From 1fca17714faab32eb2fada67feb131e2a4899709 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Thu, 11 May 2017 15:35:54 +0100
Subject: [PATCH] Improve radicale nginx config

---
 src/freedombone-app-radicale | 56 +++++++++++++++++++++++++++++-------
 1 file changed, 46 insertions(+), 10 deletions(-)

diff --git a/src/freedombone-app-radicale b/src/freedombone-app-radicale
index 9d5f84e8..55bcb849 100755
--- a/src/freedombone-app-radicale
+++ b/src/freedombone-app-radicale
@@ -305,7 +305,7 @@ function remove_radicale {
 
     remove_completion_param install_radicale
     sed -i '/radicale/d' $COMPLETION_FILE
-    sed -i '/location \/radicale/,/}/d' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+    sed -i '/# Start radicale/,/# End radicale/d' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
     systemctl restart nginx
 }
 
@@ -437,7 +437,7 @@ function install_radicale {
             echo "    listen [::]:443 ssl;" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
             echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
             function_check nginx_ssl
-            nginx_ssl ${DEFAULT_DOMAIN_NAME}
+            nginx_ssl ${DEFAULT_DOMAIN_NAME} mobile
             function_check nginx_disable_sniffing
             nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME}
             echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
@@ -447,12 +447,30 @@ function install_radicale {
             echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
             echo '    error_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
             echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '    location /radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '    # Start radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '    location @radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
             echo '        auth_basic "Radicale";' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo "        auth_basic_user_file ${RADICALE_USERS};" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '        auth_basic_user_file /var/www/radicale/users;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
             echo '        proxy_pass http://localhost:52322;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            echo '        proxy_buffering on;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '        proxy_buffering off;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '        proxy_set_header Host $host;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '        proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '        proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
             echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '    location /radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '    location /.well-known/carddav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '    location /.well-known/caldav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            echo '    # End radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
             echo '}' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
             echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
         else
@@ -466,20 +484,38 @@ function install_radicale {
         echo '    access_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
         echo '    error_log /dev/null;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
         echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '    location /radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '    # Start radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '    location @radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
         echo '        auth_basic "Radicale";' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo "        auth_basic_user_file ${RADICALE_USERS};" >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '        auth_basic_user_file /var/www/radicale/users;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
         echo '        proxy_pass http://localhost:52322;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-        echo '        proxy_buffering on;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '        proxy_buffering off;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '        proxy_set_header Host $host;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '        proxy_set_header X-Real-IP $remote_addr;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '        proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
         echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '    location /radicale {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '    location /.well-known/carddav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '    location /.well-known/caldav {' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '        try_files $uri @radicale;' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '    }' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        echo '    # End radicale' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
         echo '}' >> /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
 
         set_completion_param "radicale onion domain" "${RADICALE_ONION_HOSTNAME}"
     else
         # alter the existing site config
         if ! grep "radicale" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}; then
-            sed -i '/ 443/a    location \/radicale {\n        auth_basic "Radicale";\n        auth_basic_user_file \/var\/www\/radicale\/users;\n        proxy_pass http://localhost:52322;\n        proxy_buffering on;\n    }' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
-            sed -i '/listen localhost/a    location \/radicale {\n        auth_basic "Radicale";\n        auth_basic_user_file \/var\/www\/radicale\/users;\n        proxy_pass http://localhost:52322;\n        proxy_buffering on;\n    }' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            sed -i '/ 443/a    # Start radicale\n  location @radicale {\n    auth_basic "Radicale";\n    auth_basic_user_file /var/www/radicale/users;\n    proxy_pass http://localhost:52322;\n    proxy_buffering off;\n    proxy_set_header Host $host;\n    proxy_set_header X-Real-IP $remote_addr;\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n    proxy_set_header X-Forwarded-Proto $scheme;\n  }\n\n  location /radicale {\n      try_files $uri @radicale;\n  }\n\n  location /.well-known/carddav {\n      try_files $uri @radicale;\n  }\n\n  location /.well-known/caldav {\n      try_files $uri @radicale;\n  }\n    # End radicale' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+            sed -i '/listen localhost/a    # Start radicale\n  location @radicale {\n    auth_basic "Radicale";\n    auth_basic_user_file /var/www/radicale/users;\n    proxy_pass http://localhost:52322;\n    proxy_buffering off;\n    proxy_set_header Host $host;\n    proxy_set_header X-Real-IP $remote_addr;\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n    proxy_set_header X-Forwarded-Proto $scheme;\n  }\n\n  location /radicale {\n      try_files $uri @radicale;\n  }\n\n  location /.well-known/carddav {\n      try_files $uri @radicale;\n  }\n\n  location /.well-known/caldav {\n      try_files $uri @radicale;\n  }\n    # End radicale' /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
         fi
     fi