If you’re stuck in a single IP world, you’ll find you frequently need to mount various Web services on top of your SSL host to ensure communications are encrypted. In many ways, SSL serves as a poor man’s VPN. (Although OpenVPN is ridiculously simple to set up, even with a certificate per client, the recommended deployment model.) Let’s take a quick look at a reverse proxy for DAViCal, which is an implemention of the CalDAV for distributed calendaring and scheduling.
As Subversion simply uses WebDAV too, you’ll find the process is identical to that of reverse proxying a Subversion server, in fact. The following is necessary on the SSL virtual host. (Also, note the definitive guide on reverse proxying with Apache.)
ProxyPass /davical/ http://caldav.example.com/davical/ <Location /davical/> ProxyPassReverse / <Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT MOVE COPY DELETE LOCK UNLOCK> Order Deny,Allow Allow from all Satisfy Any </Limit> </Location>
Additionally, the following may be necessary. It’s the default on Debian and isn’t needed.
ProxyRequests Off <Proxy *> Order deny,allow Deny from all </Proxy> ProxyVia On
The above will only work with the appropriate mod_rewrite rules defined to strip caldav.php from the standard DAViCal URL.
<VirtualHost *:80> ServerName davical.example.com ServerAlias caldav ErrorLog /var/log/apache2/davical.example.com_error.log LogLevel warn CustomLog /var/log/apache2/davical.example.com_access.log combined ServerSignature On DocumentRoot /usr/share/davical/htdocs RewriteEngine On # DAViCal sends back /davical/user/collection as href, so this needs # to be a valid URI to use. RewriteCond %{REQUEST_URI} ^/davical RewriteRule ^/davical(.*)$ /caldav.php$1 [NC,L] # Not if it's the root URL. You might want to comment this out if you # want to use an explicit /index.php for getting to the admin pages. RewriteCond %{REQUEST_URI} !^/$ # Not if it explicitly specifies a .php program, stylesheet or image RewriteCond %{REQUEST_URI} !\.(php|css|js|png|gif|jpg) # Everything else gets rewritten to /caldav.php/... RewriteRule ^(.*)$ /caldav.php$1 [NC,L] <Directory /usr/share/davical/htdocs> Options Indexes FollowSymLinks Includes ExecCGI AllowOverride all Order allow,deny Allow from all </Directory> php_value include_path /usr/share/awl/inc php_value magic_quotes_gpc 0 php_value register_globals 0 php_value open_basedir 1 </VirtualHost>
The only downside appears to be it’s impossible to DELETE. A portion of the GUID is missing. With the above configuration, everything is fine.
"PUT /user/home/577e4d61-2e55-42a3-833f-8dfc5b26febf.ics HTTP/1.1" 201 20 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20080925 Lightning/0.9 Thunderbird/2.0.0.17" "DELETE /user/home/-2e55-42a3-833f-8dfc5b26febf.ics HTTP/1.1" 404 20 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.17) Gecko/20080925 Lightning/0.9 Thunderbird/2.0.0.17"
The first part is eaten.
