blob: e038765143b8550b7a8c1dfca178611b53a751ec (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
{% set domain = "liwt.net" %}
#
# nginx/sites: aaronly.radicale.conf
# CalDAV/CardDAV server: dav.{{ domain }}
#
# Aaron LI
# 2017-04-27
#
{% if radicale is defined and domains_hascert[domain] %}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name dav.{{ domain }};
# SSL/TLS Certificate kindly provided by Let's Encrypt
ssl_certificate {{ web.ssl_root }}/{{ domain }}/fullchain;
ssl_certificate_key {{ web.ssl_root }}/{{ domain }}/key;
# Reverse proxy to Radicale
location / {
auth_basic "Radicale requires auth ...";
auth_basic_user_file /usr/local/etc/nginx/auth/radicale.passwd;
# XXX: Hack to support "username[@domain]"-style login names
# (NOTE: the "@domain" part is optional, so $username is always set)
if ($remote_user ~ ^(?<user_>[^@/]+)(@[^/]+)?$) {
set $username $user_;
}
# WSGI interface: http://radicale.org/wsgi/
include uwsgi_params;
uwsgi_param REMOTE_USER $username;
uwsgi_pass unix:/tmp/uwsgi-radicale.sock;
}
}
{% endif %}
|