search

etesync / etesync-dav

This is a CalDAV and CardDAV adapter for EteSync
https://www.etesync.com
GNU General Public License v3.0
285 stars 45 forks source link

Nginx proxy? #305

Closed zine999 closed 5 months ago

zine999 commented 6 months ago

Hi, is it possible to run this behind an nginx proxy on the Internet?

I'd rather not have to run it locally (it's inconvenient, especially on macOS with all the cert stuff), and also inconvenient for supporting various DAV clients on different machines. Would be much easier to run this as a server and point all machines to it.

I tried with the following config plus the etesync/etesync-dav:latest docker image, but it for whatever would constantly get "Connection timed out" errors from the browser when visiting https://website.org/.web/

server {
  server_name website.org;
  listen 37358 ssl;
  ssl_certificate /etc/letsencrypt/live/website.org/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/website.org/privkey.pem;
  location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host  $server_name;
    proxy_set_header X-Forwarded-Port  $server_port;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_pass http://etesyncdav:37358/;
  }
}

And oddly enough no log messages from either the etesync-dav server or nginx.

Any ideas?

strauss115 commented 5 months ago

Hi, not sure, if it is really a good idea to do this. Etesync's USP is E2E encryption. You somehow break this concept when you run the component which is decrypting the data on a server which is available on the Internet. What about just running Radicale as a CalDAV & CarDAV server. This is the one used by Etesync DAV bridge under the hood, there are also various other options.

In case you still want to you Etesync Dav Bridge on the internet, you error message indicates that the target is not reachable / answering. Are you able to get a respone when you execute curl http://etesyncdav:37358 on your server? Maybe it's also worth checking if you get a response using "127.0.0.1:37358" instead of "etesyncdav:37358".

zine999 commented 5 months ago

if you get a response using "127.0.0.1:37358" instead of "etesyncdav:37358".

that would definitely not work as nginx is running in a separate container from etesyncdav.

However, I've given up on etesync altogether because I couldn't figure out how to get macOS Contacts to sync with the local server, even after installing the local certificate.