blob: 416a872237ad21737d280ae6e3851b602005a593 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
{% set domain = "liwt.net" %}
#
# nginx/sites: aaronly.radicale.conf
# CalDAV/CardDAV server: caldav.{{ domain }}, carddav.{{ domain }}
#
# Aaron LI
# 2017-04-27
#
{% if domains_hascert[domain] %}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name caldav.{{ domain }} carddav.{{ domain }};
# SSL/TLS Certificate kindly provided by Let's Encrypt
ssl_certificate /usr/local/etc/ssl/acme/{{ domain }}/fullchain.pem;
ssl_certificate_key /usr/local/etc/ssl/acme/private/{{ domain }}.pem;
# Reverse proxy to Radicale
location / {
# Auth through HTTP
auth_basic "Radicale ...";
auth_basic_user_file /usr/local/etc/nginx/auth/radicale.passwd;
# XXX: Hack to support "username@domain"-style logins
if ($remote_user ~ ^(?<user_>[^@/]+)(@[^/]+)?$) {
set $username $user_;
}
# When a reverse proxy is used, the path at which Radicale is
# available must be provided via the "X-Script-Name" header.
# The proxy must remove the location from the URL path that is
# forwarded to Radicale.
# http://radicale.org/proxy/
#
#proxy_pass http://127.0.0.1:5232/; # Note the trailing "/"
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
#proxy_set_header X-Remote-User $username;
# WSGI interface: http://radicale.org/wsgi/
include uwsgi_params;
# Require to set 'auth/type' to 'remote_user' in config file
uwsgi_param REMOTE_USER $username;
uwsgi_pass unix:/var/run/uwsgi-radicale.sock;
}
}
{% endif %}
|