aboutsummaryrefslogtreecommitdiffstats
path: root/roles/web/templates/sites/liwt.radicale.conf.j2
diff options
context:
space:
mode:
Diffstat (limited to 'roles/web/templates/sites/liwt.radicale.conf.j2')
-rw-r--r--roles/web/templates/sites/liwt.radicale.conf.j251
1 files changed, 51 insertions, 0 deletions
diff --git a/roles/web/templates/sites/liwt.radicale.conf.j2 b/roles/web/templates/sites/liwt.radicale.conf.j2
new file mode 100644
index 0000000..416a872
--- /dev/null
+++ b/roles/web/templates/sites/liwt.radicale.conf.j2
@@ -0,0 +1,51 @@
+{% set domain = "liwt.net" %}
+#
+# nginx/sites: aaronly.radicale.conf
+# CalDAV/CardDAV server: caldav.{{ domain }}, carddav.{{ domain }}
+#
+# Aaron LI
+# 2017-04-27
+#
+
+{% if domains_hascert[domain] %}
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name caldav.{{ domain }} carddav.{{ domain }};
+
+ # SSL/TLS Certificate kindly provided by Let's Encrypt
+ ssl_certificate /usr/local/etc/ssl/acme/{{ domain }}/fullchain.pem;
+ ssl_certificate_key /usr/local/etc/ssl/acme/private/{{ domain }}.pem;
+
+ # Reverse proxy to Radicale
+ location / {
+ # Auth through HTTP
+ auth_basic "Radicale ...";
+ auth_basic_user_file /usr/local/etc/nginx/auth/radicale.passwd;
+
+ # XXX: Hack to support "username@domain"-style logins
+ if ($remote_user ~ ^(?<user_>[^@/]+)(@[^/]+)?$) {
+ set $username $user_;
+ }
+
+ # When a reverse proxy is used, the path at which Radicale is
+ # available must be provided via the "X-Script-Name" header.
+ # The proxy must remove the location from the URL path that is
+ # forwarded to Radicale.
+ # http://radicale.org/proxy/
+ #
+ #proxy_pass http://127.0.0.1:5232/; # Note the trailing "/"
+ #proxy_set_header Host $host;
+ #proxy_set_header X-Real-IP $remote_addr;
+ #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ #proxy_set_header X-Forwarded-Proto $scheme;
+ #proxy_set_header X-Remote-User $username;
+
+ # WSGI interface: http://radicale.org/wsgi/
+ include uwsgi_params;
+ # Require to set 'auth/type' to 'remote_user' in config file
+ uwsgi_param REMOTE_USER $username;
+ uwsgi_pass unix:/var/run/uwsgi-radicale.sock;
+ }
+}
+{% endif %}
Copyright © 2017-2018 Aaron LI. All Rights Reserved.