;
}
map $realip_remote_addr $real_port {
default $server_port;
172.22.1.1 $maybe_real_port;
}
server { server {
include /etc/nginx/conf.d/listen_ssl.active; include /etc/nginx/conf.d/listen_ssl.active;
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
@ -34,7 +53,7 @@ server {
real_ip_recursive on; real_ip_recursive on;
location = /principals/ { location = /principals/ {
rewrite ^ $scheme://$host:$server_port/SOGo/dav; rewrite ^ $real_scheme://$host:$real_port/SOGo/dav;
allow all; allow all;
} }
@ -100,8 +119,8 @@ server {
proxy_set_header x-webobjects-server-protocol HTTP/1.0; proxy_set_header x-webobjects-server-protocol HTTP/1.0;
proxy_set_header x-webobjects-remote-host $remote_addr; proxy_set_header x-webobjects-remote-host $remote_addr;
proxy_set_header x-webobjects-server-name $server_name; proxy_set_header x-webobjects-server-name $server_name;
proxy_set_header x-webobjects-server-url $scheme://$host:$server_port; proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
proxy_set_header x-webobjects-server-port $server_port; proxy_set_header x-webobjects-server-port $real_port;
client_body_buffer_size 128k; client_body_buffer_size 128k;
client_max_body_size 100m; client_max_body_size 100m;
} }
@ -114,8 +133,8 @@ server {
proxy_set_header x-webobjects-server-protocol HTTP/1.0; proxy_set_header x-webobjects-server-protocol HTTP/1.0;
proxy_set_header x-webobjects-remote-host $remote_addr; proxy_set_header x-webobjects-remote-host $remote_addr;
proxy_set_header x-webobjects-server-name $server_name; proxy_set_header x-webobjects-server-name $server_name;
proxy_set_header x-webobjects-server-url $scheme://$host:$server_port; proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
proxy_set_header x-webobjects-server-port $server_port; proxy_set_header x-webobjects-server-port $real_port;
client_body_buffer_size 128k; client_body_buffer_size 128k;
client_max_body_size 100m; client_max_body_size 100m;
break; break;
@ -187,7 +206,7 @@ server {
real_ip_recursive on; real_ip_recursive on;
location = /principals/ { location = /principals/ {
rewrite ^ $scheme://$host:$server_port/SOGo/dav; rewrite ^ $real_scheme://$host:$real_port/SOGo/dav;
allow all; allow all;
} }
@ -253,8 +272,8 @@ server {
proxy_set_header x-webobjects-server-protocol HTTP/1.0; proxy_set_header x-webobjects-server-protocol HTTP/1.0;
proxy_set_header x-webobjects-remote-host $remote_addr; proxy_set_header x-webobjects-remote-host $remote_addr;
proxy_set_header x-webobjects-server-name $server_name; proxy_set_header x-webobjects-server-name $server_name;
proxy_set_header x-webobjects-server-url $scheme://$host:$server_port; proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
proxy_set_header x-webobjects-server-port $server_port; proxy_set_header x-webobjects-server-port $real_port;
client_body_buffer_size 128k; client_body_buffer_size 128k;
client_max_body_size 100m; client_max_body_size 100m;
} }
@ -267,8 +286,8 @@ server {
proxy_set_header x-webobjects-server-protocol HTTP/1.0; proxy_set_header x-webobjects-server-protocol HTTP/1.0;
proxy_set_header x-webobjects-remote-host $remote_addr; proxy_set_header x-webobjects-remote-host $remote_addr;
proxy_set_header x-webobjects-server-name $server_name; proxy_set_header x-webobjects-server-name $server_name;
proxy_set_header x-webobjects-server-url $scheme://$host:$server_port; proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
proxy_set_header x-webobjects-server-port $server_port; proxy_set_header x-webobjects-server-port $real_port;
client_body_buffer_size 128k; client_body_buffer_size 128k;
client_max_body_size 100m; client_max_body_size 100m;
break; break;

View File

@ -103,6 +103,8 @@ Recreate affected containers by running `docker-compose up -d`.
ProxyPass / http://127.0.0.1:8080/ ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/
ProxyPreserveHost Off ProxyPreserveHost Off
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
your-ssl-configuration-here your-ssl-configuration-here
[...] [...]
@ -127,15 +129,28 @@ server {
your-ssl-configuration-here your-ssl-configuration-here
location / { location / {
proxy_pass http://127.0.0.1:8080/; proxy_pass http://127.0.0.1:8080/;
proxy_redirect http://127.0.0.1:8080/ $scheme://$host:$server_port/;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
} }
[...] [...]
} }
``` ```
### HAProxy
```
frontend https-in
bind :::443 v4v6 ssl crt mailcow.pem
default_backend mailcow
backend mailcow
option forwardfor
http-request set-header X-Forwarded-Proto https
http-request set-header X-Forwarded-Port %[dst_port]
server mailcow 127.0.0.1:8080 check
```
## Optional: Setup a relayhost ## Optional: Setup a relayhost
Insert these lines to `data/conf/postfix/main.cf`. "relayhost" does already exist (empty), just change its value. Insert these lines to `data/conf/postfix/main.cf`. "relayhost" does already exist (empty), just change its value.