{% set domain = "liwt.net" %} # # nginx/sites: aaronly.radicale.conf # CalDAV/CardDAV server: dav.{{ domain }} # # Aaron LI # 2017-04-27 # {% if radicale is defined and domains_hascert[domain] %} server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name dav.{{ domain }}; # SSL/TLS Certificate kindly provided by Let's Encrypt ssl_certificate /usr/local/etc/ssl/acme/{{ domain }}/fullchain.pem; ssl_certificate_key /usr/local/etc/ssl/acme/private/{{ domain }}.pem; # Reverse proxy to Radicale location / { auth_basic "Radicale requires auth ..."; auth_basic_user_file /usr/local/etc/nginx/auth/radicale.passwd; # XXX: Hack to support "username[@domain]"-style login names # (NOTE: the "@domain" part is optional, so $username is always set) if ($remote_user ~ ^(?[^@/]+)(@[^/]+)?$) { set $username $user_; } # WSGI interface: http://radicale.org/wsgi/ include uwsgi_params; uwsgi_param REMOTE_USER $username; uwsgi_pass unix:/tmp/uwsgi-radicale.sock; } } {% endif %}