http { # .. in http context .. # Declare the safe cross-origin hosts map $http_origin $cors_origin_header { hostnames; default "https://example.com"; "https://example.com" "$http_origin"; "https://www.example.com" "$http_origin"; } # Declare CORS exposed response headers map $host $std_response_headers { default "Content-Type, Content-Range, Content-Language, Date, Content-Length, Content-Encoding"; } map $host $cache_control_response_headers { default "Etag, Last-Modified"; } map $host $dav_response_headers { default "Dav"; } map $host $cors_expose_headers { default "${dav_response_headers}, ${std_response_headers}, ${cache_control_response_headers}"; } # Declare CORS allowed request headers map $host $std_request_headers { default "Authorization, Origin, X-Requested-With, Range, Accept-Encoding, Content-Length, Content-Type"; } map $host $dav_request_headers { default "If-Match, If-None-Match, If-Modified-Since, Depth"; } map $host $cors_allow_headers { default "${dav_request_headers}, ${std_request_headers}"; } # Detect a preflight request map $http_access_control_request_headers $preflight_h { default "true"; "" "false"; } map $http_access_control_request_method $preflight_m { default "true"; "" "false"; } map $request_method $preflight { default "false"; "OPTIONS" "${preflight_h}${preflight_m}true"; } # Configure WebDAV server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name webdav.example.com; location /.well-known/ { root /srv/http/www; } # Advertise CORS access controls. add_header "Access-Control-Allow-Origin" "$cors_origin_header" always; add_header "Access-Control-Allow-Credentials" "true" always; add_header "Access-Control-Expose-Headers" "$cors_expose_headers" always; location / { # Handle preflight request if ($preflight = "truetruetrue"){ add_header "Access-Control-Allow-Origin" "$cors_origin_header"; add_header "Access-Control-Allow-Headers" "$cors_allow_headers"; add_header "Access-Control-Allow-Methods" "PROPFIND, COPY, MOVE, MKCOL, CONNECT, DELETE, DONE, GET, HEAD, OPTIONS, PATCH, POST, PUT"; add_header "Access-Control-Max-Age" 1728000; add_header "Content-Type" "text/plain charset=UTF-8"; add_header "Content-Length" 0; return 204; } auth_basic "Not currently available"; auth_basic_user_file /etc/nginx/htpasswd; root /srv/http/webdav/data; client_body_temp_path /tmp/nginx-webdav; client_max_body_size 0; dav_methods PUT DELETE MKCOL COPY MOVE; dav_ext_methods PROPFIND OPTIONS; create_full_put_path on; dav_access user:rw group:r; autoindex on; } } # CalDAV and CardDAV server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name caldav.example.com carddav.example.com; location /.well-known/ { root /srv/http/www; } location /.well-known/caldav { return 301 https://caldav.example.com/; } location /.well-known/carddav { return 301 https://carddav.example.com/; } add_header "Access-Control-Allow-Origin" "$cors_origin_header" always; add_header "Access-Control-Allow-Credentials" "true" always; add_header "Access-Control-Expose-Headers" "$cors_expose_headers" always; location / { if ($preflight = "truetruetrue"){ add_header "Access-Control-Allow-Origin" "$cors_origin_header"; add_header "Access-Control-Allow-Headers" "$cors_allow_headers"; add_header "Access-Control-Allow-Methods" "REPORT, PROPFIND, COPY, MOVE, MKCOL, CONNECT, DELETE, DONE, GET, HEAD, OPTIONS, PATCH, POST, PUT"; add_header "Access-Control-Max-Age" 1728000; add_header "Content-Type" "text/plain charset=UTF-8"; add_header "Content-Length" 0; return 204; } auth_basic "Not currently available"; auth_basic_user_file /etc/nginx/caldav/htpasswd; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_header Authorization; proxy_pass http://127.0.0.1:5232/; } } }