[horde] caldav problem with Debian 11 + php7.4 + nginx 1.18/fastcgi

Michael J Rubinsky mrubinsk at horde.org
Sun May 15 20:37:42 UTC 2022 

Quoting Ruud Baart <r.j.baart at prompt.nl>:

> Because this list has been inactive for awhile, I send this question  
> again. I hope someone can give me a hint.
>
> I wrote Apr 1 2022:
>
> The upgrade is ready.
>
> Horde works fine on Debian 11 with nginx, postgres, dovecot.
>
> Only only one problem remains: tbsync/caldav does not work. The  
> credentials of the user does not arrive.
>
> Using curl to see what is send:
>
>    * Server auth using Basic with user 'user at domain.example'
>     > GET /rpc/kronolith/user at domain.example/id_calender_in_horde.ics
>    HTTP/1.1
>     > Host: horde.domain.example
>     > Authorization: Basic
>    bG9pc2lyLXBvdXItdG91c0BzdC1hbmRyZS1sZS1kZXNlcnQuZnI6YXQ4Tytsd2Fz
>     > User-Agent: curl/7.82.0
>     > Accept: */*
>
> I think it is the Authorization header that is not correctly managed  
> by fastcgi. I don't know how to solve this.


What makes you think that? What are you seeing?

>
> The Apache setup uses:
>
> RewriteRule .* - [E=HTTP_MS_ASPROTOCOLVERSION:%{HTTP:Ms-Asprotocolversion}]
>   RewriteRule .* - [E=HTTP_X_MS_POLICYKEY:%{HTTP:X-Ms-Policykey}]
>   RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
>
> I tried things like
>
>    fastcgi_param Authorization $http_authorization;

This should not be necessary.

>
> because such additional configuration of fastcgi seem logical to me.  
> But that does it doesn't work.
>
> I assume these rewrite are needed  for active_sync and caldav.  
> Active sync works fine so the last rewrite rule is probably not  
> "active" in the nginx/fastgi setup.
>
> If I solve this problem I think everything works and fast. Anyone  
> solved this one?
>
> My most urgent problem is I need to read a calendar and publish this  
> calendar on a website. The way it worked for years with Apache was:
>
>    wget --user=username --password=password \
>    --output-document="local_file.ics" \
>    https://server.example.com/rpc/kronolith/my_calendername.ics"

This works fine for me on my nginx based installation. What *exactly*  
is the response you are getting?  Are you certain that you have the  
alias configured correctly for rpc?

             location ^~ /horde/rpc/ {
                 if (!-e $request_filename){
                     rewrite ^(.*)$ /horde/rpc/index.php/$1 break;
                 }

                 fastcgi_split_path_info     ^(.+\.php)(/.+)$;
                 fastcgi_pass                unix:/run/php/php7.4-fpm.sock;
                 include snippets/fastcgi-php.conf;
                 fastcgi_param SCRIPT_FILENAME  
$document_root$fastcgi_script_name;
             }

> This doesn't work anymore because the credentials are not working anymore.
>
> If nginx/fascgi is not able to handle authorization, is there a  
> alternative way of downloading the ics-file? Website and horde are  
> on the same server, so a command line solution would be fine.
>
> Thanks for any ideas.
>
>
> On 3-3-2022 10:06, Ruud Baart wrote:
>> Hi,
>>
>> I'm upgrading my servers. From Debian 10 (+backports), php7.3 and  
>> Apache to news servers with Debian 11, php7.4 and nginx.
>>
>> There are quite some examples of nginx configurations. Also here:  
>> https://wiki.horde.org/webserver/nginx. So I assume Horde works  
>> fine with nginx.
>>
>> However, before I continue with my new servers, I still have the  
>> choice between Apache and Nginx. I'm curious if members of this  
>> list have experience with the intended configuration.
>>
>> If possible, I would like so see a working (and secure) nginx configuration.
>>
>>
>> Ruud Baart
>>
> -- 
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org



-- 
mike
The Horde Project
http://www.horde.org
https://www.facebook.com/hordeproject
https://www.twitter.com/hordeproject
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 9386 bytes
Desc: PGP Public Key
URL: <https://lists.horde.org/archives/horde/attachments/20220515/c5d12e4f/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: PGP Digital Signature
URL: <https://lists.horde.org/archives/horde/attachments/20220515/c5d12e4f/attachment.sig>

More information about the horde mailing list