Radicale 的 Nginx 反向代理：403 禁止访问

2024-6-1 • tag-icon

在开始之前我配置了激进党无需任何安全措施即可独立运行，并可以通过指定的 IP:port 访问 WebUI，因此一切正常。然后我想使用反向代理和 SSL 证书来提高安全性，因此转向了他们的清晰简单的文档。

我已将以下内容添加到我的server{...}定义中/etc/nginx/nginx.conf...

       #####################################################################
       ## Radicle (https://radicale.org/proxy/)                           ##
       #####################################################################
       location /radicale/ {                                                
           proxy_pass           http://localhost:9468/;
           proxy_set_header     X-Script-Name /radicale;                    
           proxy_set_header     X-Forwarded-For $proxy_add_x_forwarded_for; 
           proxy_set_header     X-Remote-User $remote_user;                 
           auth_basic           "Radicale - Password Required";             
           auth_basic_user_file /etc/radicle/htpasswd;                      
           proxy_ssl_certificate         /etc/radicale/client_cert.pem;     
           proxy_ssl_certificate_key     /etc/radicale/client_key.pem;      
           proxy_ssl_trusted_certificate /etc/radicale/server_cert.pem;     
       }

...并生成了所有证书。如果我去，https://example.org/radicale/系统会要求我登录，我可以使用我的用户凭据进行登录。不幸的是，我得到了403: Forbidden:-/

我/etc/radicale/conf的如下

[server]
[server]
hosts = 127.0.0.1:9468
ssl = True
certificate = /etc/radicale/server_cert.pem
key = /etc/radicale/server_key.pem
certificate_authority = /etc/radicale/client_cert.pem
[encoding]
[auth]
type = http_x_remote_user
htpasswd_filename = /etc/radicale/users
htpasswd_encryption = bcrypt
[rights]
[storage]
[web]
[logging]
[headers]

（如果没有列出选项则为默认选项）。

首先想到的是它的权限问题，因此filesystem_folder = /var/lib/radicale/collections我将其修改为radicale:http（因为 nginxhttp在这个 Arch Linux 系统上运行）...

# l /var/lib/radicale/
total 12K
drwxrwxr-x  3 radicale http 4.0K Aug  7 07:35 .
drwxr-xr-x 25 root     root 4.0K Aug 12 08:07 ..
drwxrwxr-x  3 radicale http 4.0K Aug  7 08:18 collections
# l /var/lib/radicale/collections/
total 12K
drwxrwxr-x 3 radicale http 4.0K Aug  7 08:18 .
drwxrwxr-x 3 radicale http 4.0K Aug  7 07:35 ..
drwxrwxr-x 3 radicale http 4.0K Aug  7 08:18 collection-root
-rwxrwxr-x 1 radicale http    0 Aug  7 08:18 .Radicale.lock
# l /var/lib/radicale/collections/collection-root/
total 12K
drwxrwxr-x 3 radicale http 4.0K Aug  7 08:18 .
drwxrwxr-x 3 radicale http 4.0K Aug  7 08:18 ..
drwxrwxr-x 4 radicale http 4.0K Aug  7 08:20 user
# l /var/lib/radicale/collections/collection-root/user/
total 16K
drwxrwxr-x 4 radicale http 4.0K Aug  7 08:20 .
drwxrwxr-x 3 radicale http 4.0K Aug  7 08:18 ..
drwxrwxr-x 2 radicale http 4.0K Aug  7 08:19 86487dd0-1ca2-8183-b1b8-0bc7933792d2
drwxrwxr-x 2 radicale http 4.0K Aug  7 13:46 bd050325-a411-5d0a-625b-d8569b442441
# l /var/lib/radicale/collections/collection-root/user/*
/var/lib/radicale/collections/collection-root/user/86487dd0-1ca2-8183-b1b8-0bc7933792d2:
total 12K
drwxrwxr-x 2 radicale http 4.0K Aug  7 08:19 .
drwxrwxr-x 4 radicale http 4.0K Aug  7 08:20 ..
-rwxrwxr-x 1 radicale http  165 Aug  7 08:19 .Radicale.props

/var/lib/radicale/collections/collection-root/user/bd050325-a411-5d0a-625b-d8569b442441:
total 12K
drwxrwxr-x 2 radicale http 4.0K Aug  7 13:46 .
drwxrwxr-x 4 radicale http 4.0K Aug  7 08:20 ..
-rwxrwxr-x 1 radicale http  216 Aug  7 13:46 .Radicale.props

但没有任何喜悦，仍然得到403 : Forbidden，所以现在我不知道该尝试什么。

如有任何建议，我们将不胜感激。

相关内容