ckulka
Issue with caldav behind reverse proxy in a subfolder
I'm trying to get Baikal working behind a reverse proxy in http://server.domain.com/davcal
I have managed to get the web gui working some what via setting the option base_uri in the baikal.yaml file. Initial page works well, but after hitting login and providing the admin account the server redirects me to http://server.domain.com/admin. Where the correct URI should be /davcal/admin
It also looks like the dav.php file dose not like being called via /baikal/dav.php
I've tried running both Nginx and Caddy as reverse proxy web servers with out any look. My current config is running Caddy
:443 {
#tls /etc/ssl/private/cert.crt /etc/ssl/private/key.key
#tls /etc/ssl/private/cert.pem /etc/ssl/private/key.pem
# or:
tls /etc/ssl/private/cert.pem /etc/ssl/private/cert.key
log {
level DEBUG
}
redir /.well-known/carddav /baikal/dav.php 301
redir /.well-known/caldav /baikal/dav.php 301
redir /baikal /baikal/ 301
handle_path /baikal/* {
# uri /baikal/* strip_prefix /baikal
# uri replace /baikal/ /
reverse_proxy http://baikal {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
}
}
handle /admin/* {
reverse_proxy http://baikal {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
}
}
handle_path /* {
# Set this path to your site's directory.
root * /usr/share/caddy
# Enable the static file server.
file_server
}
}
Baikal:
system:
configured_version: 0.9.3
timezone: Europe/
card_enabled: true
cal_enabled: true
dav_auth_type: Digest
admin_passwordhash: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
failed_access_message: 'user %u authentication failure for Baikal'
auth_realm: BaikalDAV
base_uri: '/baikal/'
invite_from: [email protected]
database:
sqlite_file: /var/www/baikal/Specific/db/db.sqlite
mysql: false
mysql_host: ''
mysql_dbname: ''
mysql_username: ''
mysql_password: ''
encryption_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
When accessing /baikal/dav.php
<d:error>
<s:sabredav-version>4.3.1</s:sabredav-version>
<s:exception>LogicException</s:exception>
<s:message>
Requested uri (/dav.php) is out of base uri (/baikal/dav.php/)
</s:message>
</d:error>
What I'm I doing wrong?
I have found a some what working work around
By changing the the base_uri to base_uri = '' and adding the following to my caddy config
@baikal_agent {
header User-Agent *dav*
}
rewrite @baikal_agent /baikal/{uri}
But the the web gui is not 100% some things are not showing up as they should. This might be a starting point, and hopefully some one has some pointers to get this working fully
I like the commit from @jtsymon, it's very straight-forward and simple.
Not sure yet if/how to incorporate that into the images, either
- with documentation, explaining how to add a
/docker-entrypoint.d/50-add-url-prefix.shfile to update the/etc/nginx/conf.d/default.conffile - with a container variable that updates the default.conf file on container startup
- parsing the
base_urivalue out of thebaikal.ymlfile and updating default.conf file on container startup
I think including a self signed certificate might improve things for a lot of users. At the end of the day, there's no tinkering involved here once the setup is up and running and so, a self signed certificate would work fine.
Linuxserver io image of Nextcloud, for example, includes a self signed certificate.
Kindly consider including something like that if it isn't too much trouble.
Hi @n00b12345,
I think that's a separate ask unrelated to this - if you want, then let's capture this in a new issue.
Btw: the Apache httpd container image comes with a self-signed certificate. It's not something I personally actually like, but we can discuss this in the separate issue.
Hi @n00b12345,
I think that's a separate ask unrelated to this - if you want, then let's capture this in a new issue.
Btw: the Apache httpd container image comes with a self-signed certificate. It's not something I personally actually like, but we can discuss this in the separate issue.
Thank you so much for responding. I have created a discussion thread.