我创建了一个 Radicale 实例,使用 Nginx 进行基本身份验证,但每次登录时,它都说我没有权限访问该集合。有人能帮我找出问题所在吗?
激进配置
# -*- mode: conf -*-
# vim:ft=cfg
# Config file for Radicale - A simple calendar server
#
# Place it into /etc/radicale/config (global)
# or ~/.config/radicale/config (user)
#
# The current values are the default ones
[server]
# CalDAV server hostnames separated by a comma
# IPv4 syntax: address:port
# IPv6 syntax: [address]:port
# For example: 0.0.0.0:9999, [::]:9999
# IPv6 adresses are configured to only allow IPv6 connections
#hosts = 0.0.0.0:5232
hosts = 127.0.0.1:5232
# Daemon flag
#daemon = False
daemon = True
# File storing the PID in daemon mode
#pid =
# SSL flag, enable HTTPS protocol
#ssl = False
# SSL certificate path
#certificate = /etc/apache2/ssl/server.crt
certificate = /etc/pki/tls/certs/localhost.crt
# SSL private key
#key = /etc/apache2/ssl/server.key
# SSL Protocol used. See python's ssl module for available values
#protocol = PROTOCOL_SSLv23
# Ciphers available. See python's ssl module for available ciphers
#ciphers =
# Reverse DNS to resolve client address in logs
#dns_lookup = True
# Root URL of Radicale (starting and ending with a slash)
#custom_handler =
# File for rights management from_file
#file = ~/.config/radicale/rights
file = /etc/radicale/rights
[storage]
# Storage backend
# -------
# WARNING: ONLY "filesystem" IS DOCUMENTED AND TESTED,
# OTHER BACKENDS ARE NOT READY FOR PRODUCTION.
# -------
# Value: filesystem | multifilesystem | database | custom
#type = filesystem
# Custom storage handler
#custom_handler =
# Folder for storing local collections, created if not present
#filesystem_folder = ~/.config/radicale/collections
filesystem_folder = /var/lib/radicale/collections
# Database URL for SQLAlchemy
# dialect+driver://user:password@host/dbname[?key=value..]
# For example: sqlite:///var/db/radicale.db, postgresql://user:password@localhost/radicale
# See http://docs.sqlalchemy.org/en/rel_0_8/core/engines.html#sqlalchemy.create_engine
#database_url =
[logging]
# Logging configuration file
# If no config is given, simple information is printed on the standard output
# For more information about the syntax of the configuration file, see:
# http://docs.python.org/library/logging.config.html
#config = /etc/radicale/logging
# Set the default logging level to debug
#debug = False
# Store all environment variables (including those set in the shell)
#full_environment = False
[headers]
# Additional HTTP headers
#Access-Control-Allow-Origin = *
权利文件
[owner-write]
user: .+
collection: ^%(login)s(/.+)?$
permission: rw
Nginx
server {
listen 80 default;
location / {
return 301 https://$host$request_uri;
}
include /etc/nginx/servers.conf.d/*.conf;
}
server {
listen 443 ssl default http2;
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
location / {
try_files $uri @radicale;
}
location @radicale {
auth_basic "Login";
auth_basic_user_file /etc/nginx/auth/radicale;
proxy_pass http://127.0.0.1:5232;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
答案1
我遇到了同样的问题,并通过从 nginx 配置中删除proxy_set_header Host $host;
和解决了该问题。proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;