search

sabre-io / Baikal

Baïkal is a Calendar+Contacts server
https://sabre.io/baikal/
GNU General Public License v3.0
2.52k stars 291 forks source link

iOS10 Error / No Sync possible #646

Closed ghost closed 7 years ago

ghost commented 7 years ago

Hello,

I set up my baikal server an with Thunderbird, Android and Windows everything works perfect. But then came iOS. Everytime I get thie messages in my log when I tried to connect:

2016/12/25 15:04:29 [error] 10941#0: *2359 readv() failed (104: Connection reset by peer) while reading upstream, client: 46.223.1.8, server: dav.mailgermania.de, request: "PROPFIND /dav.php/calendars/malte.kiefer@mailgermania.de/bundeswehr/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "dav.mailgermania.de" 2016/12/25 15:04:29 [error] 10941#0: *2358 readv() failed (104: Connection reset by peer) while reading upstream, client: 46.223.1.8, server: dav.mailgermania.de, request: "PROPFIND /dav.php/addressbooks/malte.kiefer@mailgermania.de/default/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "dav.mailgermania.de" 2016/12/25 15:04:29 [error] 10941#0: *2366 readv() failed (104: Connection reset by peer) while reading upstream, client: 46.223.1.8, server: dav.mailgermania.de, request: "PROPFIND /dav.php/calendars/malte.kiefer@mailgermania.de/default/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "dav.mailgermania.de" 2016/12/25 15:04:30 [error] 10941#0: *2370 readv() failed (104: Connection reset by peer) while reading upstream, client: 46.223.1.8, server: dav.mailgermania.de, request: "PROPFIND /dav.php/calendars/malte.kiefer@mailgermania.de/familie/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "dav.mailgermania.de" 2016/12/25 15:04:30 [error] 10941#0: *2374 readv() failed (104: Connection reset by peer) while reading upstream, client: 46.223.1.8, server: dav.mailgermania.de, request: "PROPFIND /dav.php/calendars/malte.kiefer@mailgermania.de/gemeinde/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "dav.mailgermania.de" 2016/12/25 15:04:31 [error] 10941#0: *2378 readv() failed (104: Connection reset by peer) while reading upstream, client: 46.223.1.8, server: dav.mailgermania.de, request: "PROPFIND /dav.php/calendars/malte.kiefer@mailgermania.de/kiefer-networks/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "dav.mailgermania.de"

iOS always told me, that they could no connect with SSL. I have a Let's Encrypt certificate is that a problem? When I go over the safari to the dav.php I can open all books and calendars. Here is my nginx config

server {
 listen 80;
 listen [::]:80;
 server_name dav.mailgermania.de
 server_tokens off;
 root /var/www/dav/html;
 return 301 https://$host$request_uri;
}

server {
  listen 443;
  listen [::]:443;
  server_name dav.mailgermania.de
  server_tokens off;
  ssl on; 
  ssl_certificate         /etc/ssl/mail/mail.crt;
  ssl_certificate_key     /etc/ssl/mail/mail.key;
  ssl_prefer_server_ciphers on; 
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
 ssl_dhparam /etc/ssl/mail/dhparams.pem;
 add_header Strict-Transport-Security max-age=15768000;
 ssl_session_timeout 30m;
 client_max_body_size 25m;
 root /var/www/dav/html;
 index index.html index.htm index.php;

 add_header X-Frame-Options "SAMEORIGIN";
 add_header Content-Security-Policy "frame-ancestors 'self';";
 add_header X-Content-Type-Options nosniff;
 add_header X-XSS-Protection "1; mode=block";

 rewrite ^/.well-known/caldav /dav.php redirect;
 rewrite ^/.well-known/carddav /dav.php redirect;

 charset utf-8;

 location ~ /(\.ht|Core|Specific) {
    deny all;
   return 404;
 }
  location ~ ^(.+\.php)(.*)$ {
   try_files $fastcgi_script_name =404;
   include        /etc/nginx/fastcgi_params;
   fastcgi_split_path_info  ^(.+\.php)(.*)$;
   fastcgi_pass   unix:/var/run/php5-fpm.sock;
   fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
   fastcgi_param  PATH_INFO        $fastcgi_path_info;
   fastcgi_index index.php;
   fastcgi_param HTTPS on; 
   fastcgi_read_timeout 630;
   fastcgi_keep_conn on;
   }
 }

Can you help me?

evert commented 7 years ago

Do you have a fastcgi or php log? What does it say? (104: Connection reset by peer) while reading upstream, tells me that the fastcgi might be crashing, but I can't be certain.

gafpilot commented 7 years ago

I have the same prob - after update to 0.46 no sync with iOS possible. Same error: SSL connex not possible... (Running baikal on a synology DSM 6.1)

evert commented 7 years ago

I don't think I can answer this. I do think that it's a problem with your SSL configuration. Are you able to open the url with plain safari? Maybe take a look at this tool to see if your SSL is configured correctly:

https://www.ssllabs.com/ssltest/

evert commented 7 years ago

For the OP, I'm getting this error on the domain you gave us:

dav.mailgermania.de uses an invalid security certificate. The certificate is only valid for mail.mailgermania.de

I think that error is pretty clear ;) Closing this ticket for that reason