Perform webdav authentication in nginx, fixes #330

core/nginx/conf/nginx.conf

@@ -100,6 +100,9 @@ http {
       {% if WEBDAV != 'none' %}
       location /webdav {
         rewrite ^/webdav/(.*) /$1 break;
+        auth_request /internal/auth/basic;
+        auth_request_set $user $upstream_http_x_user;
+        proxy_set_header X-Remote-User $user;
         proxy_pass http://$webdav;
       }
       {% endif %}
@@ -108,6 +111,8 @@ http {
       location /internal {
         internal;
 
+        proxy_set_header Authorization $http_authorization;
+        proxy_pass_header Authorization;
         proxy_pass http://$admin;
         proxy_pass_request_body off;
         proxy_set_header Content-Length "";

optional/radicale/radicale.conf

@@ -4,27 +4,19 @@ daemon = False
 ssl = False
 dns_lookup = False
 realm = Radicale - Password Required
-base_prefix = /webdav/
 
 [encoding]
 request = utf-8
 stock = utf-8
 
-[well-known]
-
 [auth]
-type = IMAP
-imap_hostname = front
-imap_port = 10143
-imap_ssl = False
-
-[git]
+type = http_x_remote_user
 
 [rights]
 type = owner_only
 
 [storage]
-type = filesystem
+type = multifilesystem
 filesystem_folder = /data
 
 [logging]