在开始之前我配置了激进党无需任何安全措施即可独立运行,并可以通过指定的 IP:port 访问 WebUI,因此一切正常。然后我想使用反向代理和 SSL 证书来提高安全性,因此转向了他们的清晰简单的文档。
我已将以下内容添加到我的server{...}
定义中/etc/nginx/nginx.conf
...
#####################################################################
## Radicle (https://radicale.org/proxy/) ##
#####################################################################
location /radicale/ {
proxy_pass http://localhost:9468/;
proxy_set_header X-Script-Name /radicale;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Remote-User $remote_user;
auth_basic "Radicale - Password Required";
auth_basic_user_file /etc/radicle/htpasswd;
proxy_ssl_certificate /etc/radicale/client_cert.pem;
proxy_ssl_certificate_key /etc/radicale/client_key.pem;
proxy_ssl_trusted_certificate /etc/radicale/server_cert.pem;
}
...并生成了所有证书。如果我去,https://example.org/radicale/
系统会要求我登录,我可以使用我的用户凭据进行登录。不幸的是,我得到了403: Forbidden
:-/
我/etc/radicale/conf
的如下
[server]
[server]
hosts = 127.0.0.1:9468
ssl = True
certificate = /etc/radicale/server_cert.pem
key = /etc/radicale/server_key.pem
certificate_authority = /etc/radicale/client_cert.pem
[encoding]
[auth]
type = http_x_remote_user
htpasswd_filename = /etc/radicale/users
htpasswd_encryption = bcrypt
[rights]
[storage]
[web]
[logging]
[headers]
(如果没有列出选项则为默认选项)。
首先想到的是它的权限问题,因此filesystem_folder = /var/lib/radicale/collections
我将其修改为radicale:http
(因为 nginxhttp
在这个 Arch Linux 系统上运行)...
# l /var/lib/radicale/
total 12K
drwxrwxr-x 3 radicale http 4.0K Aug 7 07:35 .
drwxr-xr-x 25 root root 4.0K Aug 12 08:07 ..
drwxrwxr-x 3 radicale http 4.0K Aug 7 08:18 collections
# l /var/lib/radicale/collections/
total 12K
drwxrwxr-x 3 radicale http 4.0K Aug 7 08:18 .
drwxrwxr-x 3 radicale http 4.0K Aug 7 07:35 ..
drwxrwxr-x 3 radicale http 4.0K Aug 7 08:18 collection-root
-rwxrwxr-x 1 radicale http 0 Aug 7 08:18 .Radicale.lock
# l /var/lib/radicale/collections/collection-root/
total 12K
drwxrwxr-x 3 radicale http 4.0K Aug 7 08:18 .
drwxrwxr-x 3 radicale http 4.0K Aug 7 08:18 ..
drwxrwxr-x 4 radicale http 4.0K Aug 7 08:20 user
# l /var/lib/radicale/collections/collection-root/user/
total 16K
drwxrwxr-x 4 radicale http 4.0K Aug 7 08:20 .
drwxrwxr-x 3 radicale http 4.0K Aug 7 08:18 ..
drwxrwxr-x 2 radicale http 4.0K Aug 7 08:19 86487dd0-1ca2-8183-b1b8-0bc7933792d2
drwxrwxr-x 2 radicale http 4.0K Aug 7 13:46 bd050325-a411-5d0a-625b-d8569b442441
# l /var/lib/radicale/collections/collection-root/user/*
/var/lib/radicale/collections/collection-root/user/86487dd0-1ca2-8183-b1b8-0bc7933792d2:
total 12K
drwxrwxr-x 2 radicale http 4.0K Aug 7 08:19 .
drwxrwxr-x 4 radicale http 4.0K Aug 7 08:20 ..
-rwxrwxr-x 1 radicale http 165 Aug 7 08:19 .Radicale.props
/var/lib/radicale/collections/collection-root/user/bd050325-a411-5d0a-625b-d8569b442441:
total 12K
drwxrwxr-x 2 radicale http 4.0K Aug 7 13:46 .
drwxrwxr-x 4 radicale http 4.0K Aug 7 08:20 ..
-rwxrwxr-x 1 radicale http 216 Aug 7 13:46 .Radicale.props
但没有任何喜悦,仍然得到403 : Forbidden
,所以现在我不知道该尝试什么。
如有任何建议,我们将不胜感激。