roles/web/templates/sites/liwt.radicale.conf.j2


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

{% set domain = "liwt.net" %}
#
# nginx/sites: aaronly.radicale.conf
# CalDAV/CardDAV server: dav.{{ domain }}
#
# Aaron LI
# 2017-04-27
#

{% if radicale is defined and domains_hascert[domain] %}
server {
    listen            443 ssl http2;
    listen       [::]:443 ssl http2;
    server_name  dav.{{ domain }};

    # SSL/TLS Certificate kindly provided by Let's Encrypt
    ssl_certificate      /usr/local/etc/ssl/acme/{{ domain }}/fullchain.pem;
    ssl_certificate_key  /usr/local/etc/ssl/acme/private/{{ domain }}.pem;

    # Reverse proxy to Radicale
    location / {
        auth_basic            "Radicale requires auth ...";
        auth_basic_user_file  /usr/local/etc/nginx/auth/radicale.passwd;

        # XXX: Hack to support "username[@domain]"-style login names
        # (NOTE: the "@domain" part is optional, so $username is always set)
        if ($remote_user ~ ^(?<user_>[^@/]+)(@[^/]+)?$) {
            set  $username  $user_;
        }

        # WSGI interface: http://radicale.org/wsgi/
        include      uwsgi_params;
        uwsgi_param  REMOTE_USER  $username;
        uwsgi_pass   unix:/tmp/uwsgi-radicale.sock;
    }
}
{% endif %}