On Mon, Feb 06, 2023 at 02:07:25PM +0300, Maksim Rodin wrote:
> I added a space to that line, still no change in logs.
> The whole config looks now so:

Thanks.

Skimming through your config and the excerpt from the log, I'd say the
GET request should be matched by the (now corrected) location block.
If this is the case -- and you can easily check this by using a tester
like https://nginx.viraptor.info/ -- then the appropriate headers are
being added to the request, and the problem lies with how SOGo handles
and/or logs them.  You commented out nginx log-related directives, but
maybe those logs could provide some insight as well.

> 
> ```
> # Take note of http://wiki.nginx.org/Pitfalls
> 
> #user  www;
> worker_processes  1;
> 
> #load_module "modules/ngx_stream_module.so";
> 
> #error_log  logs/error.log;
> #error_log  logs/error.log  notice;
> #error_log  logs/error.log  info;
> #error_log  syslog:server=unix:/dev/log,severity=notice;
> 
> #pid        logs/nginx.pid;
> 
> worker_rlimit_nofile 1024;
> events {
>     worker_connections  800;
> }
> 
> 
> http {
>     client_max_body_size 50m;
>     include       mime.types;
>     default_type  application/octet-stream;
>     index         index.html index.htm;
> 
>     #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
>     #                  '$status $body_bytes_sent "$http_referer" '
>     #                  '"$http_user_agent" "$http_x_forwarded_for"';
> 
>     #access_log  logs/access.log  main;
>     #access_log  syslog:server=unix:/dev/log,severity=notice main;
> 
>     #tcp_nopush     on;
> 
>     #keepalive_timeout  0;
>     keepalive_timeout  65;
> 
>     #gzip  on;
> 
>     server_tokens off;
> 
>     server {
>           listen 80;
>           server_name  mail.somedomain.org;
>           return 301 https://mail.somedomain.org$request_uri;
> 
>     }
> 
>     server {
>     
>               listen       443 ssl ;
>               server_name  mail.somedomain.org;
>               root /var/www/lib/sogo/www/;
>               proxy_http_version 1.1;
> 
>               ssl_certificate 
> /etc/letsencrypt/live/somedomain.org/fullchain.pem;
>               ssl_certificate_key  
> /etc/letsencrypt/live/somedomain.org/privkey.pem;
> 
>               ssl_session_timeout  5m;
>               ssl_session_cache    shared:SSL:1m;
> 
>               ssl_ciphers  HIGH:!aNULL:!MD5:!RC4;
>               ssl_prefer_server_ciphers   on;
> 
>           location = /
>           {
>               rewrite ^ http://$server_name/SOGo;
>               allow all;
>           }
> 
>           # For IOS 7
>           location = /principals/
>           {
>               rewrite ^ http://$server_name/SOGo/dav;
>               allow all;
>           }
> 
>           location = /.well-known/caldav/
>           {
>               rewrite ^ http://$server_name/SOGo/dav;
>           }
> 
>           location = /.well-known/carddav/
>           {
>               rewrite ^ http://$server_name/SOGo/dav;
>               allow all;
>           }
> 
>           location ^~ /SOGo
>           {
>               proxy_pass http://127.0.0.1:20000;
>               proxy_redirect http://127.0.0.1:20000 default;
>               # forward user's IP address
>               proxy_set_header X-Real-IP $remote_addr;
>               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>               proxy_set_header Host $host;
>               proxy_set_header x-webobjects-server-protocol HTTP/1.0;
>               proxy_set_header x-webobjects-remote-host 127.0.0.1;
>               proxy_set_header x-webobjects-server-name $server_name;
>               proxy_set_header x-webobjects-server-url $scheme://$host;
>               proxy_set_header x-webobjects-server-port $server_port;
>               proxy_connect_timeout 90;
>               proxy_send_timeout 90;
>               proxy_read_timeout 90;
>               proxy_buffer_size 256k;
>               proxy_buffers 4 512k;
>               proxy_busy_buffers_size 512k;
>               proxy_temp_file_write_size 512k;
>               client_max_body_size 50m;
>               client_body_buffer_size 128k;
>               break;
>           }
> 
>           location /SOGo.woa/WebServerResources/
>           {
>               alias /var/www/lib/sogo/www/;
>               allow all;
>           }
> 
>           location /SOGo/WebServerResources/
>           {
>               alias /var/www/lib/sogo/www/;
>               allow all;
>           }
> 
>           location ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$
>           {
>               alias /var/www/lib/sogo/$1.SOGo/Resources/$2;
>           }
> 
>           location 
> ^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$
>           {
>               alias /var/www/lib/sogo/$1.SOGo/Resources/$2;
>           }
> 
>     }
> 
> }
> ```
> 
> 
> On Mon Feb  6 10:04:01 2023, Zé Loff wrote:
> > 
> > 
> > On Mon, Feb 06, 2023 at 11:32:47AM +0300, Maksim Rodin wrote:
> > > Hello,
> > > > This looks odd, and I can't check right now, but I don't think it
> > > > matches "/SOGo/..." URLs.  Shouldn't this be "location ~ ^/SOGo"?
> > > > 
> > > I just used the example nginx config from sogo's pkg-readme
> > > and only had to raise some proxy buffer settings because without these 
> > > nginx would
> > > return errors about too big response from the upstream.
> > > With this config Sogo webmail works.
> > > The only problem is its logs.
> > 
> > I found a couple of websites that have the same config as the
> > pkg-readme (and you), but I also found some that have an extra space
> > between "^~" and "/SOGo".  I am inclined to believe that the space
> > _should_ be there.
> > 
> > Without that space, nginx will only match that location block if
> > "^~/SOGo" (sic) is the beginning of the URI.  If you add a space then
> > "^~" becomes a modifier that means 'if the URI matches the following
> > regex, use this block and stop looking for other matches' and "/SOGo"
> > is the regex itself.
> > 
> > So, in summary, I _think_ that there's a space missing between "^~" and
> > "/SOGo" on the pkg-readme (and thus on your config), but I don't have a
> > SOGO instance on which to test.  Is it feasible for you to try adding
> > that space to see if it makes a difference?  Maybe someone else using it
> > can chime in. 
> > 
> > > On Mon Feb  6 07:56:40 2023, Zé Loff wrote:
> > > > On Mon, Feb 06, 2023 at 08:39:04AM +0300, Maksim Rodin wrote:
> > > > > Hello,
> > > > > After taking closer look at sogo I found out that it does not log real
> > > > > ip of the client.
> > > > > I set up the nginx just as it is it pkg-readme:
> > > > > ...
> > > > > location ^~/SOGo
> > > > 
> > > > This looks odd, and I can't check right now, but I don't think it
> > > > matches "/SOGo/..." URLs.  Shouldn't this be "location ~ ^/SOGo"?
> > > > 
> > > > > {
> > > > >     proxy_pass http://127.0.0.1:20000;
> > > > >     proxy_redirect http://127.0.0.1:20000 default;
> > > > >     # forward user's IP address
> > > > >     proxy_set_header X-Real-IP $remote_addr;
> > > > >     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> > > > >     proxy_set_header Host $host;
> > > > >     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
> > > > >     proxy_set_header x-webobjects-remote-host 127.0.0.1;
> > > > >     proxy_set_header x-webobjects-server-name $server_name;
> > > > >     proxy_set_header x-webobjects-server-url $scheme://$host;
> > > > >     proxy_set_header x-webobjects-server-port $server_port;
> > > > > ...
> > > > > 
> > > > > But the only ip I see in sogo.log is 127.0.0.1:
> > > > > ...
> > > > > Feb 06 08:18:52 sogod [5233]: <0x0x1314c787188[SOGoCache]> Cache 
> > > > > cleanup interval set every 300.000000 seconds
> > > > > Feb 06 08:18:52 sogod [5233]: <0x0x1314c787188[SOGoCache]> Using 
> > > > > host(s) 'localhost' as server(s)
> > > > > Feb 06 08:18:52 sogod [5233]: [WARN] 
> > > > > <0x0x13205ef07e8[SOGoWebDAVAclManager]> entry '{DAV:}write' already 
> > > > > exists in DAV permissions table
> > > > > Feb 06 08:18:52 sogod [5233]: [WARN] 
> > > > > <0x0x13205ef07e8[SOGoWebDAVAclManager]> entry 
> > > > > '{DAV:}write-properties' already exists in DAV permissions table
> > > > > Feb 06 08:18:52 sogod [5233]: [WARN] 
> > > > > <0x0x13205ef07e8[SOGoWebDAVAclManager]> entry '{DAV:}write-content' 
> > > > > already exists in DAV permissions table
> > > > > Feb 06 08:18:52 sogod [5233]: 127.0.0.1 "GET 
> > > > > /SOGo/so/[email protected]/Calendar/alarmslist?browserTime=1675660780
> > > > >  HTTP/1.1" 200 63/0 0.721 - - -
> > > > > Feb 06 08:18:53 sogod [39052]: <0x0x1316e725408[NGImap4Client]> TLS 
> > > > > started successfully.
> > > > > Feb 06 08:18:53 sogod [39052]: 127.0.0.1 "POST 
> > > > > /SOGo/so/[email protected]/Mail/0/folderINBOX/changes HTTP/1.1" 200 
> > > > > 21/126 1.279 - - -
> > > > > Feb 06 08:19:07 sogod [39052]: 127.0.0.1 "GET 
> > > > > /SOGo/so/[email protected]/Contacts/view HTTP/1.1" 200 21189/0 0.346 
> > > > > 88239 75% -
> > > > > Feb 06 08:19:08 sogod [39052]: [WARN] 
> > > > > <0x0x131f5640948[SOGoWebDAVAclManager]> entry '{DAV:}write' already 
> > > > > exists in DAV permissions table
> > > > > Feb 06 08:19:08 sogod [39052]: [WARN] 
> > > > > <0x0x131f5640948[SOGoWebDAVAclManager]> entry 
> > > > > '{DAV:}write-properties' already exists in DAV permissions table
> > > > > Feb 06 08:19:08 sogod [39052]: [WARN] 
> > > > > <0x0x131f5640948[SOGoWebDAVAclManager]> entry '{DAV:}write-content' 
> > > > > already exists in DAV permissions table
> > > > > Feb 06 08:19:08 sogod [39052]: 127.0.0.1 "GET 
> > > > > /SOGo/so/[email protected]/Calendar/alarmslist?browserTime=1675660796
> > > > >  HTTP/1.1" 200 63/0 0.022 - - -
> > > > > Feb 06 08:19:08 sogod [39052]: 127.0.0.1 "POST 
> > > > > /SOGo/so/[email protected]/Contacts/645D-63DD1280-5-5CF5F100/view 
> > > > > HTTP/1.1" 200 522/46 0.027 - - -
> > > > > Feb 06 08:19:08 sogod [5233]: <0x0x13173c7b808[NGImap4Client]> TLS 
> > > > > started successfully.
> > > > > Feb 06 08:19:08 sogod [39052]: 127.0.0.1 "GET 
> > > > > /SOGo/so/[email protected]/Contacts/645D-63DD1280-5-5CF5F100/645D-63DD1280-7-5CF5F100.vcf/view
> > > > >  HTTP/1.1" 200 167/0 0.030 - - -
> > > > > Feb 06 08:19:08 sogod [5233]: 127.0.0.1 "POST 
> > > > > /SOGo/so/[email protected]/Mail/0/folderINBOX/changes HTTP/1.1" 200 
> > > > > 21/126 0.342 - - -
> > > > > Feb 06 08:19:17 sogod [5233]: SOGoUserHomePage user 
> > > > > '[email protected]' logged off
> > > > > Feb 06 08:19:17 sogod [5233]: 127.0.0.1 "GET 
> > > > > /SOGo/so/[email protected]/logoff HTTP/1.1" 302 0/0 0.060 - - -
> > > > > Feb 06 08:19:17 sogod [5233]: 127.0.0.1 "GET /SOGo/so/ HTTP/1.1" 200 
> > > > > 12347/0 0.114 45323 72% -
> > > > > ...
> > > > > 
> > > > > Is there something I forgot to set up?
> > > > > 
> > > > > -- 
> > > > > Maksim Rodin
> > > > > 
> > > > 
> > > > -- 
> > > >  
> > > 
> > > -- 
> > > С уважением,
> > > Родин Максим
> > > 
> > 
> > -- 
> >  
> 
> -- 
> С уважением,
> Родин Максим
> 

-- 
 

Reply via email to